You're reading from Becoming the Hacker The Playbook for Getting Inside the Mind of the Attacker

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781788627962

Length 404 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Web Penetration Testing

Author (1):

Adrian Pruteanu

View More author details

Table of Contents (17) Chapters

Preface

1. Introduction to Attacking Web Applications FREE CHAPTER

2. Efficient Discovery

3. Low-Hanging Fruit

4. Advanced Brute-forcing

5. File Inclusion Attacks

6. Out-of-Band Exploitation

7. Automated Testing

8. Bad Serialization

9. Practical Client-Side Attacks

10. Practical Server-Side Attacks

11. Attacking APIs

12. Attacking CMS

13. Breaking Containers

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

The tester's toolkit

The penetration testing tools used vary from professional to professional. Tools and techniques evolve every day and you have to keep up. While it's nearly impossible to compile an exhaustive list of tools that will cover every scenario, there are some tried-and-true programs, techniques, and environments that will undoubtedly help any attacker to reach their goal.

Kali Linux

Previously known as BackTrack, Kali Linux has been the Linux distribution of choice for penetration testers for many years. It is hard to argue with its value, as it incorporates almost all of the tools required to do application and network assessments. The Kali Linux team also provides regular updates, keeping not only the OS but also the attack tools current.

Kali Linux is easy to deploy just about everywhere and it comes in many formats. There are 32-bit and 64-bit variants, portable virtual machine packages, and even a version that runs on the Android OS:

Figure 1.2: A fresh instance of the Kali Linux screen

Kali Linux alternatives

One alternative or supplement to Kali Linux is the Penetration Testing Framework (PTF) from the TrustedSec team and it is written in Python. This is a modular framework that allows you to turn the Linux environment of your choice into a penetration testing toolset. There are hundreds of PTF modules already available, and new ones can be quickly created. PTF can also be run on Kali to quickly organize existing tools in one location.

Figure 1.3: The PTF interactive console

Another well-established alternative to Kali Linux is BlackArch, a distribution based on Arch Linux that includes many of the tools bundled with other penetration testing distributions. BlackArch has many of the tools that testers are familiar with for network testing or application assessments, and it is regularly updated, much like Kali Linux. For Arch Linux fans, this is a welcome alternative to the Debian-based Kali distribution.