Overview of Tools in Kali Linx - KVNuhman/cybersecurity-tools GitHub Wiki

I. Information Gathering Tools

1. NMAP

High level summary

Nmap is a popular open-source tool used for network exploration, management, and security auditing. It is designed to scan IP addresses and ports in a network and detect installed applications 1. Nmap can help network administrators find which devices are running on their network, discover open ports and services, and detect vulnerabilities . It is also used by penetration testers to map an entire network and find its open ports and services.

Recommendation

  • Network impact: Nmap scanning can generate significant network traffic, especially during intensive scans. Be mindful of the impact on network performance and availability.
  • Targeted scanning: Avoid indiscriminate scanning of networks. Customize scans based on specific requirements, such as scanning specific ports or targeting a subset of hosts.
  • Data protection: When scanning networks, be cautious not to expose sensitive information. Ensure that the data collected is protected and used only for its intended purpose.

Methodologies

It's a free tool available in Kali Linux.

nmap 192.168.1.0/24 : This enables us to scan all the host in the network and see which are the ones up and running.

image

nmap -sn 192.168.1.100: Used to perform a ping scan (also known as a "ping sweep") on the specified IP address range.

image

nmap -sV 192.168.1.100 : This flag is used to probe open ports and determine the service/version information

image

sudo nmap -O 192.168.1.100 : It used to perform OS fingerprinting on the specified IP address.

image

2. Netcat

High-Level Summary

Netcat functions as a back-end tool that allows for port scanning and port listening. In addition, you can actually transfer files directly through Netcat or use it as a backdoor into other networked systems

Recommendations

  • Get Permission : Always get permission before using Netcat on any system or network.
  • Use Encryption : Prefer secure protocols like SSH to keep communications encrypted.
  • Mind Firewalls : Respect firewall rules on both client and server sides to avoid security alerts.
  • Document Activities : Document why and how you're using Netcat, and be aware that activities may be logged.
  • Be Careful with Daemons : Avoid running Netcat as a daemon unless necessary, as it can pose security risks.
  • Secure File Transfers : Verify sources and destinations when using Netcat for file transfers.
  • Limit Listening : Limit Netcat listening to specific IPs or networks instead of all interfaces.
  • Keep Software Updated : Keep Netcat updated to fix bugs and address security issues.
  • Know Network Ownership : Understand who owns the network and ensure you have the right to test it.
  • Educate Team : Educate your team about Netcat's proper usage and potential risks.
  • Consider Alternatives : For specific tasks, consider using more secure alternatives like SSH.

Methodologies

Netcat methodologies include port scanning, listening on ports, file transfer, chat, remote shell, banner grabbing, and custom scripting for targeted tests

image

3. Dmitry

High-Level Summary

Dmitry is a tool that quickly gathers basic information about a website or domain, like who owns it, what servers it uses, and related details, helping security professionals in early stages of investigation.

Recommendations

Information Gathering Tool through which we can get all basic required information of it

Methodologies

In Kali Linux only it is pre defined tool which can be used for Information Gathering Scope of this Tool is to scan possible subdomains, email addresses, tcp port scan of a host, lookup on the IP address of a host.

dmirty -i google.com : Dmitry will perform various queries and lookups to collect information about the domain "google.com." The gathered information may include WHOIS data, DNS details, network-related information, and more.

image

dmitry -s google.com : Dmitry will conduct a more extensive analysis, which may include additional domain-related details such as subdomains, network infrastructure, and other relevant information. This goes beyond the basic WHOIS lookup and provides a more in-depth view of the target domain

image

dmitry -e amrita.edu : Performs a search for possible email addresses.

image

II. Vulnerability Analysis Tools

1. Legion

High-Level Summary

Legion tool is a super-extensible and semi-automated network penetration testing framework. GUI with panels and a long list of options that allow pentesters to quickly find and exploit attack vectors on hosts. It has the feature of real-time auto-saving of project results and tasks. Legion also provides services like Automatic recon and scanning with NMAP, whataweb, sslyzer, Vulners, webslayer, SMBenum, dirbuster, nikto, Hydra, and almost 100 auto-scheduled scripts are added to it. Modular functionality of Legion Tool allows users to easily customize Legion.

Recommendation

Automatic detection of CVEs (Common Vulnerabilities and Exposures and CPEs (Common Platform Enumeration).

Methodologies

Its free utility tool available in Kali Linux which is GUI Based and also we can customize it.

image

Ip address or url can be used to check for vulnerabilities

image

Several tools will be used for information gathering and find out the CVEs(Common Vulnerability and exposure of the url or ip address)

A picture captured by the screenshot tool image

2. Nikto

High-Level Summary

Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items. You can use Nikto with any web servers like Apache, Nginx, IHS, OHS, Litespeed, and so on. Nikto can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Items and plugins scanned by Nikto are frequently updated and can be automatically updated.

Recommendation

This Tool is majorly used in port scanning and security auditing.

Methodologies

Nikto employs methodologies such as server identification, directory enumeration, SSL/TLS assessment, CGI vulnerability scanning, and authentication checks to comprehensively analyze web servers, detecting outdated software, known vulnerabilities, and potential security risks for effective security assessments.

nikto -h amrita.edu : Nikto performs a web server scan on the domain "amrita.edu," conducting various tests to identify potential vulnerabilities, outdated software, misconfigurations, and security risks associated with the web server hosted at that domain. The scan results provide valuable information to assess and improve the security posture of the web server.

image

nikto -h google.com -p 80 : Nikto performs a web server scan on "google.com" specifically targeting port 80. Nikto will analyze the web server on port 80 for potential vulnerabilities, misconfigurations, and security risks, providing a detailed report of its findings.

image

2. Lynis

High-Level Summary

Lynis is a security auditing tool for Linux systems, including Kali Linux, that scans for vulnerabilities, provides compliance checks, and offers recommendations for system hardening through detailed reports.

Recommendations

Regularly run Lynis, address identified vulnerabilities and implement recommended hardening measures to ensure ongoing security compliance on your Linux system.

Methodologies

Lynis utilizes a combination of methodologies for security auditing, including vulnerability scanning, compliance checks based on industry standards, and the evaluation of system configurations to provide actionable recommendations for system hardening.

lynis audit system -Q : The lynis audit system -Q command is used to perform a quick system audit with Lynis, focusing on essential checks. The -Q option stands for "Quick Audit," and it is designed to provide a faster overview of the system's security status with less detailed output compared to a full audit.

image

image

III. Web Application Analysis Tools in kali Linux

1. Burp Suite

High-Level Summary

Burp Suite is a cybersecurity tool designed for web application security testing. It is help in finds bugs in the websites and is gui based tool. There are 3 additions of burp suite

  • Burp suite community (Free)
  • Burp suite professional
  • Burp suite Enterprise

Recommendation

It is used to perform security testing in web application and also finding exploits in that surface.

Methodology

It contain many features some them are

  • Proxy: Burp Suite acts as a proxy server between the user's browser and the target web application. It allows the user to intercept and modify the communication between the two, enabling the analysis and manipulation of HTTP requests and responses.
  • Intruder: Burp Intruder is a powerful tool for performing automated attacks against web applications. It can be used to test the susceptibility of an application to different types of attacks, such as brute force and parameter tampering.

Burp suite is set up so that we are able to intercept the requests and manipulate them accordingly.

image

2. Wpscan

High-Level Summary

WordPress is known to have many flaws and vulnerabilities. WPScan will scan the WordPress website for its version, plugins, users and also has an in-built password cracker.

Recommendations

This Tool is majorly used in port scanning and security auditing.

Methodology

Its free utility tool available in kali Linux.

3. WhatWeb

High-Level Summary

WhatWeb identifies websites. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices..

Recommendations

WhatWeb is recommended for use in situations where there's a need for quick and automated identification of web technologies and frameworks utilized by a given website.

Methodology

This tool can identify and recognize all the web technologies available on the target website. This tool can identify technologies used by websites such as blogging, content management system, all JavaScript libraries.

IV. Database assessment Tools in kali Linux

1.Sql Map

High-Level Summary

Sqlmap is a python based tool; therefore it should operate on any system that supports Python. The purpose of sqlmap is to find and take benefit of SQL injection vulnerabilities in web applications.

Recommendations

It includes a robust detection engine, numerous specialist features for the ultimate penetration tester, and a wide range of switches that span database fingerprinting, data retrieval from databases, access to the underlying file system, and executing commands on the operating system via out-of-band connections.

Methodologies

When it detects one or more SQL injections on the target host, the user can choose from a number of options, including performing an extensive back-end database management system fingerprint, retrieving DBMS session user and database, enumerating users, password hashes, privileges, databases, dumping entire or user-specific DBMS table/columns, running his own SQL statement, reading particular files on the file system and more.

image

V. Password Attack Tools in Kali Linux

1. Medussa

High-Level Summary

Medusa is a modular, speedy, and parallel, login brute-forcer. It is a very powerful and lightweight tool. Medusa tool is used to brute-force credentials in as many protocols as possible which eventually lead to remote code execution. It currently has over 21 modules, some of which are: PcAnywhere, POP3, CVS, FTP etc.

Recommendations

N.A.

Methodologies

It works on brute force method

image

2. Crunch

High-Level Summary

In order to hack a password, we have to try a lot of passwords to get the right one. When an attacker uses thousands or millions of words or character combinations to crack a password there is no surety that any one of those millions of combinations will work or not

Recommendations

This collection of a different combination of characters is called a wordlist. And in order to crack a password or a hash, we need to have a good wordlist which could break the password. So to do so we have a tool in Kali Linux called crunch.

Methodologies

crunch is a wordlist generating tool that comes pre-installed with Kali Linux. It is used to generate custom keywords based on wordlists. It generates a wordlist with permutation and combination. We could use some specific patterns and symbols to generate a wordlist. image

3. Hash Finder

High-Level Summary

As the name is it used to identify the type of hashes that is given as input further based on the hash information we can crack hash using any other tools.

Recommendations

This collection of a different combination of characters is called a wordlist. And in order to crack a password or a hash, we need to have a good wordlist which could break the password. So to do so we have a tool in Kali Linux called crunch.

Methodologies

It simply suggests type of hash whether its of MD5 or hash image

VI. Wireless attacks Tools in Kali Linux

1. Wifite

High-Level Summary

Wifite is a tool to audit WEP or WPA encrypted wireless networks. It uses aircrack-ng, pyrit, reaver, tshark tools to perform the audit.

Recommendations

This collection of a different combination of characters is called a wordlist. And in order to crack a password or a hash, we need to have a good wordlist which could break the password. So to do so we have a tool in Kali Linux called crunch.

Methodologies

When cracking the passwords for multiple networks it sorts them based on their signal strength. Packed with a lot of customizing options to improve the effectiveness of the attack. Changes mac address while attacking to make the

image

2. Revear

High-Level Summary

Reaver is a package that is a handy and effective tool to implement a brute force attack against Wifi Protected Setup (WPS) registrar PINs to recover WPA/WPA2 passphrases. It is depicted to be a robust and practical attack against WPS, and it has been tested against a wide variety of access points and WPS implementations. In today’s time hacking WPA/WPA2 is exceptionally a tedious job.

Recommendations

Normal Dictionary attack could take days, and still will not succeed. On average Reaver will take 4-10 hours to recover the target AP’s plain text WPA/WPA2 passphrase, depending on the AP. Generally, it takes around half of this time to guess the correct WPS pin and recover the passphrase.

Methodologies

First we can scan the available networks with airodump-ng and selected one network and we will take the bssid of that network and we will give the input to the reaver and try to brute force the password. image

3. Bully

High-Level Summary

Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options.

Recommendations

N/A

Methodologies

Bully can be used by security professionals and network administrators to assess the security of wireless networks. Specifically, Bully is designed to exploit vulnerabilities in the WPS (Wi-Fi Protected Setup) feature commonly found in routers. WPS is intended to simplify the process of connecting devices to a Wi-Fi network, but some implementations have been found to have security flaws that can be exploited. image

VII. Reverse Engineering Tools in Kali Linux

1. Nasm

High-Level Summary

NASM stands for Netwide Assembler. It's a popular assembler for the x86 architecture used in many Unix-like operating systems, including Linux.

Recommendations

This tool Nasm very useful when we have understand the machine level language and what it does.

Methodologies

NASM take assembly language code, which is a low-level programming language that closely maps to machine code, and convert it into machine code or object code that a computer's processor can understand and execute.

image

2. Radare2

High-Level Summary

Radare2 is an open-source framework for reverse engineering and binary analysis. It provides a comprehensive set of tools for examining, analyzing, and understanding binary files.

Recommendations

Radare2 is used by a diverse group of individuals, including security professionals, researchers, and hobbyists. It is particularly useful for reverse engineers, who rely on tools like r2 to understand and analyze code at a low level. This article will introduce you to radare2 and explore its key features and benefits.

Methodologies

Disassembling and analyzing code, Debugging with Radare2 is also possible image

VIII. Exploitation tools in Kali Linux

1. Metasploit

High-Level Summary

Metasploit is an open-source platform that supports vulnerability research, exploit development, and the creation of custom security tools.It contains many exploits and we can get exploit to many well known vulnerabilities. And it also supports some scanners to.

Recommendations

N/A

Methodologies

Metasploit is a powerful and widely used penetration testing framework that assists security professionals in identifying and exploiting vulnerabilities in computer systems. It provides a set of tools, resources, and exploits to test the security of a network or system

image

2. Searchsploit

High-Level Summary

SearchSploit is a command-line search tool for Exploit-DB that allows you to take a copy of the Exploit Database with you.

Recommendations

SearchSploit is very useful for security assessments when you don’t have Internet access because it gives you the power to perform detailed offline searches for exploits in the saved Exploit-DB.

Methodologies

suppose we are taking the vulnerable machine here i.e 192.168.219.129 we get some info about the services that are running on the port here take port 21 so the service running on the port 21 is vsftpd 2.3.4 if try check for the possible exploit in searchsploit we can get the result.

image image

IX. Sniffing and Spoofing Tools in Kali Linux

1. Wireshark

High-Level Summary

Wireshark is a free and open-source packet analyzer tool used for network troubleshooting, analysis, and communication protocol development and education.

Recommendations

It captures network traffic from ethernet, Bluetooth, wireless (IEEE.802.11), and frame relay connections, among others, and stores that data for offline analysis.

Methodologies

This image shows the main page of the wireshark it contains many options for capturing the traffic the we select interface eg eth0 for etherenet we can see that some traffic going through eth0 we can select the interface and start the capture

image image

2. TcpDump

High-Level Summary

This program allows you to dump the traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet types.

Recommendations

It can be used to print out the headers of packets on a network interface, filter packets that match a certain expression. You can use this tool to track down network problems, to detect attacks or to monitor network activities.

Methodologies

we use tcpdump command to run tcpdump -i to specify interface here we are using eth0 interface that is ethernet -v increase the verbosity are make the output more readable. image

3. Macchanger

High-Level Summary

GNU MAC Changer is an utility that makes the manipulation of MAC addresses of network interfaces easier. MAC addresses are unique identifiers on networks, they only need to be unique, they can be changed on most network hardware.

Recommendations

Kali linux comes pre installed with a tool called macchanger which allows us to change mac address on a temporary basis.

Methodologies

If you have prior experience with Kali Linux then you would understand that eth0 is the name of the system’s networking interface card or NIC. Always remember to specify the name of the interface whenever working with macchanger. Let us now change into a particular mac address, if you observe the help option then you can see that in order to that we need to use the -m argument.Use the help option well if you want to get proficient in using professional tools.

image image

X. Post Exploitation Tool in Kali Linux

1. Weevely

High-Level Summary

Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Recommendations

At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Methodologies

suppose when generated and ran the payload in the target machine we got the reverse shell using netcat image image

2. Mimikatz

High-Level Summary

Mimikatz is also capable of assisting in lateral movements and privilege escalations. Attacks like Pass-the-Hash, Pass-the-Ticket, Over-Pass-the-Hash, Kerberoasting etc. can also be achieved with Mimikatz.

Recommendations

Mimikatz abuses and exploits the Single Sign-On functionality of Windows Authentication that allows the user to authenticate himself only once in order to use various Windows services.

Methodologies

After a user logs into Windows, a set of credentials is generated and stored in the Local Security Authority Subsystem Service (LSASS) in the memory. As the LSASS is loaded in memory, when invoked mimikatz loads its dynamic link library (dll) into the library from where it can extract the credential hashes and dumps them onto the attacking system, and might even give us cleartext passwords. image

XI. Social Engineering Tools in Kali Linux

1. SET(Social Engineering Tool kit)

High-Level Summary

The Social-Engineer Toolkit (SET) is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.It can be used to perform various social engineering attacks like email phishing, site phishing etc.

Recommendations

The Spear-phishing module allows you to specially craft email messages and send them to your targeted victims with attached FileFormatmalicious payloads. For example, sending malicious PDF document which if the victim opens, it will compromise the system.

Methodologies

The web attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim. This module is used by performing phishing attacks against the victim if they click the link. There is a wide variety of attacks that can occur once they click a link. image

XII. Forensic Tools in Kali Linux

1. BinWalk

High-Level Summary

Binwalk is a great tool when we have a binary image and have to extract embedded files and executable codes out of them.

Recommendations

It is even used to identify the files and codes which are embedded inside the firmware images. Binwalk is compatible with magic signatures for UNIX file utility as it uses libmagic library.

Methodologies

binwalk supports a variety of command-line options that allow you to customize the analysis and extraction process, such as the signature database to use, the output format, or the extraction options. You can use these options to fine-tune the analysis and extraction to suit your needs.

image

2. Autopsy

High-Level Summary

Autopsy is a digital forensics tool that is used to gather the information form forensics. Or in other words, this tool is used to investigate files or logs to learn about what exactly was done with the system.

Recommendations

It could even be used as a recovery software to recover files from a memory card or a pen drive.

Methodologies

Autopsy comes pre-installed in Kali Linux Just type “autopsy” in the terminal. image