Running nmap via golang

Hi. Another post about golang ;)

I was developing a small source code in golang to automate the use of nmap , based on these examples:

https://github.com/mmcgrana/gobyexample/blob/master/examples/spawning-processes/spawning-processes.go
https://gobyexample.com/spawning-processes

But it was not succeed until I developed it and it worked :

[root@localhost golang]# vim go-nmap.go

// Mauro Risonho de Paula Assumpção aka firebits
// mauro.risonho@gmail.com
// example os/exec nmap
// 24.07.2015 15:04:23
// fedora 22 x86-64
// go version go1.4.2 linux/amd64
// go build

package main

import “syscall”
import “os”
import “os/exec”

func main() {

// For our example we’ll exec `ls`. Go requires an
// absolute path to the binary we want to execute, so
// we’ll use `exec.LookPath` to find it (probably
// `/bin/nmap`).

binary, lookErr := exec.LookPath(“/usr/bin/nmap”)
if lookErr != nil {
panic(lookErr)
}

// `Exec` requires arguments in slice form (as
// apposed to one big string). We’ll give `ls` a few
// common arguments. Note that the first argument should
// be the program name.
// args := []string{“nmap”, “-A”, “-O”, “127.0.0.1”}
args := []string{“nmap”, “-A”, “127.0.0.1”}

// `Exec` also needs a set of [environment variables](environment-variables)
// to use. Here we just provide our current
// environment.
env := os.Environ()

// Here’s the actual `syscall.Exec` call. If this call is
// successful, the execution of our process will end
// here and be replaced by the `/bin/ls -a -l -h`
// process. If there is an error we’ll get a return
// value.
execErr := syscall.Exec(binary, args, env)
if execErr != nil {
panic(execErr)
}
}

I installed a vm with Fedora 22 x86_64 and CUPS server and did a spot scanning in localhost 127.0.0.1

[root@localhost golang]# go build go-nmap.go
[root@localhost golang]# ./go-nmap

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-24 15:06 BRT
Nmap scan report for localhost.localdomain (127.0.0.1)
Host is up (0.00015s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
631/tcp open ipp CUPS 2.0
| http-methods: Potentially risky methods: PUT
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-robots.txt: 1 disallowed entry
|_/
|_http-title: Home – CUPS 2.0.3
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 – 3.15
Network Distance: 0 hops

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.06 seconds

So it works!

@firebitsbr

April 2nd, 2015 – OpenVAS-8 released: Charts, Quality of Detection and PostgreSQL-Support –

http://www.openvas.org/news_archive.html

Following the annual release cycle, the new generation of OpenVAS [1] has been released. The new version of the open framework for vulnerability scanning and management, OpenVAS-8, introduces a comprehensively extended and improved feature set. Advances and improvements were achieved in virtually all areas.

Highlights of this new release are the chart module for a variety of graphical representation, the Quality of Detection (QoD) concept and the optional support of PostgreSQL as database backend. Major advances were also achieved for the access control management: more roles, group admins and super-admin to name just a few. Notable as well is the introduction of the optional multi-scanner support via the new protocol OSP (OpenVAS Scanner Protocol) for which a growing number of servers is expected for the future. Last but not least, the OpenVAS Scanner now requires less ressources and uses redis[2] for the inter-process communication.

All in all OpenVAS-8 ships 28 new and improved features, accompanied with countless smaller changes. The systematic improvements and reliable release of one major update every twelve months once again underlines the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [3] develops and uses OpenVAS as a base for its appliance product family for vulnerability scanning and management. Together with the company SecPod [4] and the growing community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [5] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework.

Vulnerability Management:

Access Control:
The access control features were comprehensively extended.
Roles can now be dynamically configured.
New default roles “Monitor”, “Guest” and “Super Admin”.
New Permissions “Super” that allows for example to define an administrator for a group.
Results are now an explicit part of the scan management.
The new section “Results” under menu “Scan Management” offers an object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
Solution Type:
NVTs are now associated with a solution type like for example “VendorFix”. This allows to group or identify NVTs or results where for example a simple solution exists or no solution is currently available.
The Feed content is updated over time to add a solution type for all of the NVTs. At the time of writing, 3.6% of the NVTs own a Solution Type.
Quality of Detection (QoD):
The QoD is a value between 0% and 100% describing the reliability of the executed vulnerability detection or product detection.
One of the main reasons to introduce this concept was to handle the challenge of potential vulnerabilities properly. The goal was to keep such in the results database but only visible on demand.
While the QoD range allows to express the quality pretty refined, in fact most of the test routines use a standard methodology. Therefore the QoD Types were introduced of which each is associated with a QoD value.
The Feed content is updated over time to add a QoD for all NVTs. Any NVT not explicitly assigned will apply 75% and therefore visible by default in order to not change the default behavior compared to OpenVAS-7. However, meanwhile any NVTs formerly requiring the “paranoid” setting in the scan configuration is now reporting always but stay invisible in the database until the user decides to view results with a lower quality of detection.
At the time of writing, 2.7% of the NVTs own a QoD Type.
New SecInfo object type “CERT-Bund” introduced: These are advisories published by the German federal CERT.
Vulnerability Scanning:

Credentials:
The public key of SSH credentials is not required anymore because it is extracted from the private key.
Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With OpenVAS-7 the scanner immediately stopped activity and did not return so far collected host details. With OpenVAS-8 this is now transferred to the the database.
Dropped support for pausing of tasks entirely (was removed from GUI before, now removed from OMP level).
OpenVAS Scanning Protocol (OSP):
This new protocol allows to control a vulnerability scanner. The main elements are to set parameters, start a scan and retrieve results. OSP is designed in the same way as OMP, therefore it is a non-permanent request-response connection based on XML.
It is possible to configure and control OSP-compliant Scanner via the user interface.
OpenVAS-8 offers some pilot OSP scanners in order to provide examples for this technology. Users and developers are encouraged to wrap more vulnerability scanner with OSP and provide feedback on missing features in the OSP protocol.
The OpenVAS Scanner itself is still OTP-based and the integration with OpenVAS Manager works like before with the slight difference that it is now possible to define more than one OpenVAS Scanner to be controlled by OpenVAS Manager.
This new concepts introduces various changes in the user interface but defaults are set to keep the same behavior as in OpenVAS-7 if user decides not to deal with OSP. In other words: OSP is entirely optional.
Graphical User Interface:

Dynamic charts are introduced, using the Javascript library “d3″. The first chart types (bar, donut, bubbles, line) are used for the SecInfo section in order to demonstrate some of the capabilities.
The chart objects allow to download the data as CSV table or SVG graphics. Also, a HTML table can be opened and some of the charts are interactive.
The underlying data aggregation technology is generically integrated into the protocol OMP. This allows to add more charts during the lifecycle of the OpenVAS release because no API changes are required.
For the SecInfo Management, a first dashboard is integrated which assembles four of the charts and can be configured individually.
The charting feature is entirely optional: Without enabling Javascript support in the browser no core functionality is lost. Also, the chart view can be collapsed so that only the traditional table view is shown.
Bulk actions are introduced. For example this allows to remove or download many objects within a single action.
The powerfilter was simplified to carry only the essential filter elements. The standard ones are displayed below and of course it is possible to apply any of them in the text entry field.
Timezones:
The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up-to OpenVAS-7, a second session always invalidated the previous one regardless of which browser is used.
For any web interface page, the duration of the backend operation will be shown at the bottom.
The filenames for downloads can now be configured via “My Settings”.
New wizard for modifying a task.
Protocols:

OMP now in version 6.0
The new OSP for controlling arbitrary scanners is at version 1.0.
The OTP protocol was further reduced. It is not recommended to use it to communicate with the OpenVAS Scanner because it will eventually be dropped in favor of OSP. For the time being OMP should be used to control a OpenVAS Scanner.
Architecture:

redis (mandatory):
The OpenVAS Scanner now uses a redis backend to share the knwoledge base among the scanning processes.
PostgreSQL (optional):
OpenVAS Manager now allows to use PostgreSQL as an alternative for the file-based SQLite. Everything should work, but this new database backend has seen little testing so far.
The OpenVAS development team is prepared to fix any issues promptly as it is desired to make this database eventually the new default backend.
openvas-smb (optional):
The new module “openvas-smb” is used for WMI support. This is the former externally maintained wmi client library. Since it was actually not maintained anymore, the module was cut down to the essentials and furnished with a “cmake” build environment.
OSP (optional):
For the new OSP, a base module “OSPd” written in Python is made available. The actual wrappers for vulnerability scanners are collected as “osp-scanners” and the name of the modules is prefixed with “OSPd-“. “OSPd” is a mandatory requirement for each OSP scanner module.
All sample OSP scanners are writtin in Python. Currently the C-library API only supports OSP client functionality, not server functionality.
The memory consumption of the OpenVAS Scanner was reduced by about 50%.
References:

[1] OpenVAS: http://www.openvas.org/
[2] redis: http://redis.io/
[3] Greenbone: http://www.greenbone.net/
[4] SecPod: http://www.secpod.com/
[5] BSI: https://www.bsi.bund.de//

@firebitsbr

HowTo- Instalando OpenVAS8 + Debian 8 + Redis

Olá.

Segue mais um HowTo- Instalando OpenVAS8 + Debian 8 + Redis by @firebitsbr ;)

No caso é só fazer download de um debian 8 x64 bits – netinstall e depois criar um shell script (*.sh) após a instalação total do Debian (maquina fisica ou virtual) e executá-lo:

chmod -x 755 openvas8_debian.sh

Abaixo, o openvas8_debian.sh (completo):

#!/bin/bash
#OpenVAS 8 Installer Debian 8
#Mauro Risonho de Paula Assumpção aka firebits
#download do debian 8 x64 bits
#http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.0.0-amd64-netinst.iso

# Passo 1 – pacotes requeridos para instalação
apt-get install -y build-essential devscripts dpatch libassuan-dev libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev libgpgme11-dev libpcre3-dev libpth-dev quilt cmake pkg-config libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32 texlive-full rpm alien nsis

# Passo 2 – Copiar arquivo de config para backup, setar unixsocket e subir o database redis
cp /etc/redis/redis.conf /etc/redis/redis.orig
echo “unixsocket /tmp/redis.sock” >> /etc/redis/redis.conf
service redis-server restart

# Passo 3 – Criar pasta openvas8 e download dos sources codes
mkdir openvas8
cd openvas8/

wget –no-check-certificate https://wald.intevation.org/frs/download.php/2015/openvas-libraries-8.0.1.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/2016/openvas-scanner-5.0.1.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/2017/openvas-manager-6.0.1.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/2018/greenbone-security-assistant-6.0.1.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/1987/openvas-cli-1.4.0.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/1975/openvas-smb-1.0.1.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/1999/ospd-1.0.0.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/2005/ospd-ancor-1.0.0.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/2003/ospd-ovaldi-1.0.0.tar.gz
wget –no-check-certificate https://wald.intevation.org/frs/download.php/2004/ospd-w3af-1.0.0.tar.gz

# Passo 4 – Extrair em lote os sources codes compactados
find | grep “.tar.gz$” | xargs -i tar zxvfp ‘{}’

# Passo 5 – Compilação de cada pacote de source codes – OBS: Sempre nesta ordem ou haverá quebra de compilação.
cd openvas-smb*
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd ../../

cd openvas-libraries-*
mkdir build
cd build
cmake ..
make
make doc-full
make install
cd ../../

cd openvas-scanner-*
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd ../../

cd openvas-manager-*
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd ../../

cd openvas-cli-*
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd ../../

cd greenbone-security-assistant-*
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd ../../

# Recarregar as bibliotecas
ldconfig

# Criar CA para o client
openvas-mkcert
openvas-mkcert-client -n -i

# Criar usuario admin / anote a senha hash a ser criada, pois sera usada posteriormente
openvasmd –create-user=admin –role=Admin && openvasmd –user=admin –new-password=1

# Criar shell script para atualização de plugins, scap e informações do cert.
echo ‘#!/bin/bash’ > /usr/local/sbin/openvas-update
echo ‘/usr/local/sbin/openvas-nvt-sync’ >> /usr/local/sbin/openvas-update
echo ‘/usr/local/sbin/openvas-scapdata-sync’ >> /usr/local/sbin/openvas-update
echo ‘/usr/local/sbin/openvas-certdata-sync’ >> /usr/local/sbin/openvas-update
chmod +x /usr/local/sbin/openvas-update

# Criar shell script para inicialização dos daemons. OBS: Sempre nesta ordem, senão não carrega corretamente.
echo ‘#!/bin/bash’ > /usr/local/sbin/openvas-start
echo ‘/usr/local/sbin/openvasmd –rebuild’ >> /usr/local/sbin/openvas-start
echo ‘/usr/local/sbin/openvasmd’ >> /usr/local/sbin/openvas-start
echo ‘/usr/local/sbin/openvassd’ >> /usr/local/sbin/openvas-start
echo ‘/usr/local/sbin/gsad’ >> /usr/local/sbin/openvas-start
chmod +x /usr/local/sbin/openvas-start

# Criar shell script para matar dos daemons, caso seja necessario reiniciar todos os daemons corretamente . OBS: Sempre nesta ordem, senão não carrega corretamente.
echo ‘#!/bin/bash’ > /usr/local/sbin/openvas-kill
echo “ps aux | egrep \”(openvas.d|gsad)\” | awk ‘{print \$2}’ | xargs -i kill ‘{}'” >> /usr/local/sbin/openvas-kill
chmod +x /usr/local/sbin/openvas-kill

# Criar shell script para inicializar os daemons logo após a inicialização do SO, mediante rc.local . OBS: Sempre nesta ordem, senão não carrega corretamente.
rclocal=`cat /etc/rc.local | grep -v “exit 0″ | grep -v “openvas”`
echo “$rclocal” > /etc/rc.local
echo “date >> /var/log/openvas_init” >> /etc/rc.local
echo “echo ‘openvas init started’ >> /var/log/openvas_init” >> /etc/rc.local
echo “/usr/local/sbin/openvas-kill >> /var/log/openvas_init || /bin/true” >> /etc/rc.local
echo “/usr/local/sbin/openvas-start >> /var/log/openvas_init || /bin/true” >> /etc/rc.local
echo “echo ‘openvas init finished’ >> /var/log/openvas_init” >> /etc/rc.local
echo “exit 0″ >> /etc/rc.local

# Scripts acima, ja no formato de shellscript sendo validados e carregados
/usr/local/sbin/openvas-kill
/usr/local/sbin/openvas-update
/usr/local/sbin/openvas-start

# Verificando se a instalação foi feita corretamente para OpenVAS8
wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup –no-check-certificate
chmod 0755 openvas-check-setup
./openvas-check-setup –v8 –server

Por enquanto, só testei em Debian 8 x64 bits, mas acho que pode funcionar em Ubuntu e derivados e com um pouco de adaptação em outros linux (Redhat, Fedora, Slackware e outros).

Ultimamente está bem corrido, meu dia-a-dia, mas poste nos comentários do meu blog, qualquer dúvida, se houver e com um pouco de tempo, eu retorno.

Espero ter ajudado!;)

@firebitsbr

Kali tools

Links

http://docs.kali.org/
Customizing Kali

https://github.com/offensive-security/kali-linux-recipes
Add Kali repositories to Debian or LMDE

This section explains how to add Kali repositories to Debian or LMDE and pin them.
All repackaged or new packages made in kali have “kali” in their version number (unless they are in the kali-bleeding-edge)
See also http://docs.kali.org/kali-policy/kali-linux-relationship-with-debian

Install their key:

gpg –keyserver pgpkeys.mit.edu –recv-key ED444FF07D8D0BF6
gpg -a –export ED444FF07D8D0BF6 | sudo apt-key add –
/etc/apt/sources.list.d/kali.list:

deb http://http.kali.org/kali kali main non-free contrib
deb-src http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main
deb-src http://repo.kali.org/kali kali-bleeding-edge main
# apt-get update
$ apt-cache policy
[…]
500 http://repo.kali.org/kali/ kali-bleeding-edge/main amd64 Packages
release o=Kali,n=kali-bleeding-edge,c=main
500 http://security.kali.org/kali-security/ kali/updates/main amd64 Packages
release o=Kali,n=kali,c=main
500 http://http.kali.org/kali/ kali/main amd64 Packages
release o=Kali,a=stable,n=kali,c=main
/etc/apt/preferences.d/kali-package-repositories.pref :

Package: *
Pin: release n=kali
Pin-Priority: 350

Package: *
Pin: release n=kali-bleeding-edge
Pin-Priority: 300
Then

apt-get update
And to use Kali repo e.g.:

apt-get install apktool
apt-get install libfreefare-bin/kali
Installing software

SDR-related

Security-related

Lists

See http://www.kali.org/news/kali-linux-metapackages/

kali-linux

apt-cache search kali-linux|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-all – Kali Linux – all packages
kali-linux-forensic – Kali Linux forensic tools
kali-linux-full – Kali Linux complete system
kali-linux-gpu – Kali Linux GPU tools
kali-linux-pwtools – Kali Linux password cracking tools
kali-linux-rfid – Kali Linux RFID tools
kali-linux-sdr – Kali Linux SDR tools
kali-linux-top10 – Kali Linux Top 10 tools
kali-linux-voip – Kali Linux VoIP tools
kali-linux-web – Kali Linux webapp assessment tools
kali-linux-wireless – Kali Linux wireless tools
kali-linux-all

apt-cache depends kali-linux-all|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux-forensic – Kali Linux forensic tools
kali-linux-full – Kali Linux complete system
kali-linux-gpu – Kali Linux GPU tools
kali-linux-pwtools – Kali Linux password cracking tools
kali-linux-rfid – Kali Linux RFID tools
kali-linux-sdr – Kali Linux SDR tools
kali-linux-top10 – Kali Linux Top 10 tools
kali-linux-voip – Kali Linux VoIP tools
kali-linux-web – Kali Linux webapp assessment tools
kali-linux-wireless – Kali Linux wireless tools
android-sdk – Android software development kit
backdoor-factory – Patch win32/64 binaries with shellcode
bing-ip2hosts – Enumerate hostnames for an IP using bing.com
device-pharmer – Search Shodan results and test credentials
doona – Network fuzzer forked from bed
freeradius – high-performance and highly configurable RADIUS server
hackersh – Shell-like wrapper of various security tools
htshells – Self contained htaccess shells and attacks
ismtp – SMTP user enumeration and testing tool
linux-exploit-suggester – Script to keep track of vulnerabilities and suggest possible exploits
masscan – Asynchronous TCP port scanner
sandi – Exploit search engine
shellnoob – Shellcode writing toolkit
teamsploit – Tools for group based penetration testing
veil-evasion – Generate payloads that bypass antivirus solutions
veil-catapult – Payload delivery tool that integrates with veil-evasion
kali-linux-top10

apt-cache depends kali-linux-top10|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
aircrack-ng – wireless WEP/WPA cracking utilities
burpsuite – platform for security testing of web applications
hydra – very fast network logon cracker
john – active password cracking tool
maltego – Open source intelligence and forensics application
maltego-teeth – Set of offensive Maltego transforms
metasploit – Penetration testing and exploit development tool with web-based interface
metasploit-framework – Framework for exploit development and vulnerability research
nmap – The Network Mapper
zaproxy – Testing tool for finding vulnerabilities in web applications.
sqlmap – automatic SQL injection tool
wireshark – network traffic analyzer – GTK+ version
kali-linux-forensic

apt-cache depends kali-linux-forensic|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
afflib-tools – support for Advanced Forensics format (utilities)
apktool – A tool for reverse engineering Android apk files
autopsy – graphical interface to SleuthKit
bulk-extractor – Extracts information without parsing filesystem
cabextract – Microsoft Cabinet file unpacker
capstone – Multi-platform, multi-architecture disassembly framework
chkrootkit – rootkit detector
creddump – Extracts credentials from Windows registry hives
cuckoo – Automated malware analysis system
dc3dd – patched version of GNU dd with forensic features
dcfldd – enhanced version of dd for forensics and security
ddrescue – Copies data from one file or block device to another.
dff – Powerful, efficient and modular digital forensic framework
dissy – graphical frontend for objdump
distorm3 – Powerful Disassembler Library For x86/AMD64
dumpzilla – Mozilla browser forensic tool
edb-debugger – Linux equivalent of OllyDbg
ewf-tools – collection of tools for reading and writing EWF files
exiv2 – EXIF/IPTC metadata manipulation tool
extundelete – utility to recover deleted files from ext3/ext4 partition
fcrackzip – password cracker for zip archives
firmware-mod-kit – Deconstruct and reconstruct firmware images
flasm – assembler and disassembler for Flash (SWF) bytecode
foremost – forensic program to recover lost files
galleta – An Internet Explorer cookie forensic analysis tool
gdb – GNU Debugger
gparted – GNOME partition editor
guymager – Forensic imaging tool based on Qt
inetsim – Software suite for simulating common internet services
iphone-backup-analyzer – iPhone backup decoder and analyzer
jad – Java decompiler
javasnoop – Intercept Java applications locally
libewf1 – library with support for Expert Witness Compression Format
libhivex-bin – utilities for reading and writing Windows Registry hives
lvm2 – Linux Logical Volume Manager
lynis – security auditing tool for Unix based systems
magicrescue – recovers files by looking for magic bytes
md5deep – Recursively compute hashsums or piecewise hashings
mdbtools – JET / MS Access database (MDB) tools
memdump – utility to dump memory contents to standard output
missidentify – a program to find win32 applications
nasm – General-purpose x86 assembler
ollydbg – 32-bit assembler level analysing debugger
p7zip-full – 7z and 7za file archivers with high compression ratio
parted – disk partition manipulator
pasco – An Internet Explorer cache forensic analysis tool
pdfid – Scans PDF files for certain PDF keywords
pdf-parser – Parses PDF files to identify fundamental elements
pdgmail – Extracts gmail artifacts from a pd dump
peepdf – PDF analysis tool
pev – text-based tool to analyze PE files
polenum – Extracts the password policy from a Windows system
radare2 – free and advanced command line hexadecimal editor
rdd – a forensic copy program
readpst – Converts Outlook PST files to mbox and others
recoverjpeg – tool to recover JPEG images from a filesystem image
reglookup – utility to read and query Windows NT/2000/XP registry
regripper – Windows registry forensics tool
rifiuti – A MS Windows recycle bin analysis tool
rifiuti2 – A MS Windows recycle bin analysis tool
safecopy – Copy utility ignoring errors
samdump2 – Dump Windows 2k/NT/XP password hashes
scalpel – A Frugal, High Performance File Carver
scrounge-ntfs – Data recovery program for NTFS filesystems
sleuthkit – collection of tools for forensics analysis on volume and file system data
smali – Assembler/disassembler for Android’s dex format
sqlitebrowser – GUI editor for SQLite databases
tcpdump – command-line network traffic analyzer
tcpflow – TCP flow recorder
tcpick – TCP stream sniffer and connection tracker
tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds
truecrack – Bruteforce password cracker for TrueCrypt volumes.
truecrypt – Cross-platform on-the-fly encryption
unrar – Unarchiver for .rar files (non-free version)
upx-ucl – efficient live-compressor for executables
vinetto – A forensics tool to examine Thumbs.db files
volafox – Memory analyzer for Mac OS X & BSD
volatility – advanced memory forensics framework
wce – Windows Credentials Editor
wireshark – network traffic analyzer – GTK+ version
xplico – Network Forensic Analysis Tool (NFAT)
kali-linux-gpu

apt-cache depends kali-linux-gpu|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
oclhashcat – GPU password cracker
pyrit – GPGPU-driven WPA/WPA2-PSK key cracker
multiforcer – GPU accelerated password cracking tool
oclgausscrack – Cracks verification hashes of the Gauss Virus
truecrack – Bruteforce password cracker for TrueCrypt volumes.
kali-linux-pwtools

apt-cache depends kali-linux-pwtools|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-gpu – Kali Linux GPU tools
chntpw – NT SAM password recovery utility
cmospwd – decrypt BIOS passwords from CMOS
crunch – Password wordlist generator
dbpwaudit – Does online password audits of DB engines
fcrackzip – password cracker for zip archives
findmyhash – Crack hashes with online services
gpp-decrypt – Group Policy Preferences decrypter
hash-identifier – Tool to identify hash types
hashcat – World’s fastest CPU-based password recovery tool
hashcat-utils – Set of small utilities for advanced password cracking
hydra – very fast network logon cracker
hydra-gtk – very fast network logon cracker – GTK+ based GUI
john – active password cracking tool
johnny – GUI for John the Ripper
keimpx – Check for valid credentials across a network over SMB
maskprocessor – High-performance word generator
medusa – fast, parallel, modular, login brute-forcer for network services
mimikatz – Uses admin rights on Windows to display passwords in plaintext
ncrack – High-speed network authentication cracking tool
ophcrack – Microsoft Windows password cracker using rainbow tables (gui)
ophcrack-cli – Microsoft Windows password cracker using rainbow tables (cmdline)
pack – Password analysis and cracking kit
passing-the-hash – Patched tools to use password hashes as authentication input
patator – Multi-purpose brute-forcer
phrasendrescher – Passphrase cracking tool
pipal – Statistical analysis on password dumps
polenum – Extracts the password policy from a Windows system
rainbowcrack – Rainbow table password cracker
rcracki-mt – Version of rcrack that supports hybrid and indexed tables
rsmangler – Wordlist mangling tool
samdump2 – Dump Windows 2k/NT/XP password hashes
seclists – Collection of multiple types of security lists
sipcrack – SIP login dumper/cracker
sipvicious – Tools for auditing SIP based VoIP systems
sqldict – Dictionary attack tool for SQL Server
statsprocessor – High-performance word-generator
sucrack – multithreaded su bruteforcer
thc-pptp-bruter – THC PPTP Brute Force
truecrack – Bruteforce password cracker for TrueCrypt volumes.
twofi – Twitter words of interest
wce – Windows Credentials Editor
wordlists – Contains the rockyou wordlist
kali-linux-rfid

apt-cache depends kali-linux-rfid|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
libfreefare-bin – MIFARE card manipulations binaries
libnfc-bin – Near Field Communication (NFC) binaries
mfcuk – MFCUK – MiFare Classic Universal toolKit
mfoc – MIFARE Classic offline cracker
mfterm – Terminal for working with Mifare Classic 1-4k Tags
python-rfidiot – Python library to explore RFID devices
kali-linux-sdr

apt-cache depends kali-linux-sdr|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
gnuradio – GNU Radio Software Radio Toolkit
chirp – Configuration tool for amateur radios
hackrf-tools – Hardware driver and tools for HackRF Jawbreaker
kalibrate-rtl – Calculate local oscillator frequency offset using GSM base stations
rtlsdr-scanner – Python frequency scanning GUI for the OsmoSDR rtl-sdr library
gr-scan – Scans a range of frequencies and prints a list of discovered signals
gqrx – Software defined radio receiver powered by GNU Radio
multimon-ng – Digital radio transmission decoder
uhd-host – universal hardware driver for Ettus Research products
uhd-images – Various UHD Images
libgnuradio-grextras – Advanced GNU Radio Blocks
libgnuradio-baz – gnuradio new functionality blocks
libgnuradio-osmosdr – GNU Radio osmosdr block
libgnuradio-osmosdr-apps – GNU Radio osmosdr applications
libgnuradio-iqbalance – I/Q balancing block
kali-linux-voip

apt-cache depends kali-linux-voip|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
ace-voip – A simple VoIP corporate directory enumeration tool
dnmap – Distributed nmap framework
enumiax – IAX protocol username enumerator
iaxflood – VoIP flooder tool
inviteflood – SIP/SDP INVITE message flooding over UDP/IP
libfindrtp – Library required by multiple VoIP tools
nmap – The Network Mapper
ohrwurm – RTP fuzzer
pjproject – A multimedia communication library for SIP
protos-sip – SIP test suite
rtpbreak – Detects, reconstructs, and analyzes RTP sessions
rtpflood – Tool to flood any RTP device
rtpinsertsound – Inserts audio into a specified stream
rtpmixsound – Mixes pre-recorded audio in real-time
sctpscan – SCTP network scanner for discovery and security
siparmyknife – SIP fuzzing tool
sipcrack – SIP login dumper/cracker
sipp – Traffic generator for the SIP protocol
sipvicious – Tools for auditing SIP based VoIP systems
voiphopper – Runs a VLAN hop security test
wireshark – network traffic analyzer – GTK+ version
kali-linux-web

apt-cache depends kali-linux-web|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
apache2 – Apache HTTP Server
apache2-mpm-event – transitional event MPM package for apache2
apache2-mpm-itk – transitional itk MPM package for apache2
apache2-mpm-prefork – transitional prefork MPM package for apache2
apache2-mpm-worker – transitional worker MPM package for apache2
apache-users – Enumerate usernames on systems with Apache UserDir module
arachni – Web Application Security Scanner Framework
automater – A IP and URL analysis tool.
bbqsql – SQL Injection Exploitation Tool
beef-xss – Browser Exploitation Framework (BeEF)
blindelephant – A generic web application fingerprinter
burpsuite – platform for security testing of web applications
cadaver – command-line WebDAV client
clusterd – Application server attack toolkit
cookie-cadger – Cookie auditing tool for wired and wireless networks
cutycapt – utility to capture WebKit’s rendering of a web page
davtest – Testing tool for WebDAV servers
dbpwaudit – Does online password audits of DB engines
dirb – URL bruteforcing tool
dirbuster – Web server directory brute-forcer
dnmap – Distributed nmap framework
dotdotpwn – DotDotPwn – The Directory Traversal Fuzzer.
eyewitness – Rapid web application triage tool
fimap – LFI and RFI exploitation tool
ftester – The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.
funkload – web testing tool
golismero – Web application mapper
grabber – Web application vulnerability scanner
hamster-sidejack – Sidejacking tool
hexorbase – Multiple database management and audit application
http-tunnel – Tunneling software to tunnel through restrictive HTTP proxies
httprint – Web server fingerprinting tool
hydra – very fast network logon cracker
hydra-gtk – very fast network logon cracker – GTK+ based GUI
ikat – Interactive Kiosk Attack Tool
inundator – Multi-threaded IDS false positive generator
jboss-autopwn – JBoss script for obtaining remote shell access
jd-gui – GUI Java .class decompiler
joomscan – OWASP Joomla Vulnerability Scanner Project
jsql – Java tool for automatic database injection
laudanum – Collection of injectable web files
lbd – Load balancer detector
maltego – Open source intelligence and forensics application
maltego-teeth – Set of offensive Maltego transforms
medusa – fast, parallel, modular, login brute-forcer for network services
mitmproxy – SSL-capable man-in-the-middle HTTP proxy
mysql-server – MySQL database server (metapackage depending on the latest version)
ncrack – High-speed network authentication cracking tool
nikto – web server security scanner
nmap – The Network Mapper
oscanner – Oracle assessment framework
owasp-mantra-ff – Web application security testing framework built on top of Firefox
padbuster – Script for performing Padding Oracle attacks
paros – Web application proxy
patator – Multi-purpose brute-forcer
php5 – server-side, HTML-embedded scripting language (metapackage)
php5-mysql – MySQL module for php5
plecost – WordPress fingerprinting tool
powerfuzzer – Highly automated and fully customizable web fuzzer
proxychains – proxy chains – redirect connections through proxy servers
proxystrike – Active web application proxy
proxytunnel – Create tcp tunnels trough HTTPS proxies, for using with SSH
ratproxy – passive web application security assessment tool
recon-ng – Web Reconnaissance framework written in Python
redsocks – arbitrary TCP connection redirector to a SOCKS or HTTPS proxy server
sidguesser – Guesses sids against an Oracle database
siege – HTTP regression testing and benchmarking utility
skipfish – fully automated, active web application security reconnaissance tool
sqldict – Dictionary attack tool for SQL Server
sqlitebrowser – GUI editor for SQLite databases
sqlmap – automatic SQL injection tool
sqlninja – SQL server injection and takeover tool
sqlsus – MySQL injection tool
sslcaudit – Tests SSL/TLS clients susceptibility to MITM attacks
ssldump – An SSLv3/TLS network protocol analyzer
sslh – ssl/ssh multiplexer
sslscan – Fast SSL scanner
sslsniff – SSL/TLS man-in-the-middle attack tool
sslstrip – SSL/TLS man-in-the-middle attack tool
sslsplit – Transparent and scalable SSL/TLS interception
sslyze – Fast and full-featured SSL scanner
stunnel4 – Universal SSL tunnel for network daemons
thc-ssl-dos – Stress tester for the SSL handshake
tlssled – Evaluates the security of a target SSL/TLS (HTTPS) server
tnscmd10g – Tool to prod the oracle tnslsnr process
ua-tester – User agent string tester
uniscan – LFI, RFI, and RCE vulnerability scanner
vega – Platform to test the security of web applications
waffit – WAF auditing tool
wapiti – web application vulnerability scanner
webacoo – Web backdoor cookie script kit
webhandler – Bash simulator to control a server using PHP system functions
webscarab – Web application review tool
webshag – Multi-threaded web server audit tool
webshells – Collection of webshells
webslayer – Web application bruteforcer
websploit – Web exploitation framework
weevely – Stealth tiny web shell
wfuzz – Web application bruteforcer
whatweb – Next generation web scanner
wireshark – network traffic analyzer – GTK+ version
wpscan – Black box WordPress vulnerability scanner
xsser – XSS testing framework
zaproxy – Testing tool for finding vulnerabilities in web applications.
kali-linux-wireless

apt-cache depends kali-linux-wireless|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-sdr – Kali Linux SDR tools
aircrack-ng – wireless WEP/WPA cracking utilities
pyrit – GPGPU-driven WPA/WPA2-PSK key cracker
asleap – A tool for exploiting Cisco LEAP networks
bluelog – Bluetooth scanner and logger
bluemaho – GUI interface for testing Bluetooth devices
bluepot – Bluetooth honeypot
blueranger – Simple Bash script to locate Bluetooth devices
bluesnarfer – A Bluesnarfing Utility
bluez – Bluetooth tools and daemons
bluez-hcidump – Analyses Bluetooth HCI packets
btscanner – ncurses-based scanner for Bluetooth devices
bully – Bully is a new implementation of the WPS brute force attack, written in C.
cowpatty – Brute-force WPA dictionary attack
crackle – Crack and decrypt BLE encryption
eapmd5pass – Tool for extracting and cracking EAP-MD5
fern-wifi-cracker – Automated wifi cracker
giskismet – Wireless recon visualization tool
iw – tool for configuring Linux wireless devices
killerbee – Framwork for ZigBee exploitation
kismet – wireless sniffer and monitor – core
libfreefare-bin – MIFARE card manipulations binaries
libnfc-bin – Near Field Communication (NFC) binaries
macchanger – utility for manipulating the MAC address of network interfaces
mdk3 – Wireless attack tool for IEEE 802.11 networks
mfcuk – MFCUK – MiFare Classic Universal toolKit
mfoc – MIFARE Classic offline cracker
mfterm – Terminal for working with Mifare Classic 1-4k Tags
oclhashcat – GPU password cracker
python-rfidiot – Python library to explore RFID devices
reaver – brute force attack tool against Wifi Protected Setup PIN number
redfang – Locates non-discoverable bluetooth devices
rfcat – The swiss army knife of sub-GHz radio.
rfkill – tool for enabling and disabling wireless devices
sakis3g – Tool for establishing 3G connections
spectools – Utilities for using the Wi-Spy USB spectrum analyzer hardware
spooftooph – Automates spoofing or cloning Bluetooth devices
ubertooth – An open source 2.4 GHz wireless development platform.
wifi-honey – Wi-Fi honeypot
wifitap – WiFi injection via a tun/tap device
wifite – Python script to automate wireless auditing using aircrack-ng tools
wireshark – network traffic analyzer – GTK+ version
kali-linux-full

Does not overlap completely the other lists, but still contains things not available in the other lists…

apt-cache depends kali-linux-full|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-sdr – Kali Linux SDR tools
0trace – A traceroute tool that can run within an existing TCP connection.
acccheck – Password dictionary attack tool for SMB
ace-voip – A simple VoIP corporate directory enumeration tool
afflib-tools – support for Advanced Forensics format (utilities)
aircrack-ng – wireless WEP/WPA cracking utilities
amap – next-generation scanning tool for pentesters
apache-users – Enumerate usernames on systems with Apache UserDir module
apktool – A tool for reverse engineering Android apk files
arduino – AVR development board IDE and built-in libraries
arping – sends IP and/or ARP pings (to the MAC address)
arpwatch – Ethernet/FDDI station activity monitor
arp-scan – arp scanning and fingerprinting tool
asleap – A tool for exploiting Cisco LEAP networks
automater – A IP and URL analysis tool.
autopsy – graphical interface to SleuthKit
bbqsql – SQL Injection Exploitation Tool
bed – A network protocol fuzzer
beef-xss – Browser Exploitation Framework (BeEF)
binwalk – tool for searching binary images for embedded files and executable code
blindelephant – A generic web application fingerprinter
bluelog – Bluetooth scanner and logger
bluemaho – GUI interface for testing Bluetooth devices
bluepot – Bluetooth honeypot
blueranger – Simple Bash script to locate Bluetooth devices
bluesnarfer – A Bluesnarfing Utility
bluez – Bluetooth tools and daemons
bluez-hcidump – Analyses Bluetooth HCI packets
braa – Mass SNMP scanner
btscanner – ncurses-based scanner for Bluetooth devices
bully – Bully is a new implementation of the WPS brute force attack, written in C.
bulk-extractor – Extracts information without parsing filesystem
burpsuite – platform for security testing of web applications
cabextract – Microsoft Cabinet file unpacker
cadaver – command-line WebDAV client
casefile – Offline intelligence tool
cdpsnarf – Network sniffer to extract CDP information
cewl – Custom wordlist generator
cgpt – GPT manipulation tool with support for Chromium OS extensions
chirp – Configuration tool for amateur radios
chkrootkit – rootkit detector
chntpw – NT SAM password recovery utility
cisco-auditing-tool – Scans Cisco routers for vulnerabilities
cisco-global-exploiter – Simple and fast Cisco exploitation tool
cisco-ocs – Mass Cisco scanner
cisco-torch – Cisco device scanner
clang – C, C++ and Objective-C compiler (LLVM based)
cmospwd – decrypt BIOS passwords from CMOS
copy-router-config – Copies Cisco configs via SNMP
cowpatty – Brute-force WPA dictionary attack
creddump – Extracts credentials from Windows registry hives
creepy – geolocation information aggregator
cryptsetup – disk encryption support – startup scripts
crunch – Password wordlist generator
cryptcat – A lightweight version netcat extended with twofish encryption
curlftpfs – filesystem to access FTP hosts based on FUSE and cURL
cutycapt – utility to capture WebKit’s rendering of a web page
cymothoa – Stealth backdooring tool
darkstat – network traffic analyzer
davtest – Testing tool for WebDAV servers
dbd – Netcat clone with encryption
dbpwaudit – Does online password audits of DB engines
dc3dd – patched version of GNU dd with forensic features
dcfldd – enhanced version of dd for forensics and security
ddrescue – Copies data from one file or block device to another.
deblaze – Performs testing against flash remoting endpoints
dex2jar – Tools to work with android .dex and java .class files
dff – Powerful, efficient and modular digital forensic framework
dhcpig – DHCP exhaustion script
dirb – URL bruteforcing tool
dirbuster – Web server directory brute-forcer
dissy – graphical frontend for objdump
dmitry – Deepmagic Information Gathering Tool
dnmap – Distributed nmap framework
dns2tcp – TCP over DNS tunnel client and server
dnschef – DNS proxy for penetration testers
dnsenum – Tool to enumerate domain DNS information
dnsmap – DNS domain name brute forcing tool
dnsrecon – A powerful DNS enumeration script
dnstracer – trace DNS queries to the source
dnswalk – Checks dns zone information using nameserver lookups
dos2unix – convert text file line endings between CRLF and LF
dotdotpwn – DotDotPwn – The Directory Traversal Fuzzer.
dradis – Collaboration tools for penetration testing
driftnet – picks out and displays images from network traffic
dsniff – Various tools to sniff network traffic for cleartext insecurities
dumpzilla – Mozilla browser forensic tool
eapmd5pass – Tool for extracting and cracking EAP-MD5
edb-debugger – Linux equivalent of OllyDbg
enum4linux – Enumerates info from Windows and Samba systems
enumiax – IAX protocol username enumerator
ethtool – display or change Ethernet device settings
ettercap-graphical – Ettercap GUI-enabled executable
ewf-tools – collection of tools for reading and writing EWF files
exiv2 – EXIF/IPTC metadata manipulation tool
exploitdb – Searchable Exploit Database archive
extundelete – utility to recover deleted files from ext3/ext4 partition
fcrackzip – password cracker for zip archives
fern-wifi-cracker – Automated wifi cracker
fierce – Domain DNS scanner
fiked – Cisco VPN attack tool
fimap – LFI and RFI exploitation tool
findmyhash – Crack hashes with online services
flasm – assembler and disassembler for Flash (SWF) bytecode
foremost – forensic program to recover lost files
fping – sends ICMP ECHO_REQUEST packets to network hosts
fragroute – Test a NIDS by attempting to evade using fragmented packets
fragrouter – IDS evasion toolkit
framework2 – Metasploit Framework 2
ftester – The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.
funkload – web testing tool
galleta – An Internet Explorer cookie forensic analysis tool
gdb – GNU Debugger
ghost-phisher – GUI suite for phishing and penetration attacks
giskismet – Wireless recon visualization tool
golismero – Web application mapper
goofile – Command line filetype search
gpp-decrypt – Group Policy Preferences decrypter
grabber – Web application vulnerability scanner
guymager – Forensic imaging tool based on Qt
hackrf-tools – Hardware driver and tools for HackRF Jawbreaker
hamster-sidejack – Sidejacking tool
hash-identifier – Tool to identify hash types
hashcat – World’s fastest CPU-based password recovery tool
hashcat-utils – Set of small utilities for advanced password cracking
hexinject – Versatile packet injector and sniffer
hexorbase – Multiple database management and audit application
hotpatch – Hot patches Linux executables with .so file injection
hping3 – Active Network Smashing Tool
hydra – very fast network logon cracker
hydra-gtk – very fast network logon cracker – GTK+ based GUI
i2c-tools – heterogeneous set of I2C tools for Linux
iaxflood – VoIP flooder tool
ifenslave – configure network interfaces for parallel routing (bonding)
ifenslave-2.6 – Attach and detach slave interfaces to a bonding device
ikat – Interactive Kiosk Attack Tool
ike-scan – discover and fingerprint IKE hosts (IPsec VPN Servers)
inetsim – Software suite for simulating common internet services
intersect – Post-exploitation framework
intrace – Traceroute-like application piggybacking on existing TCP connections
inundator – Multi-threaded IDS false positive generator
inviteflood – SIP/SDP INVITE message flooding over UDP/IP
iodine – tool for tunneling IPv4 data through a DNS server
irpas – Internetwork Routing Protocol Attack Suite
isr-evilgrade – Evilgrade framework
jad – Java decompiler
javasnoop – Intercept Java applications locally
jboss-autopwn – JBoss script for obtaining remote shell access
john – active password cracking tool
johnny – GUI for John the Ripper
joomscan – OWASP Joomla Vulnerability Scanner Project
jsql – Java tool for automatic database injection
keepnote – cross-platform note-taking and organization application
keimpx – Check for valid credentials across a network over SMB
killerbee – Framwork for ZigBee exploitation
kismet – wireless sniffer and monitor – core
laudanum – Collection of injectable web files
lbd – Load balancer detector
leafpad – GTK+ based simple text editor
libcrafter – Library to generate and sniff network packets
libewf1 – library with support for Expert Witness Compression Format
libfindrtp – Library required by multiple VoIP tools
libfreefare-bin – MIFARE card manipulations binaries
libhivex-bin – utilities for reading and writing Windows Registry hives
libnfc-bin – Near Field Communication (NFC) binaries
lynis – security auditing tool for Unix based systems
macchanger – utility for manipulating the MAC address of network interfaces
magicrescue – recovers files by looking for magic bytes
magictree – Penetration tester productivity tool
maltego – Open source intelligence and forensics application
maltego-teeth – Set of offensive Maltego transforms
maskprocessor – High-performance word generator
mc – Midnight Commander – a powerful file manager
md5deep – Recursively compute hashsums or piecewise hashings
mdbtools – JET / MS Access database (MDB) tools
mdk3 – Wireless attack tool for IEEE 802.11 networks
medusa – fast, parallel, modular, login brute-forcer for network services
memdump – utility to dump memory contents to standard output
metagoofil – Tool designed for extracting metadata of public documents
metasploit – Penetration testing and exploit development tool with web-based interface
metasploit-framework – Framework for exploit development and vulnerability research
armitage – Cyber attack management for Metasploit
mfcuk – MFCUK – MiFare Classic Universal toolKit
mfoc – MIFARE Classic offline cracker
mfterm – Terminal for working with Mifare Classic 1-4k Tags
mimikatz – Uses admin rights on Windows to display passwords in plaintext
minicom – friendly menu driven serial communication program
miranda – UPNP administration tool
miredo – Teredo IPv6 tunneling through NATs
missidentify – a program to find win32 applications
mitmproxy – SSL-capable man-in-the-middle HTTP proxy
multiforcer – GPU accelerated password cracking tool
multimac – Create multiple MACs on an adapter
nasm – General-purpose x86 assembler
nbtscan – A program for scanning networks for NetBIOS name information
ncat-w32 – Netcat for the 21st century
ncrack – High-speed network authentication cracking tool
ncurses-hexedit – Edit files/disks in hex, ASCII and EBCDIC
netdiscover – active/passive network address scanner using arp requests
netmask – helps determine network masks
netsed – network packet-altering stream editor
netsniff-ng – packet sniffing beast
netwag – graphical frontend for netwox
nfspy – ID-spoofing NFS client
ngrep – grep for network traffic
nikto – web server security scanner
nipper-ng – Device security configuration review tool
nmap – The Network Mapper
ohrwurm – RTP fuzzer
ollydbg – 32-bit assembler level analysing debugger
onesixtyone – fast and simple SNMP scanner
openvas – Openvas dummy package.
ophcrack – Microsoft Windows password cracker using rainbow tables (gui)
ophcrack-cli – Microsoft Windows password cracker using rainbow tables (cmdline)
oscanner – Oracle assessment framework
p0f – Passive OS fingerprinting tool
pack – Password analysis and cracking kit
padbuster – Script for performing Padding Oracle attacks
paros – Web application proxy
pasco – An Internet Explorer cache forensic analysis tool
passing-the-hash – Patched tools to use password hashes as authentication input
patator – Multi-purpose brute-forcer
pdfid – Scans PDF files for certain PDF keywords
pdf-parser – Parses PDF files to identify fundamental elements
pdgmail – Extracts gmail artifacts from a pd dump
peepdf – PDF analysis tool
perl-cisco-copyconfig – Provides methods for manipulating Cisco devices
pev – text-based tool to analyze PE files
phrasendrescher – Passphrase cracking tool
pipal – Statistical analysis on password dumps
pjproject – A multimedia communication library for SIP
plecost – WordPress fingerprinting tool
polenum – Extracts the password policy from a Windows system
powerfuzzer – Highly automated and fully customizable web fuzzer
powersploit – PowerShell Post-Exploitation Framework
protos-sip – SIP test suite
proxychains – proxy chains – redirect connections through proxy servers
proxystrike – Active web application proxy
proxytunnel – Create tcp tunnels trough HTTPS proxies, for using with SSH
ptunnel – Tunnel TCP connections over ICMP packets
pwnat – NAT to NAT client-server communication
pyrit – GPGPU-driven WPA/WPA2-PSK key cracker
python-impacket – Python module to easily build and dissect network protocols
python-impacket-doc – Python module to easily build and dissect network protocols
python-rfidiot – Python library to explore RFID devices
python-scapy – Packet generator/sniffer and network scanner/discovery
rainbowcrack – Rainbow table password cracker
radare2 – free and advanced command line hexadecimal editor
rake – ruby make-like utility
ratproxy – passive web application security assessment tool
rcracki-mt – Version of rcrack that supports hybrid and indexed tables
rdd – a forensic copy program
readpst – Converts Outlook PST files to mbox and others
reaver – brute force attack tool against Wifi Protected Setup PIN number
rebind – DNS rebinding tool
recon-ng – Web Reconnaissance framework written in Python
recordmydesktop – Captures audio-video data of a Linux desktop session
recoverjpeg – tool to recover JPEG images from a filesystem image
redfang – Locates non-discoverable bluetooth devices
redsocks – arbitrary TCP connection redirector to a SOCKS or HTTPS proxy server
reglookup – utility to read and query Windows NT/2000/XP registry
regripper – Windows registry forensics tool
responder – NBT-NS/LLMNR Responder
rifiuti – A MS Windows recycle bin analysis tool
rifiuti2 – A MS Windows recycle bin analysis tool
rsmangler – Wordlist mangling tool
rtpbreak – Detects, reconstructs, and analyzes RTP sessions
rtpflood – Tool to flood any RTP device
rtpinsertsound – Inserts audio into a specified stream
rtpmixsound – Mixes pre-recorded audio in real-time
safecopy – Copy utility ignoring errors
sakis3g – Tool for establishing 3G connections
samdump2 – Dump Windows 2k/NT/XP password hashes
sbd – Secure backdoor for linux and windows
scalpel – A Frugal, High Performance File Carver
scrounge-ntfs – Data recovery program for NTFS filesystems
sctpscan – SCTP network scanner for discovery and security
sendemail – lightweight, command line SMTP email client
set – Social-Engineer Toolkit
sfuzz – Black Box testing utilities
sidguesser – Guesses sids against an Oracle database
siege – HTTP regression testing and benchmarking utility
siparmyknife – SIP fuzzing tool
sipcrack – SIP login dumper/cracker
sipp – Traffic generator for the SIP protocol
sipvicious – Tools for auditing SIP based VoIP systems
skipfish – fully automated, active web application security reconnaissance tool
sleuthkit – collection of tools for forensics analysis on volume and file system data
smali – Assembler/disassembler for Android’s dex format
smtp-user-enum – Username guessing tool primarily for the SMTP service.
sniffjoke – Transparent TCP connection scrambler
snmpcheck – SNMP service enumeration tool
socat – multipurpose relay for bidirectional data transfer
spectools – Utilities for using the Wi-Spy USB spectrum analyzer hardware
spidermonkey-bin – standalone JavaScript/ECMAScript (ECMA-262) interpreter
spike – Network protocol fuzzer
spooftooph – Automates spoofing or cloning Bluetooth devices
sqldict – Dictionary attack tool for SQL Server
sqlitebrowser – GUI editor for SQLite databases
sqlmap – automatic SQL injection tool
sqlninja – SQL server injection and takeover tool
sqlsus – MySQL injection tool
sslcaudit – Tests SSL/TLS clients susceptibility to MITM attacks
ssldump – An SSLv3/TLS network protocol analyzer
sslh – ssl/ssh multiplexer
sslscan – Fast SSL scanner
sslsniff – SSL/TLS man-in-the-middle attack tool
sslstrip – SSL/TLS man-in-the-middle attack tool
sslsplit – Transparent and scalable SSL/TLS interception
sslyze – Fast and full-featured SSL scanner
statsprocessor – High-performance word-generator
stunnel4 – Universal SSL tunnel for network daemons
suckless-tools – simple commands for minimalistic window managers
sucrack – multithreaded su bruteforcer
swaks – SMTP command-line test tool
t50 – Multi-protocol packet injector tool
tcpflow – TCP flow recorder
tcpick – TCP stream sniffer and connection tracker
tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds
termineter – Smart meter testing framework
tftpd32 – Open source ipv6-ready TFTP server for Windows
thc-ipv6 – The Hacker Choice’s IPv6 Attack Toolkit
thc-pptp-bruter – THC PPTP Brute Force
thc-ssl-dos – Stress tester for the SSL handshake
theharvester – theHarvester is a tool for gathering e-mail accounts and subdomain names from public sources.
tlssled – Evaluates the security of a target SSL/TLS (HTTPS) server
tnscmd10g – Tool to prod the oracle tnslsnr process
truecrack – Bruteforce password cracker for TrueCrypt volumes.
truecrypt – Cross-platform on-the-fly encryption
twofi – Twitter words of interest
u3-pwn – Injects executables onto U3 USB devices
ua-tester – User agent string tester
udptunnel – tunnel UDP packets over a TCP connection
unetbootin – installer of Linux/BSD distributions to a partition or USB drive
uniscan – LFI, RFI, and RCE vulnerability scanner
unicornscan – Userland distributed TCP/IP stack
unix-privesc-check – Script to check for simple privilege escalation vectors
urlcrazy – Domain typo generator
vboot-kernel-utils – Chrome OS verified boot utils required to sign kernels
vboot-utils – Chrome OS verified boot utils
vega – Platform to test the security of web applications
vim-gtk – Vi IMproved – enhanced vi editor – with GTK2 GUI
vinetto – A forensics tool to examine Thumbs.db files
vlan – user mode programs to enable VLANs on your ethernet devices
voiphopper – Runs a VLAN hop security test
volafox – Memory analyzer for Mac OS X & BSD
volatility – advanced memory forensics framework
vpnc – Cisco-compatible VPN client
w3af – framework to find and exploit web application vulnerabilities
waffit – WAF auditing tool
wapiti – web application vulnerability scanner
wce – Windows Credentials Editor
webacoo – Web backdoor cookie script kit
webscarab – Web application review tool
webshag – Multi-threaded web server audit tool
webshells – Collection of webshells
webslayer – Web application bruteforcer
websploit – Web exploitation framework
weevely – Stealth tiny web shell
winexe – Remote Windows-command executor
wfuzz – Web application bruteforcer
whatweb – Next generation web scanner
wifi-honey – Wi-Fi honeypot
wifitap – WiFi injection via a tun/tap device
wifite – Python script to automate wireless auditing using aircrack-ng tools
windows-binaries – Various pentesting Windows binaries
wireshark – network traffic analyzer – GTK+ version
wol-e – Wake on LAN Explorer
wordlists – Contains the rockyou wordlist
wpscan – Black box WordPress vulnerability scanner
wvdial – intelligent Point-to-Point Protocol dialer
xpdf – Portable Document Format (PDF) reader
xprobe – Remote OS identification
xspy – X server sniffer
xsser – XSS testing framework
xtightvncviewer – virtual network computing client software for X
yersinia – Network vulnerabilities check software
zaproxy – Testing tool for finding vulnerabilities in web applications.
zenmap – The Network Mapper Front End
zim – graphical text editor based on wiki technologies

 

@firebitsbr