Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards.

Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database.

Metasploit

Metasploit is a most famous, well prepared and recognised course in the ethical hacking of expert which is very useful for the Computer Security Projects, Exploit Development, Penetration Testing and IDS Signature Development. Most of the Vulnerabilities and Exploits are in the Metasploit Framework.

Metasploit is a tool for computer security projects which is used for exploit development, penetration testing and IDS Signature development. This framework is mainly used for developing and executing exploit code against a remote target machine. Its started life is open source project and it created by H.D.Moore in 2003 as a portable network tool using perl. In 2007 the metasploit framework has been completely rewritten in ruby.

Nessus

Nessus is supported by a variety of platforms including Windows 7 and 8, Mac OS X, and popular Linux distros like Debian, Ubuntu, Kali Linux etc. This top free hacking tool of 2016 works with the help of a client-server framework. Developed by Tenable Network Security, the tool is one of the most popular vulnerability scanners we have. Nessus serves different purposes to different types of users – Nessus Home, Nessus Professional, Nessus Manager and Nessus Cloud.

Using Nessus, one can scan multiple types of vulnerabilities that include remote access flaw detection, misconfiguration alert, denial of services against TCP/IP stack, preparation of PCI DSS audits, malware detection, sensitive data searches etc. To launch a dictionary attack, Nessus can also call a popular tool Hydra externally.

Apart from the above mentioned basic functionalities, Nessus could be used to scan multiple networks on IPv4, IPv6 and hybrid networks. You can set scheduled scan to run at your chosen time and re-scan all or a subsection of previously scanned hosts using selective host re-scanning.

NMAP

Nmap is available for all major platforms including Windows, Linux, and OS X. I think everyone has heard of this one, Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to Nmap rapidly scan large networks, although it works fine against single hosts.Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use,and dozens of other characteristics. It may be used to discover computers and services on a computer network, thus creating a “map” of the network.Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results.

OWASP ZED ATTACK PROXY

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security. ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually. Understanding and being able to master this tool would also be advantageous to your career as a penetration tester.

MALTEGO

Maltego hacking tool is available for Windows, Mac, and Linux. Maltego is an open source forensics platform that offers rigorous mining and information gathering to paint a picture of cyber threats around you. Maltego excels in showing the complexity and severity of points of failure in your infrastructure and the surrounding environment.

Maltego is a great hacker tool that analyzes the real world links between people, companies, websites, domains, DNS names, IP addresses, documents and whatnot. Based on Java, this tool runs in an easy-to-use graphical interface with lost customization options while scanning.

BURP SUITE

Burp Suite is relatively like Maltego in that it has a bunch of assets and uses all designed to help the penetration tester or ethical hacker. Two commonly used applications used within this tool include the ‘Burp Suite Spider’ which can enumerate and map out the various pages and parameters of a web site by examining cookies and initiates connections with these web applications, and the ‘Intruder’ which performs automated attacks on web applications. This is a ‘must-learn’ tool if you work within cybersecurity and are tasked with penetrating applications used within an organization.

ACUNETIX

Acunetix is available for Windows XP and higher. Acunetix is a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal. This multi-threaded tool crawls a website and finds out malicious Cross-site Scripting, SQL injection, and other vulnerabilities. This fast and easy to use tool scans WordPress websites form more than 1200 vulnerabilities in WordPress.

Acunetix comes with a Login Sequence Recorder that allows one to access the password protected areas of websites. The new AcuSensor technology used in this tool allows you to reduce the false positive rate. Such features have made Acunetix WVS a preferred hacking tools that you need to check out in 2016.

NETSPARKER

Netsparker is the only False positive free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.

Netsparker offers full support for AJAX and JavaScript-based applications, so you can rely on comprehensive security scanning, regardless of your choice of technology.

Netsparker’s Post Exploitation feature takes automated exploitation to the next level, revealing additional insight into your security infrastructure that no other automated testing product can match.

And with Integrated Exploitation you can manually exploit identified vulnerabilities directly from within Netsparker, enabling you to see the real impact of an attack just by clicking a button.

BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

BeEF uses browser vulnerabilities to gain control of the target computer system. BeEF provides an API that we can use to write our own module to attack the target web browser. Therefore the BeEF provides the API that abstracts the complexity and makes possible the quick and effective creation of modules.

We can use BeEF to host a malicious web site, which is then visited by the victim. The BeEF is used to send commands that will be executed on the web browser of the victim computer. The victim users will be added as zombies to the BeEF framework. When the attacker logs into to the BeEF server, he can then execute the modules against the specified victim user. An attacker can execute any module or write his own module, which enables him to execute an arbitrary command against the victim zombie.

Among all the actions that we can execute against the hooked target web browser are also the following actions: key logger, port scanner, browser exploitation tool, web proxy, etc.