Ubuntu for Hacking

Tram Ho

You own a VPS using Ubuntu operating system and want to turn it into an effective “weapon” to help your Pentest/Hacking work? Here are the tools that I think you should install to get that job done.

Tools to install

1. Ruby/ Python/ Perl

Currently, most of the mining code is based on scripting languages like Ruby / Python / Perl. So make sure your server comes pre-installed with these languages

Install Python3

Install ruby

Install Perl

2. Nmap

Nmap is one of the most famous hacking tools in the world and in movies. It provides extremely powerful and highly accurate server port and vulnerability scanning.

Install nmap

3. Metasploit framework

Born in 2003 by author H. D. Moore – Metasploit Framework is the name of a computer security project to help synthesize and provide information about security vulnerabilities and support exploitation of these vulnerabilities.

Metasploit Framework focuses on rapid deployment of vulnerability exploits and development of intrusion detection systems. It was originally written on the basis of the Perl programming language with main components written in C and Python, later rewritten in Ruby. In 2009, Metasploit was acquired by Rapid7 – a company specializing in security.

On Kali linux, the Metasploit framework is installed by default. For other platforms such as Windows, macOS … users need to install it manually.

Install Metasploit Framework on Ubuntu

4. Sqlmap

Sqlmap is a very reliable tool in exploiting SQL Injection vulnerabilities. But usually, if you use it on a personal computer. It is likely that Sqlmap will not be able to maximize its effectiveness due to the blocking of malicious payloads from the company’s or network’s firewall. So this tool only works best when installed and used on the Server

Install sqlmap

5. Nikto

Nikto was the first tool I was exposed to when learning about security. Although currently I rarely use it in scanning work – but undeniably, it is a very powerful tool in the vulnerability scanning process. Especially the service vulnerabilities on the server

Install Nikto

6. Nuclei

Nuclei is currently a “bright star” in the field of security vulnerability scanning. With the ability to find “transcendent” vulnerabilities plus an extremely low rate of False positives. Nuclie is increasingly being developed and trusted by the security community.

In some cases I know, Nuclie updates the template scan before the vulnerability is assigned a CVE code

Install Go

Install Nuclie

7. Setoolkit

Setoolkit is the most famous Phishing tool today. It gives you many attack options like “Phishing email”, “Phishing SMS” or “Phising Web Application” without you needing to write a single line of code. At the same time, this is also a very effective Malware distribution support tool

Install Setoolkit

DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period. Please read the LICENSE under readme/LICENSE for the licensing of SET.

8. John the Ripper

John the Ripper is the daring tool in the crack field. You can crack anything. from ZIP file password, Hash Password Shadow to SSH, RDP services… As long as you’re lucky,

Install John The Ripper


WPSCAN will be a useful tool in case your test target uses the WordPress platform

Install dependent packages

Install Ruby Version Manager (RVM)

Install WPSCAN via sources (Ubuntu 20.04)

10. Gobuster

Gobuster is a powerful and effective tool for detecting “hidden” folders and files on Web Applications. It will find out the sensitive folders, paths and files on the Server that the programmer accidentally ignores. Thereby creating a premise to attack the system

Install Gobuster

11. Weevely

Weevely is a web-shell creation tool that I personally love. It helps to create malicious code “hidden” on the server that is difficult to detect by scanning tools

Install Weevely

12. Bot

In essence, this is not a specific tool. You can freely develop Bot on many different platforms such as Chatwork, Telegram, Slack … Using Bot in reporting found VPS security holes will save your time and effort. you are much more.

13. Kali linux tools

This is the tool I least recommend. Kali Linux Tools is essentially a handy – simple – tool that quickly turns your Ubuntu server into a true Pentest server. But besides that, it also creates many unused tools that waste system resources



The above are effective tools for Hacking / Pentesting work that you should install and use on VPS. There may be many other effective attack tools that I have inadvertently overlooked. Hope you guys can give me your feedback so I can add it in the near future. I would like to thank

Share the news now