TOOL_LIST.mdβ’12.5 kB
# Complete Tool List - MCP Kali Pentest Framework
## Quick Reference: All 80+ Tools
### π‘ Reconnaissance & OSINT (11 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 1 | nmap_scan | `nmap` | Port scanning, service detection, OS fingerprinting |
| 2 | masscan_scan | `masscan` | Ultra-fast port scanner (Internet-scale) |
| 3 | amass_enum | `amass` | Advanced subdomain enumeration |
| 4 | theHarvester | `theHarvester` | Email/subdomain harvesting from OSINT |
| 5 | recon_ng | `recon-ng` | Full-featured recon framework |
| 6 | shodan_search | `shodan` | Search for exposed devices and services |
| 7 | whatweb | `whatweb` | Web technology fingerprinting |
| 8 | wafw00f | `wafw00f` | WAF detection and identification |
| 9 | dns_enum | `dig`, `sublist3r` | DNS enumeration and subdomain discovery |
| 10 | sublist3r | `sublist3r` | Passive subdomain enumeration |
| 11 | fierce | `fierce` | DNS reconnaissance and zone transfer |
---
### π Web Application Scanning (10 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 12 | nikto_scan | `nikto` | Web server vulnerability scanner |
| 13 | nuclei_scan | `nuclei` | Fast template-based vulnerability scanner |
| 14 | wpscan | `wpscan` | WordPress security scanner |
| 15 | joomscan | `joomscan` | Joomla vulnerability scanner |
| 16 | droopescan | `droopescan` | Drupal/SilverStripe scanner |
| 17 | gobuster_scan | `gobuster` | Directory/file brute-forcing (Go) |
| 18 | dirb | `dirb` | Web content scanner |
| 19 | dirbuster | `dirbuster` | Multi-threaded directory brute-forcer |
| 20 | wfuzz | `wfuzz` | Advanced web application fuzzer |
| 21 | ffuf_fuzz | `ffuf` | Fast web fuzzer |
---
### βοΈ Web Application Exploitation (7 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 22 | sqlmap_scan | `sqlmap` | Automatic SQL injection exploitation |
| 23 | commix | `commix` | Command injection exploitation |
| 24 | xsstrike | `xsstrike` | Advanced XSS detection and exploitation |
| 25 | ssrf_detector | Custom | Server-Side Request Forgery testing |
| 26 | burpsuite_scan | Burp Suite API | Professional web app scanner (Pro) |
| 27 | owasp_zap_scan | `zap-cli` | OWASP ZAP automated scanner |
| 28 | wfuzz | `wfuzz` | Payload fuzzing and injection |
---
### π» Wireless Security (5 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 29 | aircrack_suite | `airmon-ng`, `airodump-ng`, `aircrack-ng` | Complete Wi-Fi cracking suite |
| 30 | reaver | `reaver` | WPS brute-force attack |
| 31 | wifite | `wifite` | Automated wireless auditor |
| 32 | bettercap | `bettercap` | Network attack and monitoring framework |
| 33 | kismet_scan | `kismet` | Wireless network detector and IDS |
---
### π Brute Force & Authentication (6 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 34 | hydra_bruteforce | `hydra` | Network login brute-forcer (50+ protocols) |
| 35 | crackmapexec | `crackmapexec` | AD post-exploitation and brute-force |
| 36 | medusa | `medusa` | Parallel login brute-forcer |
| 37 | patator | `patator` | Multi-purpose brute-force tool |
| 38 | crowbar | `crowbar` | Brute-forcing tool (RDP, SSH, VNC) |
| 39 | ncrack | `ncrack` | Network authentication cracker |
---
### π Password Cracking (4 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 40 | john_crack | `john` | John the Ripper password cracker |
| 41 | hashcat_crack | `hashcat` | GPU-accelerated password recovery |
| 42 | ophcrack | `ophcrack` | Windows password cracker (rainbow tables) |
| 43 | rainbowcrack | `rainbowcrack` | Rainbow table generator and cracker |
---
### π₯ Exploitation Frameworks (5 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 44 | metasploit_search | `msfconsole` | Metasploit Framework search |
| 45 | searchsploit | `searchsploit` | Exploit-DB offline search |
| 46 | exploit_db_search | `searchsploit` | Exploit-DB search (alias) |
| 47 | commix | `commix` | Command injection framework |
| 48 | crackmapexec | `crackmapexec` | Post-exploitation framework |
---
### π» Post-Exploitation (6 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 49 | mimikatz | Windows target | Windows credential extraction |
| 50 | bloodhound_ingest | `bloodhound-python` | Active Directory attack path analysis |
| 51 | empire_agent | PowerShell Empire | Post-exploitation framework |
| 52 | crackmapexec | `crackmapexec` | Lateral movement and execution |
| 53 | linpeas | `linpeas.sh` | Linux privilege escalation enumeration |
| 54 | winpeas | `winpeas.exe` | Windows privilege escalation enumeration |
---
### π£ Social Engineering (3 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 55 | setoolkit | `setoolkit` | Social Engineering Toolkit |
| 56 | gophish_campaign | GoPhish | Phishing campaign framework |
| 57 | king_phisher | King Phisher | Phishing campaign tool |
---
### π± Mobile Application Security (4 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 58 | mobsf_scan | MobSF API | Mobile Security Framework (Android/iOS) |
| 59 | drozer_scan | `drozer` | Android security assessment framework |
| 60 | frida_trace | `frida-trace` | Dynamic instrumentation toolkit |
| 61 | objection | `objection` | Runtime mobile exploration |
---
### π API Security Testing (4 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 62 | postman_scan | `newman` | API testing with Postman collections |
| 63 | rest_api_fuzzer | Custom/RESTler | RESTful API fuzzing |
| 64 | graphql_scanner | Custom | GraphQL security scanner |
| 65 | nuclei_scan | `nuclei` | Template-based API testing |
---
### π Digital Forensics (4 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 66 | volatility_analyze | `volatility` | Memory forensics framework |
| 67 | autopsy_case | `autopsy` | Digital forensics platform |
| 68 | foremost | `foremost` | File carving tool |
| 69 | scalpel | `scalpel` | Fast file recovery |
---
### π¬ Reverse Engineering (5 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 70 | ghidra_decompile | Ghidra | NSA's reverse engineering tool |
| 71 | radare2_analyze | `r2` | Open-source RE framework |
| 72 | binwalk_extract | `binwalk` | Firmware analysis and extraction |
| 73 | strings_extract | `strings` | Extract printable strings |
| 74 | ida_pro | IDA Pro | Professional disassembler |
---
### βοΈ Cloud Security (5 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 75 | scout_suite | `scout` | Multi-cloud security auditing |
| 76 | cloudfox_enum | `cloudfox` | AWS enumeration tool |
| 77 | pacu_module | Pacu | AWS exploitation framework |
| 78 | prowler | `prowler` | AWS security best practices |
| 79 | cloudmapper | CloudMapper | AWS environment visualization |
---
### π³ Container Security (4 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 80 | trivy_scan | `trivy` | Container vulnerability scanner |
| 81 | docker_bench_security | `docker-bench-security` | Docker CIS benchmark |
| 82 | clair_scan | Clair | Container vulnerability database |
| 83 | kube_hunter | `kube-hunter` | Kubernetes penetration testing |
---
### π Network Analysis (6 tools)
| # | Tool | Command | Purpose |
|---|------|---------|---------|
| 84 | tcpdump_capture | `tcpdump` | Packet capture tool |
| 85 | wireshark_analyze | `tshark` | Protocol analyzer |
| 86 | snmp_check | `snmp-check` | SNMP enumeration |
| 87 | enum4linux | `enum4linux` | SMB/Samba enumeration |
| 88 | smbclient_enum | `smbclient` | SMB share enumeration |
| 89 | ssl_scan | `sslscan` | SSL/TLS configuration analyzer |
---
### π€ Autonomous Testing (4 tools)
| # | Tool | Purpose |
|---|------|---------|
| 90 | start_autonomous_pentest | AI-powered automated penetration test |
| 91 | get_ai_suggestion | Get intelligent next-step recommendations |
| 92 | vulnerability_assessment | Comprehensive multi-tool assessment |
| 93 | generate_report | Professional report generation |
---
## Statistics
```
Total Tools: 93
Total Categories: 17
Total Lines of Code: 7,778
Total Files: 14
Breakdown by Category:
- Reconnaissance: 11 tools (12%)
- Web Scanning: 10 tools (11%)
- Web Exploitation: 7 tools (8%)
- Wireless: 5 tools (5%)
- Brute Force: 6 tools (6%)
- Password Cracking: 4 tools (4%)
- Exploitation: 5 tools (5%)
- Post-Exploitation: 6 tools (6%)
- Social Engineering: 3 tools (3%)
- Mobile: 4 tools (4%)
- API Testing: 4 tools (4%)
- Forensics: 4 tools (4%)
- Reverse Engineering: 5 tools (5%)
- Cloud Security: 5 tools (5%)
- Container Security: 4 tools (4%)
- Network Analysis: 6 tools (6%)
- Autonomous: 4 tools (4%)
```
---
## Installation Requirements
### Core Tools (Pre-installed on Kali)
```bash
# Reconnaissance
apt install nmap masscan amass theharvester recon-ng whatweb wafw00f
# Web Testing
apt install nikto gobuster dirb dirbuster wfuzz ffuf
# CMS Scanners
apt install wpscan joomscan
# Exploitation
apt install sqlmap metasploit-framework exploitdb
# Wireless
apt install aircrack-ng wifite reaver bettercap kismet
# Brute Force
apt install hydra medusa patator crowbar ncrack
# Password Cracking
apt install john hashcat ophcrack
# Network
apt install tcpdump wireshark enum4linux smbclient snmp
# Forensics
apt install volatility autopsy foremost scalpel binwalk
# Reverse Engineering
apt install radare2 ghidra
```
### Additional Tools
```bash
# Nuclei (templates)
nuclei -update-templates
# CrackMapExec
pip install crackmapexec
# Droopescan
pip install droopescan
# Commix
git clone https://github.com/commixproject/commix
# XSStrike
git clone https://github.com/s0md3v/XSStrike
# MobSF
docker pull opensecurity/mobile-security-framework-mobsf
# BloodHound
pip install bloodhound
# LinPEAS/WinPEAS
wget https://github.com/carlospolop/PEASS-ng/releases/latest
# Scout Suite
pip install scoutsuite
# CloudFox
go install github.com/BishopFox/cloudfox@latest
# Trivy
apt install trivy
```
### Commercial/Pro Tools
- Burp Suite Professional (License required)
- IDA Pro (License required)
---
## Tool Categories by Use Case
### Quick Web Vulnerability Scan
```
nikto β nuclei β wpscan (if WordPress)
Time: 10-15 minutes
```
### Comprehensive Web Pentest
```
whatweb β gobuster β sqlmap β xsstrike β burpsuite
Time: 2-4 hours
```
### Network Penetration Test
```
masscan β nmap (full) β enum4linux β hydra β crackmapexec
Time: 1-3 hours
```
### Wireless Assessment
```
kismet β wifite β aircrack-ng suite
Time: 30-60 minutes
```
### Full Autonomous Pentest
```
start_autonomous_pentest β get_ai_suggestion β generate_report
Time: 2-6 hours (automatic)
```
---
## Tool Availability Matrix
| Tool | Kali | Debian/Ubuntu | macOS | Windows | Docker |
|------|------|---------------|-------|---------|--------|
| Nmap | β
| β
| β
| β
| β
|
| Masscan | β
| β
| β
| β | β
|
| Burp Suite | β
| β
| β
| β
| β |
| Metasploit | β
| β
| β
| β
| β
|
| Aircrack-ng | β
| β
| β
| β | β |
| Hydra | β
| β
| β
| β | β
|
| SQLMap | β
| β
| β
| β
| β
|
| Nuclei | β
| β
| β
| β
| β
|
| MobSF | β
| β
| β
| β
| β
|
| Ghidra | β
| β
| β
| β
| β
|
---
## Quick Command Reference
```bash
# List all available tools
python3 -c "from tool_registry import get_all_tool_definitions; \
print('\n'.join([t.name for t in get_all_tool_definitions()]))"
# Count tools by category
python3 -c "from tool_registry import TOOL_CATEGORIES; \
print({k: len(v.tools) for k, v in TOOL_CATEGORIES.items()})"
# Check tool availability
which nmap nikto sqlmap hydra john metasploit
# Update tool databases
nuclei -update-templates
searchsploit -u
msfupdate
```
---
## Documentation Files
1. **README.md** - Main project documentation
2. **TOOLS_GUIDE.md** - Comprehensive tool guide with examples
3. **ADDING_TOOLS.md** - Developer guide for adding new tools
4. **TOOL_LIST.md** - This file (quick reference)
5. **API.md** - Complete API documentation
---
## Support & Resources
- **GitHub**: [Repository](https://github.com/yourusername/mcpkali)
- **Documentation**: See README.md
- **Tool Issues**: Check individual tool documentation
- **Framework Issues**: Open GitHub issue
---
**Last Updated**: 2024-11-05
**Framework Version**: 1.0.0
**Total Tools**: 93