MODUL
BEGINNING WITH KALI
Prepared by
Syahmuddin Alfaritsi
CONTENTS
A brief history of Kali
The penetration testing tools categorized
10 security tools
Information gathering
02
A Brief History of Kali
03
A brief history of Kali
A brief history of Kali Linux Kali Linux (Kali) is a Linux
distribution system that was developed with a focus on the
penetration testing task. Previously, Kali Linux was known as
BackTrack, which itself is a merger between three different live
Linux penetration testing distributions: IWHAX, WHOPPIX, and
Auditor.
BackTrack is one of the most famous Linux distribution
systems, as can be proven by the number of downloads that
reached more than four million as of BackTrack Linux 4.0 pre
final. Kali Linux Version 1.0 was released on March 12, 2013.
Five days later, Version 1.0.1 was released, which fixed the USB
keyboard issue. In those five days, Kali has been downloaded
more than 90,000 times.
4
A brief history of Kali
The following are the major features of Kali Linux
(http://docs.kali.org/ introduction/what-is-kali-linux):
• It is based on the Debian Linux distribution
• It has more than 300 penetration testing applications
• It has vast wireless card support
• It has a custom kernel patched for packet injection
• All Kali software packages are GPG signed by each developer
• Users can customize Kali Linux to suit their needs
• It supports ARM-based systems
4
The Penetration Tools
Categorized
03
The Penetration Tools Categorized
Kali Linux tool categories Kali Linux contains a number of tools
that can be used during the penetration testing process. The
penetration testing tools included in Kali Linux can be
categorized into the following categories:
• Information gathering:
This category contains several tools that can be used to gather
information about DNS, IDS/IPS, network scanning, operating
systems, routing, SSL, SMB, VPN, voice over IP, SNMP, e-mail
addresses, and VPN.
4
The Penetration Tools Categorized
• Vulnerability assessment:
In this category, you can find tools to scan vulnerabilities in
general. It also contains tools to assess the Cisco network, and
tools to assess vulnerability in several database servers. This
category also includes several fuzzing tools.
• Web applications:
This category contains tools related to web applications such
as the content management system scanner, database
exploitation, web application fuzzers, web application proxies,
web crawlers, and web vulnerability scanners.
4
The Penetration Tools Categorized
• Password attacks:
In this category, you will find several tools that can be used to
perform password attacks, online or offline.
• Exploitation tools:
This category contains tools that can be used to exploit the
vulnerabilities found in the target environment. You can find
exploitation tools for the network, Web, and database. There
are also tools to perform social engineering attacks and find
out about the exploit information.
4
The Penetration Tools Categorized
• Sniffing and spoofing:
Tools in this category can be used to sniff the network and web
traffic. This category also includes network spoofing tools such
as Ettercap and Yersinia.
• Maintaining access:
Tools in this category will be able to help you maintain access
to the target machine. You might need to get the highest
privilege level in the machine before you can install tools in
this category. Here, you can find tools for backdooring the
operating system and web application. You can also find tools
for tunneling.
4
The Penetration Tools Categorized
• Reporting tools:
In this category, you will find tools that help you document the
penetration-testing process and results.
• System services:
This category contains several services that can be useful
during the penetration testing task, such as the Apache
service, MySQL service, SSH service, and Metasploit service.
4
10 Security Tools and
Others
03
10 Security Tools and Others
To ease the life of a penetration tester, Kali Linux has provided
us with a category called Top 10 Security Tools. Based on its
name, these are the top 10 security tools commonly used by
penetration testers.
The tools included in this category are :
aircrack-ng
burp-suite
Hydra
John
Maltego
4
10 Security Tools and Others
Metasploit
Nmap
Sqlmap
Wireshark
zaproxy.
Besides containing tools that can be used for the penetration
testing task, Kali Linux also comes with several tools that you
can use for the following:
• Wireless attacks:
This category includes tools to attack Bluetooth, RFID/ NFC,
and wireless devices.
4
10 Security Tools and Others
• Reverse engineering:
This category contains tools that can be used to debug a
program or disassemble an executable file.
• Stress testing:
This category contains tools that can be used to help you in
stress testing your network, wireless, Web, and VOIP
environment.
• Hardware hacking:
Tools in this category can be used if you want to work with
Android and Arduino applications.
4
10 Security Tools and Others
• Forensics:
In this category, you will find several tools that can be used for
digital forensics, such as acquiring a hard disk image, carving
files, and analyzing the hard disk image. To use the forensics
capabilities in Kali Linux properly, you need to navigate to Kali
Linux Forensics | No Drives or Swap Mount in the booting
menu. With this option, Kali Linux will not mount the drives
automatically, so it will preserve the drives' integrity.
4
Information Gathering
03
Information Gathering
In this chapter, we will discuss the information gathering phase
of penetration testing. We will describe the definition and
purpose of information gathering. We will also describe several
tools in Kali Linux that can be used for information gathering.
After reading this chapter, we hope that the reader will have a
better understanding of the information gathering phase and
will be able to do information gathering during penetration
testing.
4
Information Gathering
Remember that no method is better in comparison to the
other; each has its own advantage. In passive scanning, you
gather less information but your action will be stealthy; while,
in active scanning, you get more information but some devices
may catch your action. During a penetration testing project,
this phase may be done several times for the completeness of
information collected. You may also discuss with your pen-
testing customer, which method they want.
4
Information Gathering
Information Gathering
For this chapter, we will utilize the passive and active methods
of information gathering to get a better picture of the target.
We will discuss the following topics in this chapter:
• Public websites that can be used to collect information about
the
target domain
• Domain registration information
• DNS analysis
• Route information
• Search engine utilization
4
Information Gathering
Using public resources
On the Internet, there are several public resources that can
be used to collect information regarding a target domain.
The benefit of using these resources is that your network
traffic is not sent to the target domain directly, so our
activities are not recorded in the target domain logfiles.
The following are the resources that can be used:
No. Resource URL Description
1. http://www.archive.org This contains an archive
of websites.
2. http://www.domaintools.com/ This contains domain
name intelligence.
4
Information Gathering
No. Resource URL Description
3. http://www.alexa.com/ This contains the
database of information
about websites.
4. http://serversniff.net/ This is the free "Swiss
Army Knife" for
networking, server checks,
and routing.
5. http://centralops.net/ This contains free online
network utilities
as domain, e-mail,
browser,ping, traceroute,
and Whois.
4
Information Gathering
No. Resource URL Description
6. http://www.robtex.com This allows you to search
for domain and
network information.
7. http://www.pipl.com/ This allows you to search
for people on the
Internet by their first and
last names, city,
state, and country.
8. http://yoname.com This allows you to search
for people across
social networking sites and
blogs.
4
Information Gathering
No. Resource URL Description
9. http://wink.com/ This is a free search engine
that allows you
to find people by their name,
phone number, e-mail,
website, photo, and so on.
10. http://www.isearch.com/ This is a free search engine
that allows you
to find people by their name,
phone number, and e-mail
address.
4
Information Gathering
No. Resource URL Description
11. http://www.tineye.com TinEye is a reverse image
search engine. We
can use TinEye to find out
where the image came from,
how it is being used, whether
modified versions of the
image exist, or to find higher
resolution versions.
12. http://www.sec.gov/edgar. shtml This can be used to
search for Information
regarding public listed
companies in the Securities
and Exchange Commission.
4
Information Gathering
URL Description
Due to the ease of use, you only need an Internet connection and a
web browser, we suggest that you utilize these public resources first
before using the tools provided with Kali Linux.
If you want to know how The Kali Linux , please read manual book of
Kali Linux and practice wisely
4
Have A Nice Day with Kali Linux
03