You're reading from Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition Become a cybersecurity ethical hacking expert using Metasploit, Nmap, Wireshark, and Burp Suite

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801819770

Length 572 pages

Edition 4th Edition

Languages

PowerShell

Tools

Burp Suite

Concepts

Cybersecurity

Author (1):

Vijay Kumar Velu

View More author details

Table of Contents (17) Chapters

Preface

1. Goal-Based Penetration Testing FREE CHAPTER

2. Open-Source Intelligence and Passive Reconnaissance

3. Active Reconnaissance of External and Internal Networks

4. Vulnerability Assessment

5. Advanced Social Engineering and Physical Security

6. Wireless and Bluetooth Attacks

7. Exploiting Web-Based Applications

8. Cloud Security Exploitation

9. Bypassing Security Controls

10. Exploitation

11. Action on the Objective and Lateral Movement

12. Privilege Escalations

13. Command and Control

14. Embedded Devices and RFID Hacking

15. Other Books You May Enjoy

16. Index

Introduction to Kali Linux features

Kali Linux (Kali) is the successor to the BackTrack penetration testing platform that is generally regarded as the de facto standard package of tools used to facilitate penetration testing to secure data and voice networks. It was developed by Mati Aharoni and Devon Kearns of Offensive Security. This distribution is mainly meant for penetration testing and digital forensics.

In 2021, Kali had four updates. The latest rolling version was released on December 9, 2021 with kernel 5.14.0 and the Xfce 4.16.3 desktop environment. Additionally, there was a minor update on December 23, 2021 with version Kali 2021.4a.

Some features of this latest version of Kali include the following:

Over 500 advanced penetration testing, data forensics, and defensive tools. The majority of the older pre-installed tools are eliminated and replaced by similar tools. They provide extensive wireless support with multiple hardware and kernel patches to permit the packet injection required by some wireless attacks. Table 1.2 provides a breakdown of the tools with respect to their specific task as of December 2021:

Tool Sections	No. of Tools
Information Gathering	67
Vulnerability Analysis	27
Wireless Attacks	54
Web Applications	43
Exploitation Tools	21
Forensics Tools	23
Sniffing & Spoofing	33
Password Attacks	39
Maintaining Access	17
Reverse Engineering	11
Hardware Hacking	6
Reporting Tools	10

Table 1.2: The number of tools available, listed with respect to the specific tasks for which they are used

Some of the key features of Kali Linux 2021.4 include:

Support for multiple desktop environments such as KDE, GNOME3, Xfce, MATE, e17, lxde, and i3wm.021.
By default, Kali Linux has Debian-compliant tools that are synchronized with the Debian repositories at least four times daily, making it easier to update packages and apply security fixes.
There are secure development environments and GPG-signed packages and repositories.
There is support for ISO customization, allowing users to build their own versions of customized Kali with a limited set of tools to make it lightweight. The bootstrap function also performs enterprise-wide network installs that can be automated using pre-seed files.
Since ARM-based systems have become more prevalent and less expensive, support for ARMEL and ARMHF in Kali Linux can be installed on devices such as rk3306 mk/ss808, Raspberry Pi, ODROID U2/X2, Samsung Chromebook, EfikaMX, Beaglebone Black, CuBox, and Galaxy Note 10.1.
Kali remains a free open-source project. Most importantly, it is well supported by an active online community.

The role of Kali in red team tactics

While pentesters might prefer any type of operating system to perform their desired activity, usage of Kali Linux saves significant time and prevents the need to search for packages that aren’t typically available in other operating systems. Some of the advantages that are not noticed with Kali Linux during a red team exercise include the following:

One single source to attack various platforms.
It’s quick to add sources and install packages and supporting libraries (especially those that are not available for Windows).
It’s even possible to install RPM packages with the usage of alien.

The purpose of Kali Linux is to secure network, cloud, and application infrastructure and bundle all of the tools to provide a single platform for penetration testers and forensic analysts.