Pentests and CTFs can take a while to complete. You should be well versed in the tools of the trade before you try doing anything. Any Linux distro dedicated to penetration testing has many preinstalled tools that can make your life easier. You don't need to know how to use all of them, since many do the same thing. This list should provide you with the tools you should learn as a start. Here are the Top 10 Tools All Hackers Should Know.


Nmap, short for Network Mapper, is network discovery tool. One of the first tools you'll likely use in an engagement is nmap; it is essential to knowing what you're up against. You're going to need to know what ports are open, which services are running and the version of the software used to find vulnerabilities on your target system. Nmap can help you with all of that and much more.


SQLmap is a tool to automate the process of SQL injections for web apps. If you're a beginner, I advise not using this tool since it is very important to learn how SQL injections work and how to exploit them manually before you automate it. This tool is also useful for automating tests for your own applications with database interactions.


Hydra is a network login cracker. If you ever need to bruteforce authentication on HTTP forms or even SSH, give Hydra a wordlist and watch it try to break in. Bruteforcing is often discouraged in CTFs (the ones that play more like RPGs) but is a necessary evil in a lot of cases. Obviously obtaining password hashes from an SQL injection is more effective, but bruteforcing is still useful and Hydra will get the job done for you for most logins for network protocols.

Burp Suite

Burp Suite is the hacker's favourite tool for web application security audits. There are tools for request inspection, decoding popular encodings, carrying out bruteforce attacks and creating reverse proxies. The free version of Burp is more than enough for most beginners doing CTFs. If you want all of what Burp has to offer, you can buy a commercial license for $400 a year.


Hashcat is the best password cracker currently available. Hashcat can take advantage of your graphics card to any crack hash for every popular hashing algorithm. If you've ever read about Hashcat being the CPU version and oclHashcat being the GPU version in older pentesting books, Hashcat merged both versions into one after v2.01. If you have a gaming rig already, you have everything needed to crack passwords at an incredible speed with Hashcat.

I recommend installing Hashcat natively since setting up a GPU passthru for a virtual machine can be painful.

Any C2 Framework

Powershell Empire

Command and Control frameworks are very important for post-exploitation. Being able to manipulate machines after they have been hacked allows you to show proof that you popped your client's box—if you're doing a pentest—or to look for flags for CTFs. There are many C2s in widespread use such as Metasploit, SilentTrinity, Empire, Cobalt Strike, Merlin and some custom made frameworks. Most books you'll read will use Metasploit, since it's preinstalled on Kali Linux and ParrotOS and also the most popular. Metasploit is great for beginners and more experienced users alike, don't let anyone tell you it's only for script kiddies.

Building your own C2 framework can be a very fun project and is probably something you already what to do if you are interested in botnets. I encourage that you give it a try using your favourite programming language and try it out in some CTFs.


Veil is a framework for generating Metasploit payloads that evade common antivirus techniques. It's not possible to be 100% undetectable, especially with Metasploit payloads, but you can get very close if you're lucky and with the help of Veil. Veil will not always work since AV software is constantly updated and signatures will can still be identified. However, it is a good start for protecting your payloads.


Wireshark is the most popular network protocol analysis suite. This tool is amazing for both attackers and defenders. You can capture and inspect all packets passing through a network interface including VoIP—yes, that means you essentially wiretap calls on your network. 30% of the time at an Internet Cafe or Hotel, someone will most likely be sniffing packets for passwords, banking information and the like with Wireshark or some other network auditing tool. Get very familiar with it, Wireshark is one the most useful tools for a system admin or hacker.


Radare2 is a free and open source framework for reverse engineering that contains every tool you'll need for cracking or patching any binary. Radare boasts being the best framework on the planet for reversers because of its incredible feature set and support for absolutely everything—executable formats, architectures, compilers, you name it. Compared to other tools, Radare has a very steep learning curve, which is a tradeoff for being so comprehensive.

If you watch reverse engineering tutorials or CTF walkthroughs on YouTube, IDA and Radare are frequently used. If you don't have a lot of money to spend, please use Radare. I use it and I love it.


Dirb is a web content scanner that bruteforces webserver URLs to help you find files and directories on your target machine. The amount of CTFs that require a tool like this is massive. There are also the graphical version of dirb called dirbuster and an improved version called gobuster.


These are not the only tools you should use, but the ones I find the most useful for my purposes in CTFs. If you install Kali Linux or ParrotOS, most of these tools are already installed and you should get to know them well. I wish you safe travels and happy hacking!