A Comprehensive Guide to Kali Linux: Essentials and Beyond
I think Linux is a great thing, in the big picture. It’s a great hacker’s tool, and it has a lot of potential to become something more. ~ Jamie Zawinski (jwz)
WHAT IS KALI LINUX?
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools that are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics, and Reverse Engineering. Kali Linux is developed, funded, and maintained by Offensive Security, a leading information security training company.
Mati Aharoni and Deavon Kearns are the core developers of Kali Linux. Previously known by the name of Backtrack, they advertised Kali as a more polished successor with more testing-centric tools, unlike Backtrack which had multiple tools that would serve the same purpose, in turn, making it jampacked with unnecessary utilities. This makes ethical hacking and cybersecurity using Kali Linux a simplified task.
To download and install the latest release of Kali Linux 2020.4 follow the official guide here.
WHY YOU SHOULD USE KALI?
Kali Linux is specifically tailored to the needs of penetration testing professionals, and security specialists, and given its unique nature, it is NOT a recommended distribution if you’re unfamiliar with Linux or are looking for a general-purpose Linux desktop distribution for development, web design, gaming, etc.
However, if you’re a professional penetration tester or are studying penetration testing with the goal of becoming a certified professional, there’s no better toolkit, at any price, than Kali Linux because —
- Includes more than 600 Penetration Testing Tools
- Free to use (if your time has no value)
- Operates on Open-Source Development Model
- Gives freedom to customize completely
- Developed in a secure environment
- Custom kernel, patched for injection
- ARMEL and ARMHF support
- Diverse and vibrant community
POPULAR TOOLS OF KALI
For ease of understanding, I have divided the most-used/pre-installed tools of Kali Linux into distinct categories as and also explained their functionalities.
Information Gathering — These tools are used to collect and format the data in a form that could further be used.
- Nmap
Nmap is the world’s most famous network mapper tool. It allows you to discover active hosts within any network, and acquire other information (such as open ports) relevant to penetration testing. It has gained immense popularity in the hacking community due to its ease of use and powerful searching & scanning abilities.
2. Netcat
Netcat is a network exploration application that is not only popular among those in the security industry, but also in the network and system administration fields. While it’s primarily used for outbound/inbound network checking and port exploration, it’s also valuable when used in conjunction with programming languages like Perl or C, or with bash scripts.
3. Maltego
Maltego is an impressive data mining tool to analyze information online and connect the dots. As per the information, it creates a directed graph to help analyze the link between those pieces of data. This will save you time and will allow you to work more accurately and smarter. Maltego provides you with a much more powerful search, giving you smarter results. If access to “hidden” information determines your success, this tool can help you discover it.
Vulnerability Analysis— These tools are used to check a system or machine for any kind of flow and vulnerability available in them, which could lead to any security breach and data loss.
4. BED
BED stands for Bruteforce Exploit Detector. BED is a program that is designed to check daemons for potential buffer overflows, format string bugs et. al. This tool simply sends the commands to the server and checks whether it is still alive afterward. Of course, this will not detect all bugs of the specified daemon but it will (at least it should) help you to check your software for common vulnerabilities.
5. Powerfuzzer
Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective, and working. Currently, it is capable of identifying these problems: Cross-Site Scripting (XSS), Injections (SQL, LDAP, code, commands, and XPATH), CRLF, and HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)
Web Application Analysis— These tools identify and access websites through the browser to check any bug or loophole present, which could lead any information or data to lose.
6. Burp Suite
Burp Suite is one of the most popular web application security testing software. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Kali Linux comes with burp suite community edition which is free but there is a paid edition of this tool known as burp suite professional which has a lot many functions as compared to burp suite community edition.
7. OWASP ZAP
OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
8. WPScan
WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. By using WPScan you can check if your WordPress setup is vulnerable to certain types of attacks, or if it’s exposing too much information in your core, plugin, or theme files. This WordPress security tool also lets you find any weak passwords for all registered users, and even run a brute force attack against it to see which ones can be cracked.
9. Skipfish
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Database Assessment — These tools are made to access the database and analyze it for different attacks and security issues
10. sqlmap
sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
11. BBQSQL
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
Password Attacks — These tools can be used to check the wordlist or password list on any login credentials through different services and protocols.
12. John the Ripper
John the Ripper is one of the most popular password crackers of all time. It’s also one of the best security tools available to test password strength in your operating system, or for auditing one remotely. This password cracker is able to auto-detect the type of encryption used in almost any password and will change its password test algorithm accordingly, making it one of the most intelligent password cracking tool ever.
13. THC-Hydra
Hydra is a parallelized login cracker that supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. If you are looking for an interesting tool to crack login/password pairs, Hydra will be one of the best Kali Linux tools that come pre-installed.
14. Crunch
Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Crunch can generate wordlists in both combination and permutation ways, it can also break up output by the number of lines or file size resume support.
Wireless Attacks— These tools are wireless security crackers, like breaking wifi routers, working and manipulating access points.
15. Aircrack-ng
Aircrack-ng is a wireless security software suite. It consists of a network packet analyzer, a WEP network cracker, and WPA / WPA2-PSK along with another set of wireless auditing tools. It helps in capturing the package and reading the hashes out of them and even cracking those hashes by various attacks like dictionary attacks.
16. Fern Wifi Cracker
Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network-based attacks on wireless or ethernet based networks.
17. Kismet
Kismet Wireless is a multi-platform free Wireless LAN analyzer, sniffer, and IDS (intrusion detection system). It’s compatible with almost any kind of wireless card. Using it in sniffing mode allows you to work with wireless networks such as 802.11a, 802.11b, 802.11g, and 802.11n. It can use other programs to play audio alarms for network events, read out network summaries, or provide GPS coordinates.
Reverse Engineering — These tools can be used to break down the layers of the applications or software to reach the source code of the application, understand its working and manipulate according to needs.
18. Apktool
Apktool is indeed one of the popular tools found on Kali Linux for reverse engineering Android apps. It can decode resources to the nearly original form and rebuild them after making some modifications; it makes it possible to debug smali code step by step. Also, it makes working with the app easier because of the project-like file structure and automation of some repetitive tasks like building apk, etc.
19. OllyDbg
OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where the source is unavailable. It traces registers, recognizes procedures, API calls, switches, tables, constants, and strings, as well as locates routines from object files and libraries. It has a user-friendly interface, and its functionality can be extended by third-party plugins.
Exploitation Tools — These tools are used to exploit different systems like personal computers and mobile phones. They can generate payloads for the vulnerable system and through those payloads information from the devices can be exploited.
20. Metasploit Framework
Metasploit is a Ruby-based platform used to develop, test, and execute exploits against remote hosts. It includes a full collection of security tools used for penetration testing, along with a powerful terminal-based console — called msfconsole — which allows you to find targets, launch scans, exploit security flaws and collect all available data. It also allows you to replicate websites for phishing and other social engineering purposes. Metasploit is a CLI tool but it even has a GUI package called Armitage, which makes the use of Metasploit more convenient and feasible.
21. SearchSploit
SearchSploit is a command-line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.
22. BeEF
BeEF stands for Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows a professional penetration tester to assess the actual security posture of a target environment using client-side attack vectors.
Sniffing and Spoofing— These tools are used to secretly access/wiretap any unauthorized data over network or to hide real identity and create fake one to be used for any illegal or unauthorized work.
23. Wireshark
Wireshark is free open-source software that allows you to analyze network traffic in real-time. Thanks to its sniffing technology, Wireshark is widely known for its ability to detect security problems in any network, as well as for its effectiveness in solving general networking problems. While sniffing the network, you’re able to intercept and read results in human-readable format, which makes it easier to identify potential problems (such as low latency), threats, and vulnerabilities.
24. Bettercap
Bettercap is the Swiss army knife for network attacks and monitoring. It is a network security tool for network capture, analysis, and MITM attacks. The most straightforward use of Bettercap is to use the scanning and recon modules to identify nearby targets to direct attacks at, then attempt to identify networks with weak passwords after capturing the necessary information.
Post Exploitation— These tools use back doors to get back to the vulnerable system i.e. to maintain access to the machine.
25. Powersploit
PowerSploit is an open-source, offensive security framework comprised of PowerShell modules and scripts that perform a wide range of tasks related to penetration testing such as code execution, persistence, bypassing anti-virus, recon, and exfiltration.
26. Weevely
Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application post-exploitation and can be used as a stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
27. HTTPTunnel
HTTPTunnel is a tunneling software that can tunnel network connections through restrictive HTTP proxies over pure HTTP “GET” and “POST” requests. HTTPTunnel creates a bidirectional virtual data stream tunneled in HTTP requests. The requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls.
Forensics — These tools are used by forensic specialist to recover information from any system or storage devices.
28. Autopsy
Autopsy is all in one forensic utility for fast data recovery and hash filtering. This tool carves deleted files and media from unallocated space using PhotoRec. It can also extract EXIF extension multimedia. Autopsy scans for compromise indicator using STIX library. It is available in the command line as well as GUI interface.
29. Binwalk
Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. It also includes a custom magic signature file which contains improved signatures for files found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.
30. bulk_extractor
bulk_extractor is a program that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations, identity investigations and cyber investigations, as well as analyzing imagery and pass-word cracking.
31. pdf-parser
pdf-parser is one of the most important forensic tools for pdf files. pdf-parser parses a pdf document and distinguishes the important elements utilized during its analysis, and this tool does not render that pdf document.
Reporting Tools — These tools develop statistics and information to help in analysing and reporting in an organised and authenticated way after all the assessment and vulnerability testing is done.
32. Dradis
Dradis is an open-source framework to enable effective information sharing, especially during security assessments. Dradis is a self-contained web application that provides a centralized repository of information to keep track of what has been done so far, and what is still ahead. Easy report generation,
support for attachments, integration with existing systems and tools through server plugins are some of its salient features.
33. MagicTree
MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution, and (yeah!) report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it is designed to magically do the most cumbersome and boring part of penetration testing — data management and reporting.
34. Metagoofil
Metagoofil is an information-gathering tool designed for extracting metadata of public documents (pdf,doc, xls, ppt, docx, pptx, xlsx) belonging to a target company. Metagoofil will perform a search in Google to identify and download the documents to the local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results, it generates a report with usernames, software versions, and servers or machine names that will be helpful to Penetration testers.
Social Engineering — These tools generate similar services that people use in daily life and extract personal information using those fake services. These tools use and manipulate human behavior for information gathering.
35. SET
Social Engineering Toolkit (known as SET) is an open-source Python-based penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time.
36. U3-Pwn
U3-Pwn is a tool designed to automate injecting executables to Sandisk smart USB devices with default U3 software install. This is performed by removing the original iso file from the device and creating a new iso with autorun features.
37. Wifiphisher
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with malware. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not require any brute forcing. After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.
LEARNING KALI LINUX
To put it simply, the best way to learn something is to experience it. With that said, use Kali daily. Start with setting up a Kali Linux Virtual Machine, next learn the tools and all the functionalities they have to offer and practice as much as you can. Set up a vulnerable VM to further practice by using it as a target or attempt to hack into sites which you are authorized to attack, there, fortunately, are several sites online that are set up for exactly this purpose. There are numerous tutorials, walkthroughs, and documentation available on the internet, make good use of these resources and you’ll master Kali in no time.
Want to get started with Kali Linux, but not sure how? Check out the official guide by Offensive Security — Kali Linux Revealed Book, alternatively you may check out some online paid courses on Udemy, or learn from plenty of free tutorial videos like this one on YouTube.
CONCLUSION
Keep in mind that Kali Linux, while not overly complicated, isn’t exactly for beginners, so take your time as you work through the tools. If you’re new to the world of Linux, consider starting with another Linux system like Ubuntu to get a taste of what you would be getting into. Remember that all of the tools that you need are free. From free virtual machine hypervisors to cybersecurity tools and Kali Linux itself, learning it is mostly an investment of your time and effort.
Phew! That was one really lengthy article. Hope you got to learn beyond the essentials of one of the best ethical hacking and penetration testing suites in the world, and now have a better understanding overall of the plethora of cybersecurity tools offered by Kali Linux.
Support me https://www.buymeacoffee.com/djrobin17
REFERENCES
Hey! If you happened to scroll till here to check how long this article was, I just want to tell you that you are awesome :D
