Kali Linux: A toolkit for pentest

DLinux distribution optimized forr penetration testing, Kali Linux is maintained and managed by offensive security specialists.What does this name mean?Well, we’ll get to that.Thisdistro is née in 2006 under the name of BackTrack Linux, but after a major redesign in 2013, it was given the name of Time.Bace on Debian Testing, Time includes over 300 security tools, including big ones like Metasploit, Nmap and Aircrack-ng, but also a wide variety of more obscure and specialized tools.

Time efreet download and use, but it is designed as a specialized Linux distribution, optimized for penetration testing, not as a daily operating system for checking your email or browsing the web or sharing content. gifs of kittens.

To start with Time

If you are familiar with Linux, especially with a version of Debian like Ubuntu (or, well, Debian directlyt), then Kali will sound familiar to you, at least at first.Open a terminal and snoop.It is officially recognized as a compliant variant of Debian by the project Debian, and with a default GNOME desktop, it looks and feels like you might expect at first glance.

Fast forward to this scene from a WWII movie where a grizzled sergeant and cigar cutter removes the dusty tarp covering the Big Guns.This is pretty much what it feels like to deploy Kali and qu’we start to play with it.Especially since pointing most of those tools on targets without their permission is illegal under lsecurity lawIt’s networks and information systems (law n ° 2018-133 of February 26, 2018) in France, but we find equivalents all over the world. Again, Kali is not meant to be used as the default daily operating system, but must be used for security testing.As is, it is frequently installed in a virtual machine on a PC, using VMWare Where VirtualBox on a Windows, Mac, or even Linux host.Kali also sets up very well as VM Qubes.Newbies can start by downloading a VM VMWare Where VirtualBoxpreconfigured to be quickly operational.

Who is Kali for?

Kali is a specialty Linux distro for power Linux users who need an offensive security-focused penetration testing platform.« If you are not familiar with Linux in general, if you do not have at least a basic level of skill in administering a system, if you are looking for a Linux distro to use as a learning tool for you familiar with Linux, or want a distro that you can use as a general purpose desktop install, Kali Linux is probably not what you are looking for, ”the administrators of Time on their site.

Once in the thick of penetration testing, Kali is the right choice for most tasks offensive security.Advanced users can form an opinion on the alternatives to Time they prefer, but newcomers to penetration testing should be familiar with Time before considering other options.

Installation of métapackages from Time

There are so many security tools available for Time they can’t all fit in one download.Like many those tools are specialized for specific cases of equipment or marginal use, Kali downloads with a set of the most commonly used tools and allows users to install metapackages – some packages Debian Who include dozens if not hundreds of packages in this category.The directors of Time give the example of downloading Time for a commitment without fil from pentesting.Rather than waiting for everything to be installed, a orderedapt-getinstall time-tools-wireless allows to obtainr all tools without fil from Time, which will allow you to go faster.

The complete list of metapackages includes over a dozen options.New users of Time should start par installer kali-linux-default and maybee kali-tools-top10.The black beast complete from Time is baptized AlltheThings, but it requires long download times and tools overload.

Popular tools of Time

Imagine a Swiss Army Knife with several hundred gadgets, gewgaws and of things.Where to start ?Probably not the tweezers or the toothpick.the the main tool remains the large knife, certainly the can opener, the screwdriver.For Time, it is Metasploit, the popular penetration testing framework.We can also cite Nmap, the essential scanner from ports.And Wireshark, the ubiquitous network traffic analyzer.And of course, Aircrack-ng, to test the security of WiFi.

To manage network traffic, we have the choice Come inmitmproxy and Burp (free version).To crack offline passwords?Hashcat and John the Ripper will do the job.Start your day by injecting SQL?Sqlmap is a good place to start.To create emails from phishing as part of a test campaign, social engineering tools – such as the Social-EngineerToolkit (SET) – will continue to play inattentive employees.

Practice using Kali

Pto start with at Kali, it is necessary to find a training ground legal on which to point the arsenal of tools.Popular services like VulnHub and HacktheBox provide access VPN free or cheap to dozens of vulnerable boxes that to allow to put into practice his hacking skills.

Once launched, the certification OSCP is at your fingertips.This coveted certification OffensiveSecurityCertifiedProfessional, created and managed by people d‘Offensive Security – who assuret also maintenance of Kali Linux – provides hands-on training using Time and a 24-hour exam where students must hack vulnerable targets to pass.L’OSCP is not easy to pass.Their motto is for good reason « Try Harder » (try harder).

Special features of Time

Kali supports all kinds of practical cases including ARM support (Raspberry Pi), an analysis mode, a « Kali for Android ” calledNetHunter, Amazon EC2 images AWS, and even braille support.The most of those the latter are advanced use cases that a newbie probably won’t need, nI love youe need to know, but the universe of Time is large and popular.

As for the name Kali, it means, among other things, Hindu goddess of preservation, transformation and destruction, divine mother (of Ramakrishna), Filipino martial art, or severe in Swahili. But for OS administrators, Kbut ist just the name we came up with for our new distro. “