Metasploit is the world's most popular platform for developing and testing exploit code. It provides access to hundreds of ready-to-use exploits and post-exploitation tools.
• msfvenom: To create custom payloads (Trojans). • meterpreter: The most powerful payload for total target control.
🗺️ Nmap — Network Scanner
Nmap (Network Mapper) is the most powerful free tool for network scanning, port discovery, and service enumeration used by pentesters worldwide.
📦 Installation
sudo apt update && sudo apt install nmap
⚡ Essential Commands
nmap 192.168.1.1 — Scan single IP
nmap -sV 192.168.1.1 — Detect service versions
nmap -sS -O 192.168.1.1 — Stealth scan + OS detection
nmap -A -T4 192.168.1.0/24 — Aggressive full network scan
nmap -p 1-65535 192.168.1.1 — Scan all ports
nmap --script vuln 192.168.1.1 — Scan for known vulnerabilities
💡 Pro Tips
• Use -T4 for fast scanning and -T1 for slow stealthy scan. • NSE offers 600+ ready scripts for vulnerability research.
🕷️ Burp Suite — Web Proxy & Vulnerability Scanner
Burp Suite is the gold standard for web application security testing. The free Community edition allows intercepting, modifying, and replaying HTTP requests.
📦 Installation
sudo apt install burpsuite
⚡ Core Modules
🔵 Proxy — Intercept & modify requests
🟢 Repeater — Manually replay & modify requests
🟡 Intruder — Automated attacks on forms
🟣 Decoder — Encode/decode data (Base64, URL)
🛠️ Workflow
1. Launch Burp and open Proxy → Intercept. 2. Configure browser proxy: 127.0.0.1:8080. 3. Browse target and send requests to Repeater/Intruder.
🔗 Maltego — OSINT & Digital Investigation
Maltego is a leading OSINT tool for gathering intelligence and analyzing relationships between entities (people, companies, domains, IPs) visually.
📦 Installation
sudo apt install maltego
⚡ Key Entities
🌐 Domain — Subdomains, DNS, MX
👤 Person — Find personal info and social profiles
🖥️ IP Address — Trace locations and infrastructure
🛠️ Workflow
1. Create a new Graph and drag an entity (e.g. Domain). 2. Right-click → Run Transforms. 3. The graph expands discovering new hidden connections.
🌾 TheHarvester — Email & Domain Harvester
TheHarvester is a powerful OSINT tool for gathering emails, subdomains, and IPs from public sources like Google, Bing, and LinkedIn.
📦 Installation
sudo apt install theharvester
⚡ Essential Commands
theHarvester -d example.com -b google — via Google
Wifite is the most effective tool for wireless auditing. It automates attacks on WEP, WPA, WPA2, and WPS using back-end tools like Aircrack-ng, Reaver, Bully, and Hashcat.
sudo wifite --dict /path/to/wordlist — Specify a custom wordlist for cracking
sudo wifite --pow 50 — Ignore networks with power lower than 50db
sudo wifite --mac — Randomize/Spoof your MAC address
sudo wifite -i wlan0mon — Manually specify the interface
sudo wifite --bully — Use Bully instead of Reaver for WPS
sudo wifite --wpa — Target only WPA/WPA2 networks
sudo wifite -c 6 — Scan only on channel 6
sudo wifite --pillage — Crack all handshakes and leave
sudo wifite --infinite — Run indefinitely until stopped
sudo wifite --skip-handshake — Skip networks if no handshake found
sudo wifite --wep — Target only WEP networks
sudo wifite --new-hs — Force new handshake capture
🛠️ Technical Attack Workflow
1. Monitor Mode: Interface is set to monitor mode to capture raw packets.
2. Deauthentication: Clients are kicked off to force a reconnect and capture the 4-way WPA Handshake.
3. PMKID Attack: In modern WPA2, the PMKID is grabbed directly from the AP without requiring active clients.
4. WPS Cracking: WPS PINs are brute-forced (Reaver/Bully) or Pixie-Dust exploited to get the key.
5. Cracking: Once captured, it uses Hashcat or Aircrack-ng to crack the password against a wordlist.
⚠️ Critical Requirement
You MUST use a WiFi adapter that supports Monitor Mode and Packet Injection (e.g. Alfa/TP-Link) on Linux.
Sign in with Google