Penetration testing

Kali Linux overview: 14 uses for digital forensics and pentesting

Howard Poston
June 29, 2021 by
Howard Poston

Kali Linux is an operating system designed and built for penetration testing. It is a Linux variant that incorporates a curated list of built-in penetration testing tools. Approximately 600 tools are built into the Kali Linux OS.

Earn two pentesting certifications at once!

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

Kali Linux tool categories

Kali Linux provides a wide variety of different tools to support digital forensics and penetration testing exercises. Within Kali Linux, these tools are organized into 14 different categories:

  1. Information gathering: Kali Linux’s information-gathering tools are used for early-stage reconnaissance about a target. They make it easy to access public sources of information (such as DNS) and to perform scans of the target environment.
  2. Vulnerability analysis: vulnerability analysis tools are used to identify exploitable vulnerabilities within public-facing applications. This category includes scanners, fuzzers and other tools designed to interact with commonly exploitable services like SQL.
  3. Web application analysis: web applications are a common target for cybercriminals due to their accessibility, vulnerability and access to sensitive data. These tools are designed to explore a website and test it for exploitable vulnerabilities and connections to potentially exploitable systems like database servers.
  4. Database assessment: databases are a primary target for cyberattacks because of the rich troves of valuable data they contain. Database assessment tools in Kali Linux test for SQL injection vulnerabilities, configuration errors and other potential attack vectors.
  5. Password attacks: passwords are a commonly-used method for user authentication, but poor password practices make these systems vulnerable to exploitation. The password-focused tools in Kali Linux are largely focused on password cracking, but some also provide support for phishing and other attacks.
  6. Wireless attacks: the use of wireless networks for business purposes is common, but outdated hardware and configuration errors can leave these networks vulnerable to attack. Kali Linux includes a variety of different tools designed to exploit vulnerabilities in outdated wireless protocols and to perform password cracking on traffic collected from more up-to-date wireless networks.
  7. Reverse engineering: reverse engineering allows penetration testers and other attackers to find sensitive data, vulnerabilities and other information embedded within an application. Kali Linux includes multiple different tools to support both static and dynamic analysis methodologies.
  8. Exploitation tools: use of the reconnaissance and vulnerability analysis tools mentioned above may reveal the presence of an exploitable vulnerability within an organization’s systems. The exploitation tools included in this section provide the capabilities that an attacker needs to take advantage of these vulnerabilities and gain access to the target environment.
  9. Sniffing and spoofing: an organization’s network data can be a treasure trove of data to an attacker, including information about the systems that are on the network, what they do, and how users interact with the network. Kali Linux’s sniffing and spoofing tools enable an attacker to extract valuable data.
  10. Post-exploitation: after gaining access to a target system, an attacker or penetration tester may need to take certain actions to achieve their goals. The post-exploitation tools in Kali Linux are designed to help with maintaining access, privilege escalation, command and control and similar activities.
  11. Forensics: digital forensics extracts information from a target system, whether in response to a cybersecurity incident or as part of a cyberattack. The tools in this category aid in the collection of forensic artifacts from a target system.
  12. Reporting tools: in a penetration testing engagement, effective reporting is essential to ensuring that the customer learns and extracts value from the exercise. The reporting tools built into Kali Linux make it easier to collect and organize information throughout a penetration test and to document the process and final results of the test.
  13. Social engineering tools: social engineering attacks are designed to exploit the human by tricking or coercing them to take actions on the attacker’s behalf. The social engineering tools built into Kali Linux support the collection of data on targets and the creation of phishing emails and other social engineering content.
  14. System services: the system services tools on Kali Linux are generally not offensive in nature. Instead, they include services that may be useful when performing a penetration test, such as SSH and MySQL, or that support other Kali Linux tools, such as the Metasploit service.

While these categories define strict uses and boundaries, the tools themselves may be less clearly labeled. For example, Wireshark, a network traffic analysis tool, is listed as both an information gathering and sniffing and spoofing tool because its network monitoring capabilities are useful for both purposes.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Getting started with Kali Linux

With so many built-in tools, Kali Linux may seem a bit overwhelming. However, most tools are focused on a specific goal, meaning that you might have only a few to pick between for any particular task. A good way to get started is to explore some of the top tools from each category and gain some familiarity with how they work and what they can do.



Top 25 Best Kali Linux Tools, Linux Hint

Kali Linux Tools Listing, Kali Linux

Kali Linux Tool Categories, O’Reilly

Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at or via his website at