Skip to content
top commands kali linux

Best Command Line Tools in Kali for CTF

Published by tomkraz on 19 April 2022

As this blog is mostly focused on Capture the Flag tutorials, I decided to do a write up the best command line tools in Kali Linux for CTF Challenges. Due to this I not cover the normal stuff, like Metasploit or Aircrack-ng.

With the exception of Firefox you will not find any GUI tools on this list.

What is CTF?

CTF stands for Capture The Flag”. It’s a CyberSecurity Competition that challenges contestants to solve a variety of tasks ranging from using Open Source Intelligence for tracking down hidden information across the internet, to programming exercises, cracking encryption and to finding your way into a server to capture or find a Hidden Flag.

There is nearly always a Hidden Flag, in the code, on the internet or buried deep inside a unsecured Database or Web Application server. For IT security experts and IT experts in general it is a deeply rewarding and educational experience.

However the knowledge required to become proficient in all the topics and be successful in the challenges can be very daunting and the Knowledge difficult to acquire with out years of experience. So my blog should help with some of the knowledge gathering.

Best Kali tools for Network Enumeration

The below list is dynamic and will update when more tools should be added.

nmap

What hasn’t been said about nmap, it comes with every flavour of Linux and should be learned by all.

netdiscover

A live tool that is always running to see what new systems join the network.

rustscan

When engaged in Capture the flag challenges, being stealthy is not really that important. Rustscan can be super noisy and super fast.

tshark

Everyone knows about wireshark, but tshark is the command line version and has all the power of wireshark, with none of the GUI.

Best Kali tools for Exploitation.

Once systems are services are scanned down, its time to exploit team.

enum4linux

Best tool to find those users and shares on Windows or Samba.

smbrute

A great tool for brute forcing a smb share. I used and example of it in a CTF room called ephemeral2

sqlmap

Finding sqli vulnerabilities couldn’t be easier than with sqlmap.

hydra

When you absolutely have to unlock every network application in the room. See my post on it.

wfuzz

wfuzz is great to fuzz for those LFI php pages. See my LFI post

gobuster

Find all the directories on a web server.

wpscan

Brute force or scan down vulnerabilities in wordpress.

searchsploit

Just search for the software that was scanned down and searchsploit will more than likely have a script for you.

firefox

The only Gui tool on the list and comes with all Linux OS versions. BurpSuite and ZAP are great tools, but if you learn the inspect tool that comes with firefox, then you can do most stuff without them.

Conclusion

A lot of the “Best Command tools in Kali Linux” type of posts then to focus heavily on GUI tools. Your skills are better learned and honed using the Command line.

Published inCTFGetting Started With CTF ChallengeskaliLinux

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *