Penetration testing

Top 18 tools for vulnerability exploitation in Kali Linux

Lester Obbayi
June 7, 2021 by
Lester Obbayi

Once hackers have discovered vulnerabilities on systems and platforms, they can proceed to find ways of taking advantage of these vulnerabilities. This is known as exploiting a vulnerability and it allows the hackers to take advantage of the vulnerable systems. Vulnerability exploitation can happen at various levels. 

Overview of vulnerability exploitation

Exploitation involves using tools including the hundreds found within Kali Linux and code to take advantage of discovered vulnerabilities across different software, systems or applications. The tools involved are numerous, simple to advanced and are normally deployed to attack specific vulnerable services. Since these tools are diverse and can be applicable in a wide scope, we have divided the following sections, to cover the different categories in which these tools can be applied.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Web application exploitation tools

Web applications are some of the most used applications today. They have evolved to become more user-friendly, dynamic, responsive and reliable. The integration of services with web applications also allows them to be used together with mobile applications and databases. This has made these applications to be attractive to hackers, who look for various means to abuse this entire stack. The following are some of the tools that hackers use for vulnerability exploitation.

  1. BurpSuite: This is a web proxy that is found in Kali Linux. It allows you to intercept traffic between your computer and the web server. Using this proxy, you can change the values that are submitted to the web server, sending anything from malicious characters to unexpected entries, to break the web application.  
  2. OWASP ZAP: Another web proxy tool is OWASP ZAP. This is an alternative to BurpSuite and is also found in Kali Linux. It can perform well in environments where BurpSuite cannot. When it comes to choosing a proxy tool, it is a matter of preference.
  3. Commix: This is an exploitation tool that allows you to exploit command injection vulnerabilities that lead you to run operating system level commands by exploiting web application vulnerabilities. It can be downloaded and set up in Kali Linux.
  4. w3af: This tool used to be found in Kali Linux but has been since removed. It scans for vulnerabilities but also lets you exploit discovered vulnerabilities such as operating system command injections, SQL injections, path traversals and more.
  5.  Jexboss: This tool is compatible with Kali Linux. It allows you to exploit misconfigured JBoss servers, allowing you to take full control over the web server that the JBoss server is installed on. If the server is installed as the “root” user in Linux, then you can run commands as this user, effectively letting you do anything on the web server.

There are very many web application exploitation tools; however, the ones mentioned above cover some of the basic areas where web applications are affected the most by security vulnerabilities.

Operating system exploitation tools

The operating system is the core software that manages the entire computer and all the installed software runs on top of this software. It is therefore very important for the operating system to remain secure or else it runs a risk of being exploited by hackers. These hackers can use the following tools to exploit OSes.

  1. Metasploit Framework: This framework of tools comes with Kali Linux. It contains various modules including scanner and exploitation modules. The exploitation module contains thousands of working exploits against operating systems.
  2. Mimikatz: Mimikatz is a powerful tool that comes bundled in Kali Linux with the Metasploit Framework. It allows you to perform various password-based attacks against Windows-based operating systems.
  3. Nmap: The Nmap tool contains various scripts that can be used to attack operating systems. It comes with Kali Linux and allows you to use these scripts to quickly identify the existence of a vulnerability that affects an OS.
  4.  John the Ripper: This is a password-cracking tool that comes with Kali Linux. It can be used to attack the LM, NTLM and other passwords that have been collected from various operating systems. It accepts a password file and proceeds to attempt to crack any passwords that you give it.
  5. Hashcat: This is a more advanced password cracker that comes with Kali Linux and can be configured to use the GPU of your computer in case you have a powerful machine. This password cracker supports hundreds of formats and is one of the most preferred tools for password cracking by hackers today.

The best way to protect your operating system from getting hacked is by ensuring that you are using updated antivirus software, that your firewall is enabled and that you do not download and run any software from untrusted sources such as torrent sites. These can introduce malware such as ransomware that can destroy your files.

Database exploitation tools

Databases are used together with web applications because this is mostly where data and information that is required by users are stored. So, when hackers can attack web applications and gain unauthorized access to the backend database, they can alter the contents of the database to their liking. The following tools allow hackers to exploit databases and you can use them too.

  1. Sqlmap: This is the most popular tool that allows hackers to perform SQL injection attacks against back-end databases. It comes pre-installed in Kali Linux and works by scanning for various payloads and exploiting different injection points that you specify.
  2. DBeaver: This tool can be installed in Kali Linux. It allows you to log into various databases provided you have the credentials to connect to these databases. These credentials can be obtained through other means such as social engineering or phishing attacks. Once logged in, you can alter the contents of the database.
  3. SQL ninja: This tool can be installed in Kali Linux. It works by discovering injection points, however, when specified, it can speed up the exploitation process, allowing you to extract information from the SQL server. 
  4. BSQL Hacker: This tool is designed specifically for exploiting Blind SQL injection vulnerabilities. It is multi-threaded and can be installed in Kali Linux. Multithreading makes it execute faster than most tools. It can exploit Blind SQLi, Time Based SQLi, Deep Blind SQLi and Error based SQLi.
  5. Safe3 SQL Injector: This tool is easy to use and leverages the power of Artificial Intelligence to identify injection points and payloads. Otherwise, many of its capabilities are like the previously discussed database exploitation tools.

Other tools can be installed in Kali Linux and used to exploit SQL injection, including Mole, Havji and Leviathan.

Mobile application exploitation tools

Like databases as seen above, mobile applications are the next thing that interfaces with web applications. It is quite possible to secure your web application and leave your mobile applications insecure. Since hackers know this, they will attempt to attack the database from the mobile applications in case the web application vectors fail. 

The following are some of the tools that hackers commonly use and you can also practice with them.

  1. Frida: Frida is a dynamic instrumentation toolkit that you can install in Kali Linux. It allows you to perform dynamic analysis of a mobile application as it runs. You can change components of the mobile application straight from memory and even alter input, allowing you to perform functions that were not otherwise possible. It allows you to write your scripts, is cross-platform and is free.
  2. MobSF: This is an automatic code analyzer that is compatible with Kali Linux. It scans the code and provides a report with vulnerable points within the mobile app that you can exploit.
  3. Runtime Mobile Security: RMS is another tool that allows you to manipulate android and iOS applications at runtime. It allows you to dump loaded classes and relative methods, hook everything, trace method arguments and return values, load custom scripts and perform many other things.

Become a Certified Ethical Hacker, guaranteed!

Become a Certified Ethical Hacker, guaranteed!

Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.

Understanding exploitation tools 

The exploitation tools above are used in diverse environments and circumstances. It takes the skill, patience and knowledge of a seasoned hacker to know when it is right to use which tool. However, since most of these tools are open-source, people with basic knowledge of Linux commands and how operating systems and networks operate can run these tools against any system. 

To avoid falling into trouble, we highly encourage you to only run the tools above within a controlled environment such as virtual machines and only practice against vulnerable machines such as webgoat, Damn Vulnerable Web Application (DVWA) and Buggy Web Application (BWAPP).

 

Sources: 

14 best open-source web application vulnerability scanners, Pavitra Shankdhar

Best Free and Open Source SQL Injection Tools, Pavitra Shankdhar

List of BEST SQLi TOOLS, Arslan Aslam

A world-class dynamic instrumentation framework, oleavr

Runtime-Mobile-Security: Runtime Mobile Security (RMS), m0bilesecurity

Lester Obbayi
Lester Obbayi

Lester Obbayi is a Cyber Security Consultant with one of the largest Cyber Security Companies in East and Central Africa. He has a deep interest in Cyber Security and spends most of his free time doing freelance Penetration Tests and Vulnerability Assessments for numerous organizations.