10 open source tools that feel illegal...

Fireship demos 10 Kali Linux penetration testing tools — NMAP to Metasploit — with working examples and legal warnings.

• Metasploit’s EternalBlue exploit can give full shell access to unpatched Windows 7 machines in minutes.
• Hashcat paired with rockyou.txt (14M common passwords) can crack MD5 hashes in seconds; bcrypt may take days.
• Aircrack-ng can capture and crack WPA keys on nearby Wi-Fi networks; intercepted HTTP traffic is readable in plaintext.
• hping3 flood mode can DoS a single server or, distributed across a botnet, become a DDoS attack costing millions on serverless platforms.
• Skipfish recursively crawls websites for XSS, SQLi, and other vulnerabilities and accepts credentials to scan authenticated pages.
• The Social Engineering Toolkit can clone any website to harvest credentials without writing any custom code.
• Foremost recovers deleted files from raw disk images using file-carving (header/footer pattern matching), no filesystem needed.
• SQLmap maps database schemas and automates SQL injection to extract or exfiltrate database contents.

2026-02-05 · Watch on YouTube