Download Comprehensive Guide to Kali Linux's Penetration-testing Tools and more Lecture notes Information Security and Markup Languages in PDF only on Docsity!
Omkar Ajit Kadam BEIT-2 Roll No. 90 IS EXPERIMENT NO. Aim: Exploring kali Linux and inbuilt its Tools. Requirements: PC, Compiler of any language like Java, C or Python Theory: Kali Linux is one of the best security packages of an ethical hacker, containing a set of tools divided by the categories. It is an open source and its official webpage is https://www.kali.org. Generally, Kali Linux can be installed in a machine as an Operating System, as a virtual machine which we will discuss in the following section. Installing Kali Linux is a practical option as it provides more options to work and combine the tools. You can also create a live boot CD or USB. All this can be found in the following link: https://www.kali.org/downloads/ Development/features: Kali Linux has over 600 preinstalled penetration-testing programs, including Armitage (a graphical cyber-attack management tool), Nmap (a port scanner), Wireshark (a packet analyser), John the Ripper password cracker, Aircrack-ng (a software suite for penetration- testing wireless LANs), Burp suite and OWASP ZAP web application security scanners. Kali-Linux can run natively when installed on a computer's hard disk, can be booted from a live. CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.
Top Kali Linux Tools for Hacking and Penetration Testing Kali Linux There are several types of tools that comes pre-installed. If you do not find a tool installed, simply download it and set it up. It’s easy.
1. Nmap
3. WPScan: WordPress is one of the best open source CMS and this would be the best free WordPress security auditing tool. It’s free but not open source. If you want to know whether a WordPress blog is vulnerable in some way, WPScan is your friend. In addition, it also gives you details of the plugins active. Of course, a well-secured blog may not give you a lot of details, but it is still the best tool for WordPress security scans to find potential vulnerabilities.
4. Aircrack-ng: Aircrack-ng is a collection of tools to assess WiFi network security. It isn’t just limited to monitor and get insights – but it also includes the ability to compromise a network (WEP, WPA 1, and WPA 2). If you forgot the password of your own WiFi network – you can try using this to regain access. It also includes a variety of wireless attacks with which you can target/monitor a WiFi network to enhance its security.
6. Wireshark: Wireshark is the most popular network analyzer that comes baked in with Kali Linux. It can be categorized as one of the best Kali Linux tools for network sniffing as well. It is being actively maintained, so I would definitely recommend trying this out. And it’s really easy to install Wireshark on Linux.
7. Metasploit Framework: Metsploit Framework is the most used penetration testing framework. It offers two editions – one (open source) and the second is the pro version to it. With this tool, you can verify vulnerabilities, test known exploits, and perform a complete security assessment. Of course, the free version won’t have all the features, so if you are into serious stuff, you should compare the editions here.
9. Maltego: Maltego is an impressive data mining tool to analyze information online and connect the dots (if any). As per the information, it creates a directed graph to help analyze the link between those pieces of data. Do note, that this isn’t an open source tool. It comes pre-installed, however, you will have to sign up in order to select which edition you want to use. If you want for personal use, the community edition will suffice (you just need to register for an account) but if you want to utilize for commercial purpose, you need the subscription to the classic or XL version.
10. Nessus: Nessus If you have a computer connected to a network, Nessus can help find vulnerabilities that a potential attacker may take advantage of. Of course, if you are an administrator for multiple computers connected to a network, you can make use of it and secure those computers. However, this is not a free tool anymore, you can try it free for 7 days on from its official website.
12. BeEF: BeEF (Browser Exploitation Framework) is yet another impressive tool. It has been tailored for penetration testers to assess the security of a web browser. This is one of the best Kali Linux tools because a lot of users do want to know and fix the client-side problems when talking about web security. 13. Apktool: Apktool is indeed one of the popular tools found on Kali Linux for reverse engineering Android apps. Of course, you should make good use of it – for educational purposes. With this tool, you can experiment some stuff yourself and let the original developer know about your idea as well. What do you think you’ll be using it for?
14. sqlmap: If you were looking for an open source penetration testing tool – sqlmap is one of the best. It automates the process of exploiting SQL injection flaws and helps you take over database servers.
17. Autopsy Forensic Browser: Autopsy is a digital forensic tool to investigate what happened on your computer. Well, you can also use it to recover images from SD card. It is also being used by law enforcement officials. You can read the documentation to explore what you can do with it. 8. King Phisher: King Phisher Phishing attacks are very common nowadays. And, King Phisher tool helps test, and promote user awareness by simulating real-world phishing attacks. For obvious reasons, you will need permission to simulate it on a server content of an organization.
19. Nikto: Nikto Nikto is a powerful web server scanner – that makes it one of the best Kali Linux tools available. It checks in against potentially dangerous files/programs, outdated versions of server, and many more things.
21. Social Engineering Toolkit (SET): If you are into pretty serious penetration testing stuff, this should be one of the best tools you should check out. Social engineering is a big deal and with SET tool, you can help protect against such attacks. Conclusion: Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Inbuild kali linux tools are learned and understood with the help of commands.
