- by x32x01 ||
This guide highlights the essential offensive tools used on Linux for penetration testing, red-team exercises, and vulnerability research. These utilities help you discover weaknesses so defenders can fix them - always use them legally and with written permission.
Quick Nmap example:
Basic usage:
Capture example:
Example (hashcat):
Example:
(For Burp Pro and other commercial tools, download from official vendors.)
Recon & discovery: Nmap, Masscan, Amass 🔎
- Nmap - host discovery, port scanning, service/version detection, NSE scripts.
- Masscan - super-fast port discovery for large IP ranges; follow up with Nmap.
- Amass - domain and subdomain enumeration, useful for mapping an organization’s external attack surface.
Quick Nmap example:
Code:
sudo nmap -sS -sV -p 1-1000 -T4 target.example.comWeb testing: Burp Suite, OWASP ZAP, Nikto 🕸️
- Burp Suite - intercepting proxy, repeater, intruder, and scanner (Community/Pro).
- OWASP ZAP - open-source proxy/scanner for automated and manual web testing.
- Nikto - fast web server scanner for common misconfigurations and exposures.
Exploitation & post-exploit: Metasploit 🧰
- Metasploit Framework - modular exploit framework for testing known vulnerabilities, delivering payloads in controlled labs, and performing post-exploitation tasks. Use it to learn exploitation mechanics responsibly.
msfconsoleDatabase & injection tools: sqlmap 🗄️
- sqlmap - automated detection and exploitation of SQL injection flaws. Great for demonstrating risk and impact, never run against live production targets without permission.
Basic usage:
Code:
sqlmap -u "http://target/vuln.php?id=1" --batchNetwork analysis: Wireshark & tcpdump 🧾
- tcpdump - fast, command-line packet capture.
- Wireshark - GUI analysis for deep protocol inspection and troubleshooting.
Capture example:
Code:
sudo tcpdump -i eth0 -w capture.pcap
wireshark capture.pcapWireless testing: Aircrack-ng suite 📶
- Tools: airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.
- Use them in controlled environments to assess Wi-Fi security (WPA/WPA2). Do not test networks you don’t own.
Password auditing: Hashcat & John the Ripper 🔐
- Hashcat - GPU-accelerated password cracking for auditing password strength.
- John the Ripper - flexible CPU/GPU cracking and format support.
Example (hashcat):
Code:
hashcat -m 0 hashes.txt /usr/share/wordlists/rockyou.txtPacket & proxy tools: Netcat & Socat 🔗
- Netcat (nc) - banner grabs, simple listeners, and quick TCP/UDP checks.
- Socat - advanced data piping and port forwarding. Handy for building test harnesses and tunnels.
Example:
Code:
nc -lvp 4444Vulnerability scanning & management: OpenVAS / GVM 🔍
- OpenVAS / GVM - full-featured open-source vulnerability scanner with reporting, useful for baseline scans and continuous assessment.
Recon helpers: Subfinder, Sublist3r, dnsenum 🧭
- Subfinder / Sublist3r - fast subdomain discovery.
- dnsenum - enumerate DNS records and zone info.
These tools expand your target list during reconnaissance phases.
Safe lab tips & ethics 🛡️
- Always get written authorization (scope, IPs, time window).
- Practice on VMs, CTFs, or platforms like TryHackMe, Hack The Box, and VulnHub.
- Use disposable environments (VM snapshots) and never leak data from clients.
- Keep tools updated and isolate tests from production networks.
Quick install (Kali/Debian) 🛠️
Code:
sudo apt update
sudo apt install -y nmap masscan metasploit-framework sqlmap wireshark tcpdump hashcat aircrack-ng nikto amassFinal thoughts - offense to improve defense 🚀
Offensive Linux tools are powerful allies for security teams when used responsibly. They reveal gaps, validate defenses, and help teams fix issues before real attackers exploit them. Last edited: