After this lesson, you will be able to: Know the major categories of Kali tools and the specific tools used throughout this track, so you can reach for the right one for reconnaissance, scanning, exploitation, password attacks, web testing, network attacks, and post-exploitation.
Kali ships hundreds of tools; you need a mental map, not memorization. This lesson gives one orientation per category with the specific tools the Cybersecurity track uses, so you know what each is for and where it fits in an engagement.
Reconnaissance gathers information about a target before touching it. Nmap maps hosts and ports. Maltego visualizes relationships between domains, people, and infrastructure (OSINT). theHarvester collects emails, subdomains, and hosts from public sources. Recon-ng is a framework for structured OSINT collection. Recon is where every engagement starts: you cannot attack what you have not mapped.
After recon, you enumerate services in depth. The Nmap Scripting Engine (NSE) runs scripts to detect versions and known issues. Gobuster and feroxbuster brute-force web directories and files to find hidden endpoints. enum4linux enumerates SMB shares, users, and groups on Windows/Samba hosts. Enumeration turns 'a port is open' into 'here is exactly what is running and how to approach it.'
Exploitation turns a vulnerability into access. The Metasploit Framework is the standard: a database of exploits and payloads with a consistent workflow. searchsploit searches the offline copy of Exploit-DB for known exploit code matching a service and version. These are used against the deliberately vulnerable targets in this track, never against systems you do not own.
Password tools: Hydra (online network login attacks), hashcat and John the Ripper (offline hash cracking), and crunch (custom wordlist generation). Web application testing: Burp Suite (the industry-standard intercepting proxy, with its own subtrack on BiTree), OWASP ZAP (the free alternative), and SQLmap (automated SQL injection). These map directly to the Password Attacks and Application Security work.
Network attacks: Wireshark (traffic analysis), Bettercap (modern MITM), hping3 (custom packet crafting and floods), aircrack-ng (Wi-Fi), and arpspoof (ARP poisoning). Post-exploitation (after you have access): Meterpreter (Metasploit's powerful post-exploitation payload), linpeas/winpeas (privilege-escalation enumeration on Linux/Windows), and BloodHound (mapping Active Directory attack paths). This is the toolkit the rest of the track draws on.
Pick one.
Reaching for Metasploit before doing recon and enumeration (you exploit what you found, not what you guessed). Treating the tool as the skill instead of the methodology. Forgetting searchsploit's offline Exploit-DB exists. Running noisy scans in a real engagement without authorization scope. Memorizing every tool instead of knowing the category and looking up flags. Using tools against anything outside your lab.
Sign in and purchase access to unlock this lesson.