FSociety pentesting Framework with super 20 hacking tools for Kali Linux


No need to download different pen-testing tools, Fsociety Pentesting Framework comes with 20 hacking tools for Kali Linux

If you are a Kali Linux user, you are already into pentesting. But for the initiated, pentesting means penetration testing and is a unique artform to test vulnerabilities in websites, Apps, servers, services, and anything that is digital. All pen-testers require various hacking tools dependent on their skills. They have to download different tools from different websites. This is always a headache as hacking tools are not easily available. Now comes a one-tool for all solution for Kali Linux users.

Fsociety is a modular penetration testing tool, which has many modules like Information gathering, password attack, brute force, networking, web app, obfuscation, and utilities. You can use each module of Fsociety as you require with all the sub hacking tools in one place. In this article, we discuss Fsociety pentesting framework for Kali Linux. Using this tool, hackers and security researchers can reduce time taken to execute the pentest with great results.

First and foremost you require a Linux PC/laptop with Kali Linux 2019.3 64 bit version and Linux Kernel version: 5.2.0. Now use this command to install the Fsociety tool:

pip install fsociety

Next, use this command to upgrade the tool to the latest version

pip install –upgrade fsociety

Once done simply launch the tool with the command:


Once launched you will see 6 modules with different 20 tools.

Here I list the some of the tools available in Fsociety:

  • SQLMap: SQLMap is an automatic SQL injection tool. Hackers and researchers use this tool to find out vulnerabilities on a website. Plugging such vulnerabilities is important because cybercriminals can steal confidential data using such injections from the database server. This is an open-source and penetration testing tool.
  • Striker: Striker is an information gathering and vulnerability scanning tool for the websites. This tool will collect Open ports, Email Addresses, DNS records, IP addresses, servers, and Operating systems.
  • Sublist3r: Sublist3r is a subdomain enumeration tool. This will collect all the subdomains from different search engines like Bing, Google, Yahoo. This is also an opensource tool written in Python and mostly used for OSINT (Open sources investigation)
  • Sherlock: Sherlock is an information-gathering tool. This tool is used for collecting vulnerable Username from different social media websites like Facebook This is a powerful tool which allows hackers to conduct social engineering attacks.
  • Dork – Google Dorks Passive Vulnerability Auditor. We have explained Google Dorking here.
  • S3scanner: S3scanner is used to collect the data from Amazon s3 by simply specifying the domain name. After completing the scanning, it stores the results in a text file.
  • Gitgraber: Gitgraber is used to collect sensitive information from different websites/online services like Google, Amazon, Paypal, Github, Facebook, Twitter.
  • Hydrarecon:  Hydrarecon is a simple recon tool. It can be used to collect the live domain and sub-domains details and conduct an open port scan.
  • Nmap: Nmap is a network sniffing tool which can be used to find vulnerabilities in network
  • Bettercap: Bettercap is a powerful hacking tool. Security researchers use this tool to conduct a man in the middle (MITM) attacks via HTTP, HTTPS, and TCP. Through the tool, they can monitor the real-time traffic and can steal any login credentials & other sensitive data.
  • XSStrike: This tool is used for website information gathering and it can also find vulnerabilities like DOM and XSS on the webpage.
  • Scan:  This tool can scan all the server’s users
  • Photon: Photon is used to crawl the website and it can collect the URLs with the parameters. This tool is completely built on python language.
  • Cupp: Cupp hacking tool is used to crack the username and password of any webpage using a wordlist.
  • Reaver: Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases
  • Pixiewps: Pixiewps is a tool written in C used to brute force the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack)
  • cr3dov3r: cr3dov3r is an open-source tool. This tool can be used to find the login credentials of a specific email address. cr3dov3r uses haveibeenpwned API key to check the leaks of the provided email address. The emails are from websites like Google, Github, eBay, Facebook, Twitter, etc.
  • Hash Buster: Hash Buster is used to converting hash function to plain text.
  • Cuteit:  The main aim of this tool is to make malicious IP address into URL. This open-source tool is in Python.
  • Host To IP: This tool lists all the websites using a particular IP address. This tool displays the Host’s IP address by specifying the hostname.
  • Base64 Becode: This is a decoding tool.


If you have a PC/laptop with Kali Linux distro and are a security researcher or ethical hacker, you should have Fsociety as your pentesting framework. You can visit the Fsociety GitHub page to join in as a developer to enhance the framework. For hacking hardware kindly refer to this article.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments