MODUL

BEGINNING WITH KALI

Prepared by
Syahmuddin Alfaritsi
CONTENTS

 A brief history of Kali

 The penetration testing tools categorized
 10 security tools
 Information gathering

02
A Brief History of Kali

03
A brief history of Kali

A brief history of Kali Linux Kali Linux (Kali) is a Linux

distribution system that was developed with a focus on the
penetration testing task. Previously, Kali Linux was known as
BackTrack, which itself is a merger between three different live
Linux penetration testing distributions: IWHAX, WHOPPIX, and
Auditor.

BackTrack is one of the most famous Linux distribution

systems, as can be proven by the number of downloads that
reached more than four million as of BackTrack Linux 4.0 pre
final. Kali Linux Version 1.0 was released on March 12, 2013.
Five days later, Version 1.0.1 was released, which fixed the USB
keyboard issue. In those five days, Kali has been downloaded
more than 90,000 times.

4
A brief history of Kali

The following are the major features of Kali Linux

(http://docs.kali.org/ introduction/what-is-kali-linux):

• It is based on the Debian Linux distribution

• It has more than 300 penetration testing applications
• It has vast wireless card support
• It has a custom kernel patched for packet injection
• All Kali software packages are GPG signed by each developer
• Users can customize Kali Linux to suit their needs
• It supports ARM-based systems

4
The Penetration Tools
Categorized

03
The Penetration Tools Categorized

Kali Linux tool categories Kali Linux contains a number of tools

that can be used during the penetration testing process. The
penetration testing tools included in Kali Linux can be
categorized into the following categories:

• Information gathering:
This category contains several tools that can be used to gather
information about DNS, IDS/IPS, network scanning, operating
systems, routing, SSL, SMB, VPN, voice over IP, SNMP, e-mail
addresses, and VPN.

4
The Penetration Tools Categorized

• Vulnerability assessment:
In this category, you can find tools to scan vulnerabilities in
general. It also contains tools to assess the Cisco network, and
tools to assess vulnerability in several database servers. This
category also includes several fuzzing tools.

• Web applications:
This category contains tools related to web applications such
as the content management system scanner, database
exploitation, web application fuzzers, web application proxies,
web crawlers, and web vulnerability scanners.

4
The Penetration Tools Categorized

• Password attacks:
In this category, you will find several tools that can be used to
perform password attacks, online or offline.

• Exploitation tools:
This category contains tools that can be used to exploit the
vulnerabilities found in the target environment. You can find
exploitation tools for the network, Web, and database. There
are also tools to perform social engineering attacks and find
out about the exploit information.

4
The Penetration Tools Categorized

• Sniffing and spoofing:

Tools in this category can be used to sniff the network and web
traffic. This category also includes network spoofing tools such
as Ettercap and Yersinia.

• Maintaining access:
Tools in this category will be able to help you maintain access
to the target machine. You might need to get the highest
privilege level in the machine before you can install tools in
this category. Here, you can find tools for backdooring the
operating system and web application. You can also find tools
for tunneling.

4
The Penetration Tools Categorized

• Reporting tools:
In this category, you will find tools that help you document the
penetration-testing process and results.

• System services:
This category contains several services that can be useful
during the penetration testing task, such as the Apache
service, MySQL service, SSH service, and Metasploit service.

4
10 Security Tools and
Others

03
10 Security Tools and Others

To ease the life of a penetration tester, Kali Linux has provided

us with a category called Top 10 Security Tools. Based on its
name, these are the top 10 security tools commonly used by
penetration testers.

The tools included in this category are :

 aircrack-ng
 burp-suite
 Hydra
 John
 Maltego

4
10 Security Tools and Others

 Metasploit
 Nmap
 Sqlmap
 Wireshark
 zaproxy.

Besides containing tools that can be used for the penetration

testing task, Kali Linux also comes with several tools that you
can use for the following:

• Wireless attacks:
This category includes tools to attack Bluetooth, RFID/ NFC,
and wireless devices.

4
10 Security Tools and Others

• Reverse engineering:
This category contains tools that can be used to debug a
program or disassemble an executable file.

• Stress testing:
This category contains tools that can be used to help you in
stress testing your network, wireless, Web, and VOIP
environment.

• Hardware hacking:
Tools in this category can be used if you want to work with
Android and Arduino applications.

4
10 Security Tools and Others

• Forensics:
In this category, you will find several tools that can be used for
digital forensics, such as acquiring a hard disk image, carving
files, and analyzing the hard disk image. To use the forensics
capabilities in Kali Linux properly, you need to navigate to Kali
Linux Forensics | No Drives or Swap Mount in the booting
menu. With this option, Kali Linux will not mount the drives
automatically, so it will preserve the drives' integrity.

4
Information Gathering

03
Information Gathering

In this chapter, we will discuss the information gathering phase

of penetration testing. We will describe the definition and
purpose of information gathering. We will also describe several
tools in Kali Linux that can be used for information gathering.
After reading this chapter, we hope that the reader will have a
better understanding of the information gathering phase and
will be able to do information gathering during penetration
testing.

4
Information Gathering

Remember that no method is better in comparison to the

other; each has its own advantage. In passive scanning, you
gather less information but your action will be stealthy; while,
in active scanning, you get more information but some devices
may catch your action. During a penetration testing project,
this phase may be done several times for the completeness of
information collected. You may also discuss with your pen-
testing customer, which method they want.

4
Information Gathering

Information Gathering
For this chapter, we will utilize the passive and active methods
of information gathering to get a better picture of the target.
We will discuss the following topics in this chapter:

• Public websites that can be used to collect information about

the
target domain
• Domain registration information
• DNS analysis
• Route information
• Search engine utilization

4
Information Gathering

Using public resources

On the Internet, there are several public resources that can
be used to collect information regarding a target domain.
The benefit of using these resources is that your network
traffic is not sent to the target domain directly, so our
activities are not recorded in the target domain logfiles.

The following are the resources that can be used:

No. Resource URL Description

1. http://www.archive.org This contains an archive

of websites.
2. http://www.domaintools.com/ This contains domain
name intelligence.

4
Information Gathering

No. Resource URL Description

3. http://www.alexa.com/ This contains the

database of information
about websites.
4. http://serversniff.net/ This is the free "Swiss
Army Knife" for
networking, server checks,
and routing.
5. http://centralops.net/ This contains free online
network utilities
as domain, e-mail,
browser,ping, traceroute,
and Whois.

4
Information Gathering

No. Resource URL Description

6. http://www.robtex.com This allows you to search

for domain and
network information.
7. http://www.pipl.com/ This allows you to search
for people on the
Internet by their first and
last names, city,
state, and country.
8. http://yoname.com This allows you to search
for people across
social networking sites and
blogs.

4
Information Gathering

No. Resource URL Description

9. http://wink.com/ This is a free search engine

that allows you
to find people by their name,
phone number, e-mail,
website, photo, and so on.
10. http://www.isearch.com/ This is a free search engine
that allows you
to find people by their name,
phone number, and e-mail
address.

4
Information Gathering

No. Resource URL Description

11. http://www.tineye.com TinEye is a reverse image

search engine. We
can use TinEye to find out
where the image came from,
how it is being used, whether
modified versions of the
image exist, or to find higher
resolution versions.
12. http://www.sec.gov/edgar. shtml This can be used to
search for Information
regarding public listed
companies in the Securities
and Exchange Commission.

4
Information Gathering

URL Description

Due to the ease of use, you only need an Internet connection and a
web browser, we suggest that you utilize these public resources first
before using the tools provided with Kali Linux.

If you want to know how The Kali Linux , please read manual book of
Kali Linux and practice wisely

4
Have A Nice Day with Kali Linux

03