Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux 2018: Assuring Security by Penetration Testing

You're reading from   Kali Linux 2018: Assuring Security by Penetration Testing Unleash the full potential of Kali Linux 2018, now with updated tools

Arrow left icon
Product type Paperback
Published in Oct 2018
Publisher
ISBN-13 9781789341768
Length 528 pages
Edition 4th Edition
Languages
Arrow right icon
Authors (7):
Arrow left icon
Alex Samm Alex Samm
Author Profile Icon Alex Samm
Alex Samm
Damian Boodoo Damian Boodoo
Author Profile Icon Damian Boodoo
Damian Boodoo
Tedi Heriyanto Tedi Heriyanto
Author Profile Icon Tedi Heriyanto
Tedi Heriyanto
Gerard Johansen Gerard Johansen
Author Profile Icon Gerard Johansen
Gerard Johansen
Shakeel Ali Shakeel Ali
Author Profile Icon Shakeel Ali
Shakeel Ali
Shiva V. N. Parasram Shiva V. N. Parasram
Author Profile Icon Shiva V. N. Parasram
Shiva V. N. Parasram
Lee Allen Lee Allen
Author Profile Icon Lee Allen
Lee Allen
+3 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Installing and Configuring Kali Linux 2. Setting Up Your Test Lab FREE CHAPTER 3. Penetration Testing Methodology 4. Footprinting and Information Gathering 5. Scanning and Evasion Techniques 6. Vulnerability Scanning 7. Social Engineering 8. Target Exploitation 9. Privilege Escalation and Maintaining Access 10. Web Application Testing 11. Wireless Penetration Testing 12. Mobile Penetration Testing with Kali NetHunter 13. PCI DSS Scanning and Penetration Testing 14. Tools for Penetration Testing Reporting 15. Assessments 16. Other Books You May Enjoy

Kali Linux tool categories

As of the writing of this, the latest release of Kali Linux is version 2018.2, released on. As listed on the official website at https://bugs.kali.org/changelog_page.php, this version includes:

  • Better support for AMD GPUs
  • Fixes for x86 and x64 architecture against Spectre and Meltdown vulnerabilities
  • Easier access to Metasploit with metasploit-framework-4.16.34-0Kali2 and newer
  • Updates to tools including Bloodhound v1.51, Reaver 1.6.4, PixieWPS 1.42, BurpSuite 1.7.32, Hashcat 4.0, and others
  • Improvements to Wpscan, Openvas, Xplico, Responder, and Dradis

Kali Linux contains a number of tools that can be used during the penetration testing process. The penetration testing tools included in Kali Linux can be categorized into the following:

  • Information gathering: This category contains several tools that can be used to gather information about DNS, IDS/IPS, network scanning, operating systems, routing, SSL, SMB, VPN, voice over IP, SNMP, email addresses, and VPN.
  • Vulnerability assessment: In this category, you can find tools to scan vulnerabilities in general. It also contains tools to assess the Cisco network, and tools to assess vulnerability in several database servers. This category also includes several fuzzing tools.
  • Web applications: This category contains tools related to web applications such as the content management system scanner, database exploitation, web application fuzzers, web application proxies, web crawlers, and web vulnerability scanners.
  • Database assessment: Tools in this category test the security of a variety of databases. There are a number of tools designed specifically to test SQL databases.
  • Password attacks: In this category, you will find several tools that can be used to perform password attacks, online or offline.
  • Wireless attacks: Testing wireless security is becoming more and more common. This category includes tools to attack Bluetooth, RFID/NFC, and wireless devices.
  • Exploitation tools: This category contains tools that can be used to exploit the vulnerabilities found in the target environment. You can find exploitation tools for the network, web, and databases. There are also tools to perform social engineering attacks and find exploit information.
  • Sniffing and spoofing: Tools in this category can be used to sniff the network and web traffic. This category also includes network spoofing tools such as Ettercap and Yersinia.
  • Post exploitation: Tools in this category will be able to help you maintain access to the target machine. You might need to get the highest privilege level in the machine before you can install tools in this category. Here, you can find tools for backdooring the operating system and web application. You can also find tools for tunneling.
  • Forensics: This category contains tools to perform digital forensic acquisitions, data recovery, incident response, and file carving.
  • Reporting tools: In this category, you will find tools that help you document the penetration testing process and results.
  • Social engineering tools: This category contains the very powerful Maltego and Social Engineering Toolkit (SET), among others, which are very useful in the reconnaissance and exploitation phases of penetration testing.
  • System services: This category contains several services that can be useful during the penetration testing task, such as the Apache service, MySQL service, SSH service, and Metasploit service.

To simplify the life of a penetration tester, Kali Linux has provided us with a category called Top 10 Security Tools. As its name implies, these are the top 10 security tools most commonly used by penetration testers. The tools included in this category are aircrack-ng, burp-suite, hydra, john, maltego, metasploit, nmap, sqlmap, wireshark, and zaproxy.

Besides containing tools that can be used for the penetration testing tasks, Kali Linux also comes with several tools that you can use for the following:

  • Reverse engineering: This category contains tools that can be used to debug a program or disassemble an executable file.
  • Stress testing: This category contains tools that can be used to help you in stress testing your network, wireless, web, and VOIP environment.
  • Hardware hacking: Tools in this category can be used if you want to work with Android and Arduino applications.
  • Forensics: Tools in this category can be used for a variety of digital forensic tasks. This includes imaging disks, analyzing memory images, and file carving. One of the best forensic tools that is available with Kali Linux is Volatility. This command-line tool has a number of features for analyzing memory images. There are also several GUI tools available such as Autopsy and Guymager and also Xplico, which has been fixed.

For the purposes of this book, we are focusing only on Kali Linux's penetration testing tools.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime