As of the latest official Kali Linux documentation and tool categorization (2024–2026), Kali organizes its 600+ tools into 16 standardized categories—often referred to as “modules” in training contexts like the Kali Linux Revealed course or Offensive Security curricula.

These 16 categories flow logically from initial reconnaissance to post-exploitation and reporting, aligning with the penetration testing lifecycle.

Here are the official 16 Kali Linux tool categories (modules):

The 16 Official Kali Linux Tool Categories

1. Information Gathering
   (Reconnaissance: WHOIS, DNS, network discovery)
   → Tools: theHarvester, dnsenum, nmap, recon-ng
2. Vulnerability Analysis
   (Scanning for weaknesses in systems/apps)
   → Tools: nikto, openvas, lynis, nuclei
3. Web Application Analysis
   (Testing web apps for flaws like XSS, SQLi)
   → Tools: burpsuite, sqlmap, dirb, ffuf, zaproxy
4. Database Assessment
   (Attacking/auditing database systems)
   → Tools: sqlmap, odbcrash, dbpwaudit
5. Password Attacks
   (Cracking, brute-forcing, wordlist generation)
   → Tools: john, hashcat, hydra, cewl, crunch
6. Wireless Attacks
   (Wi-Fi, Bluetooth, RFID testing)
   → Tools: aircrack-ng, kismet, bluelog, rfcat
7. Reverse Engineering
   (Analyzing binaries, firmware, malware)
   → Tools: ghidra, radare2, binwalk, apktool
8. Exploitation Tools
   (Delivering payloads, exploiting vulnerabilities)
   → Tools: metasploit-framework, exploitdb, setoolkit
9. Sniffing & Spoofing
   (Intercepting/modifying network traffic)
   → Tools: wireshark, bettercap, dsniff, mitmproxy
10. Post-Exploitation
    (Maintaining access, privilege escalation, pivoting)
    → Tools: mimikatz, bloodhound, pupy, empire (legacy)
11. Forensics
    (Digital evidence collection & analysis)
    → Tools: autopsy, sleuthkit, volatility, binwalk
12. Reporting Tools
    (Documenting findings, generating reports)
    → Tools: dradis, faraday, pipal, maltego (for visualization)
13. Social Engineering Tools
    (Human-focused attacks: phishing, baiting)
    → Tools: setoolkit, gophish, seclists
14. System Services
    (Kali’s built-in support services: HTTP, SMB, DNS, etc.)
    → Tools: apache2, impacket, responder, dnsmasq
    → Used to host payloads, simulate servers, or capture credentials
15. Hardware Hacking
    (Embedded systems, IoT, chip analysis)
    → Tools: arduino, usbkill, firmadyne, hackrf
16. Other / Miscellaneous
    (Tools that don’t fit elsewhere but are useful)
    → Includes: tmux, git, curl, netcat, custom scripts, and utilities for automation or infrastructure

Notes:

• Offensive Security and visible on https://www.kali.org/tools/ officially maintain these categories.
• The sequence mirrors the penetration testing methodology:
  Recon → Scan → Exploit → Post-Exploit → Report.
• As a SOC analyst, you’ll primarily use categories:
  1 (Info Gathering), 3 (Web), 9 (Sniffing), 11 (Forensics), and 12 (Reporting).