O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learning Kali Linux

Book Description

With more than 600 security tools in its arsenal, the Kali Linux distribution can be overwhelming. Experienced and aspiring security professionals alike may find it challenging to select the most appropriate tool for conducting a given test. This practical book covers Kali’s expansive security capabilities and helps you identify the tools you need to conduct a wide range of security tests and penetration tests. You’ll also explore the vulnerabilities that make those tests necessary.

Author Ric Messier takes you through the foundations of Kali Linux and explains methods for conducting tests on networks, web applications, wireless security, password vulnerability, and more. You’ll discover different techniques for extending Kali tools and creating your own toolset.

  • Learn tools for stress testing network stacks and applications
  • Perform network reconnaissance to determine what’s available to attackers
  • Execute penetration tests using automated exploit tools such as Metasploit
  • Use cracking tools to see if passwords meet complexity requirements
  • Test wireless capabilities by injecting frames and cracking passwords
  • Assess web application vulnerabilities with automated or proxy-based tools
  • Create advanced attack techniques by extending Kali tools or developing your own
  • Use Kali Linux to generate reports once testing is complete


Table of Contents

  1. Preface
    1. What This Book Covers
    2. Who This Book Is For
    3. The Value and Importance of Ethics
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Safari
    7. How to Contact Us
    8. Acknowledgments
  2. 1. Foundations of Kali Linux
    1. Heritage of Linux
    2. About Linux
    3. Acquiring and Installing Kali Linux
    4. Desktops
      1. GNOME Desktop
      2. Logging In Through the Desktop Manager
      3. Xfce Desktop
      4. Cinnamon and MATE
    5. Using the Command Line
      1. File and Directory Management
      2. Process Management
      3. Other Utilities
    6. User Management
    7. Service Management
    8. Package Management
    9. Log Management
    10. Summary
    11. Useful Resources
  3. 2. Network Security Testing Basics
    1. Security Testing
    2. Network Security Testing
      1. Monitoring
      2. Layers
      3. Stress Testing
      4. Denial-of-Service Tools
    3. Encryption Testing
    4. Packet Captures
      1. Using tcpdump
      2. Berkeley Packet Filters
      3. Wireshark
    5. Poisoning Attacks
      1. ARP Spoofing
      2. DNS Spoofing
    6. Summary
    7. Useful Resources
  4. 3. Reconnaissance
    1. What Is Reconnaissance?
    2. Open Source Intelligence
      1. Google Hacking
      2. Automating Information Grabbing
      3. Recon-NG
      4. Maltego
    3. DNS Reconnaissance and whois
      1. DNS Reconnaissance
      2. Regional Internet Registries
    4. Passive Reconnaissance
    5. Port Scanning
      1. TCP Scanning
      2. UDP Scanning
      3. Port Scanning with Nmap
      4. High-Speed Scanning
    6. Service Scanning
      1. Manual Interaction
    7. Summary
    8. Useful Resources
  5. 4. Looking for Vulnerabilities
    1. Understanding Vulnerabilities
    2. Vulnerability Types
      1. Buffer Overflow
      2. Race Condition
      3. Input Validation
      4. Access Control
    3. Local Vulnerabilities
      1. Using lynis for Local Checks
      2. OpenVAS Local Scanning
      3. Root Kits
    4. Remote Vulnerabilities
      1. Quick Start with OpenVAS
      2. Creating a Scan
      3. OpenVAS Reports
    5. Network Device Vulnerabilities
      1. Auditing Devices
      2. Database Vulnerabilities
    6. Identifying New Vulnerabilities
    7. Summary
    8. Useful Resources
  6. 5. Automated Exploits
    1. What Is an Exploit?
    2. Cisco Attacks
      1. Management Protocols
      2. Other Devices
    3. Exploit Database
    4. Metasploit
      1. Starting with Metasploit
      2. Working with Metasploit Modules
      3. Importing Data
      4. Exploiting Systems
    5. Armitage
    6. Social Engineering
    7. Summary
    8. Useful Resources
  7. 6. Owning Metasploit
    1. Scanning for Targets
      1. Port Scanning
      2. SMB Scanning
      3. Vulnerability Scans
    2. Exploiting Your Target
    3. Using Meterpreter
      1. Meterpreter Basics
      2. User Information
      3. Process Manipulation
    4. Privilege Escalation
    5. Pivoting to Other Networks
    6. Maintaining Access
    7. Summary
    8. Useful Resources
  8. 7. Wireless Security Testing
    1. The Scope of Wireless
      1. 802.11
      2. Bluetooth
      3. Zigbee
    2. WiFi Attacks and Testing Tools
      1. 802.11 Terminology and Functioning
      2. Identifying Networks
      3. WPS Attacks
      4. Automating Multiple Tests
      5. Injection Attacks
    3. Password Cracking on WiFi
      1. besside-ng
      2. coWPAtty
      3. Aircrack-ng
      4. Fern
    4. Going Rogue
      1. Hosting an Access Point
      2. Phishing Users
      3. Wireless Honeypot
    5. Bluetooth Testing
      1. Scanning
      2. Service Identification
      3. Other Bluetooth Testing
    6. Zigbee Testing
    7. Summary
    8. Useful Resources
  9. 8. Web Application Testing
    1. Web Architecture
      1. Firewall
      2. Load Balancer
      3. Web Server
      4. Application Server
      5. Database Server
    2. Web-Based Attacks
      1. SQL Injection
      2. XML Entity Injection
      3. Command Injection
      4. Cross-Site Scripting
      5. Cross-Site Request Forgery
      6. Session Hijacking
    3. Using Proxies
      1. Burp Suite
      2. Zed Attack Proxy
      3. WebScarab
      4. Paros Proxy
      5. Proxystrike
    4. Automated Web Attacks
      1. Recon
      2. Vega
      3. nikto
      4. dirbuster and gobuster
      5. Java-Based Application Servers
    5. SQL-Based Attacks
    6. Assorted Tasks
    7. Summary
    8. Useful Resources
  10. 9. Cracking Passwords
    1. Password Storage
      1. Security Account Manager
      2. PAM and Crypt
    2. Acquiring Passwords
    3. Local Cracking
      1. John the Ripper
      2. Rainbow Tables
      3. HashCat
    4. Remote Cracking
      1. Hydra
      2. Patator
    5. Web-Based Cracking
    6. Summary
    7. Useful Resources
  11. 10. Advanced Techniques and Concepts
    1. Programming Basics
      1. Compiled Languages
      2. Interpreted Languages
      3. Intermediate Languages
      4. Compiling and Building
    2. Programming Errors
      1. Buffer Overflows
      2. Heap Overflows
      3. Return to libc
    3. Writing Nmap Modules
    4. Extending Metasploit
    5. Disassembling and Reverse Engineering
      1. Debugging
      2. Disassembling
      3. Tracing Programs
      4. Other File Types
    6. Maintaining Access and Cleanup
      1. Metasploit and Cleanup
      2. Maintaining Access
    7. Summary
    8. Useful Resources
  12. 11. Reporting
    1. Determining Threat Potential and Severity
    2. Writing Reports
      1. Audience
      2. Executive Summary
      3. Methodology
      4. Findings
    3. Taking Notes
      1. Text Editors
      2. GUI-Based Editors
      3. Notes
      4. Capturing Data
    4. Organizing Your Data
      1. Dradis Framework
      2. CaseFile
    5. Summary
    6. Useful Resources
  13. Index