An Unix-like Debian-derived operating system known as “Kali linux” basically designed for “digital forensics” and “penetration testing”. Developed by Mati Aharoni, Devon Kearns and Raphaël Hertzog, funded and maintained by Offensive Security Ltd. Kali Linux has over hundreds of penetration testing program apps.
This Linux can run on a computer device when installed on the hard disk, can be booted from a CD or a USB flash drive. Can also be used on virtual box. What makes Kali special is its hundreds of tools for penetration testing and hacking. Let us see about them in detail-
Top Kali Linux Tools For Ethical Hackers
There’s a reason why kali is used by a number of ethical hackers and network security folks, its the versatility of tools provided. From cracking a simple Wi-Fi network to get remote access over someone else’s device. Let’s talk about some of them –
Generally designed for 802.11 wireless LANs, Aircrack-ng is a network software suite and one of the most important constituent of Kali Linux. Consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tools.
It is compatible with any wireless network interface controller whose drivers support raw monitoring mode and can detect WLAN traffic of 802.11a, 802.11b and 802.11g. OpenWrt is the packaged version of it for linux and is also ported to Android, Zauraus PDA and Maemo Platforms. Aircrack-ng is just a bit of Aircrack Project.
This tool is developed on Java language and created by PortSwigger security. It is a graphical tool, basically used for web application security testing.
It can act as proxy platform, vulnerability scanner, intruder (can test and detect SQL Injections, Cross Site Scripting, parameter manipulation and vulnerabilities susceptible to brute-force attacks), spider, repeater, encoded decoder, extender, sequencer, etc. A variety of online penetration can be initiated by the “Burp Suite” on Kali.
Security vulnerabilities, aids in penetration testing, IDS signature development are some general expertise of Metasploit Project. Metasploit framework is just an open source sub-project, generally used for developing and executing exploit code against target machine.
H.D.Moore is the creator of Metasploit way back in 2003. There is a defined procedure to use this penetration testing tool, over a thousand different exploits for Windows, Mac and Unix are included. Choosing and configuring an exploit, followed by cross checking about the credibility of exploit on targets system.
Choosing and configuring the payload is the next step, backed by choosing of encoding technique so that our payload dodges the IPS ( Intrusion Prevention System ) and the last is executing the exploit. All of this making it an important bit of Kali Linux.
Just another open source on Kali Linux but does the function of a Packet- Analyzer. It is very similar to tcpdump but is equipped with variety of options with a graphical front-end too. Wireshark turns off promiscuous mode on users network interface controller, thus all the traffic is visible including the unicast traffic.
In case a system captures packets and sends the captured packets to the users computer using the TZSP protocol, Wireshark dissects those packets, so it can analyze packets captured on the system at the time that they are captured.
JOHN THE RIPPER
“John the ripper” originally developed by Solar designers and community is a password cracking software tool on Kali. It is a combination of many password cracking tools molded into one so it is highly efficient. Can run against various encrypted password formats including several crypt password hash type too.
It generally offers brute force which can take a lot of time in case different kind of characters, while it is also equipped with a dictionary attack. It is a versatile software which can pretty much crack any password if you have enough time to spend.
SOCIAL ENGINEERING TOOLKIT
It works on the principle of psychological manipulation of public into performing actions or divulging confidential information. It is a way in which a person can gain illegal data through manipulating the victims access to network bits. Social engineering, here, is generally psychological manipulation of human, thus, some techniques and terms, in general are used for defining different types of methods in this process, like – Six key principle (Reciprocity, Commitment and consistency, social proof, authority, liking, scarcity), Pretexting(Blagger), Diversion theft, Phishing, IVR, Water holing, Spear phishing, Vishing, etc.
N-Map stands for network mapping, is a security scanner in Kali Linux. As the name suggests, its used to building a map of network by discovering hosts and service on a system . Features like vulnerability detection and service detection are precious one’s. Bunch of main features are as follows –
- Host discovery
- Port scanning – Scanning of open ports to intrude
- Interaction using scripting engine
- Operating system detection
- Version Detection
- Network mapping
- Exploiting vulnerabilities
You can easily view all avaiable tools in kali with dpkg -l | less command on termainal
then it will show you all available tools in backtrack, you just Scroll down. It will show you all the available tools with description.
We are underprocess of covering ” penteration testing with kali linux” in detailed guide, just stay connected with us for new awesome tips and tracks.
Check https://rumyittips.com/backtrack/ for more Kali tutorials.