Kali Linux Penetration Testing
Today, most organizations understand that digital security cannot do without penetration testing. Kali Linux is one of the most popular software for this.
Kali Linux for Web Application Penetration Testing
The software is constantly evolving, many new applications and versions of operating systems are being created. However, the rapid development of software leaves little time for software testing, primarily because of the complexity of the code in modern applications, and also because of the human factor. As a result, errors remain in the application code, which later turns into software vulnerabilities. The problem of identifying vulnerabilities is relevant for software developers and information security experts, as well as for technical specialists who implement and maintain business applications.
Want to have an in-depth understanding of all modern aspects of Kali Linux Penetration Testing? Read carefully this article and bookmark it to get back later, we regularly update this page.
Kali Linux is one of the most popular penetration testing distributions, a descendant of the famous BackTrack Linux, but it is already based on Debian and accordingly supports its packages in general and applications in particular. The reason for its popularity is simple, because it has a rather friendly interface and the availability of the necessary pentesting tools out of the box. Kali Linux comes with a lot of tools to make it easier to use for checking, hacking and everything else related to digital forensics.
Kali Linux is one of the very best advised distributions of Linux for whitehat hackers. Kali Linux is a powerful weapon of a hacker, or someone who fights with these hackers. Even if you are not a cyber security specialist or a hacker, but a webmaster, you can still use some of the tools to easily start scanning your web server or web page. Kali Linux was ported to the ARM architecture, which means that it can be easily installed on the tablet.
The tools are categorized, which is very convenient. There are installation options on the workstation, for example, Raspberry Pi3, as well as on mobile platforms running Android, for example Kali NetHunter, which is installed almost without changes on top of Android and works inside the chroot environment. You can see that more and more Linux port their assemblies for ARM, since all mobile devices today use this particular architecture. The official website of the program has detailed instructions on how to assemble your image for ARM.
Reconnaissance and Information Collection with Kali Linux
Any vulnerability search begins with intelligence and information gathering. Intelligence can be active when iterating through files and directories of a site, using vulnerability scanners, manual analysis of the application; or passive using various search engines and online services. Assessing the security of a company's information infrastructure based on data from its websites and DNS records using penetration testing is called a penetration test.
The process of ethical hacking begins with the collection of general information about the object: what services are used, how many servers and what addresses they have, etc. d. The starting point is most often the domain of the 2nd level of the customer, and he is also the site of the company. Pentesters try to get the most out of this information, and they try to do it in a passive mode so that monitoring systems do not record suspicious activity and other alarm systems do not work. Further we will consider some Kali Linux tools and online resources that can be used to analyze the security of web applications.
It is characteristic of passive information collection that the stages of it carrying out cannot be detected, since it is virtually impossible to determine from which node information is collected. Passive collection uses Whois services, DNS analysis, research of public Internet resources, search engines and Internet services, social networks and much more. Begin by analyzing the site and the information on it. If you start scanning the site, you can trigger the alerts of the security system, so you can use the service that has already crawled this site and has its cast. Such a service exists and this is Google.
Some Kali Linux Tools
Google dorks. Normal surfing on sites turns into a professional passive scanner when you start using special dork commands in search queries. Advanced search operators of Google are typically utilized with defferent instruments of pentesting to collect anonymous information, map networks, scan and list ports. Google dorks can provide a pentester with a wide range of confidential data, such as administrator login sites, usernames and passwords, confidential documents, military or government information, corporate mailing lists, bank account information, and more. Using Google dorks allows you to filter information by example by type of vulnerability, by type of CMS, errors that not everyone pays attention to.
Among all Google Advanced Search Operators, the most interesting are:
- site - search is carried out on a specific site;
- inurl - a pointer to the fact that the searched words should be part of the web address itself;
- intitle - search operator in the title of web pages;
- ext or filetype - search for files of a certain type by extension.
Also, when compiling a request, do not forget about operators that are specified by special characters:
- "|" - a vertical slash, it is also an OR operator - logical or. Indicates that you want to show results containing at least one of the words listed in the query.
- "" "" Are quotation marks. Indicates a search for an exact match.
- "-" - minus. It is used to clear search results and excludes from it results with the words indicated after the minus.
- "*" - an asterisk. Used as a mask and means "anything."
2IP and similar services. Various online services that provide information about the operating system, browser, location and Internet provider, as well as directly about the IP address. The service provides access to tools that can be of great help during penetration testing. On 2IP, you can find out the IP address of an object by a domain name, check the DNS records of a domain, determine the CMS used, the presence of a site in web archives, etc.
Shodan. This is a search engine developed by web developer John Matherly and focused primarily on finding devices connected to the Internet. Shodan provides information about all devices-routers, switches, desktops, servers and others, as well as services. The search engine polls the ports, captures the received banners and indexes them to find the necessary information.
HackerTarget. The service allows you to scan for vulnerabilities based on open source tools. HackerTarget can perform 12 different types of scans (scanning external ports, scanning vulnerabilities using OpenVAS, collecting domain information, WordPress, Joomla, and Drupal security tests) available for Free.Perform scanning. Information collected using HackerTarget can be used to expand the attack zone when vulnerabilities are detected on the server.
Nmap. Scan any IP address, scan limit up to 2048 addresses per day, port scan without limits, start scheduled scan.
OpenVas. Scan with the tool up to 512 IP addresses and generate reports in PDF, HTML, XML. Scheduled scanning is available.
Nikto. Web server vulnerability scanner, testing using SQLmap, advanced tools for WhatWeb / Wappalyzer, CMS scanning for WordPress, Joomla, Drupal, as well as SSL / TLS testing.
The Harvester. It is a tool for collecting e-mail addresses, subdomain names, virtual hosts, open ports or banners and names of workers from various open sources, such as search engines, pgp key servers. This is a simple but effective tool in the early stages of penetration testing to find out what information a company can collect about the Internet.
Sparta. A tool designed to automate active intelligence. The tool has a GUI interface, which allows you to intuitively understand the work of the program. After specifying the host for testing, the tool will run sequentially several scenarios for collecting information, starting from port scanning using Nmap and ending with scanning the vulnerabilities of Nikto web servers by the scanner and creating screenshots of web pages. If necessary, the services found can be transferred to the built-in brute force mechanism for selecting a password for user accounts.
For Kali Linux, many tools have already been developed that vary in different parameters, paid and free, available in each of the functional groups of utilities. At this basic intelligence and information gathering can be completed and go to the next stage of penetration testing. Based on the collected information, vectors are built for subsequent attacks, so this stage of intelligence and information collection is fundamental to the success of the subsequent testing of mobile applications or web application security analysis of your organization.