Showing posts with label kali. Show all posts
Showing posts with label kali. Show all posts

Tuesday, March 28, 2017

Practical Tutorial For Best 15 Pentest Tools In Kali Linux 2 0

Practical Tutorial For Best 15 Pentest Tools In Kali Linux 2 0


Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Wondering which software or tools is used for hacking or penetration testing (pentest)? Which is the best operating system for pentesting?, I hope my regular readers know about Kali Linux because there is a lot of kali tutorials and articles around this website. Yes, Kali Linux is my favorite Operating System for pentest and recently Offensive security team has released their new version Kali Linux 2.0 and its incredible. Kali Linux already coming with 300+ tools and here we have created a list of best 15 pentest tools.

Also Read: Installing Hackers OS Kali Linux In VMware (Beginners Guide With Screenshots)

Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Some people recommend minimum knowledge of few programming languages like C, Python, HTML with Unix operating system concepts and networking knowledge is required to start learning hacking techniques.

Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. You must have a passion and positive attitude towards problem solving. The security softwares are constantly evolving and therefore you must keep learning new things with a really fast pace.


What is new in Kali Linux 2.0 ?

Kali Linux is an incredibly powerful tool for testing network vulnerabilities and today it’s getting a lot easier to use with a new interface, automatic updates, and more. As i said before Kali Linux distro has lot of pre-installed tools but what is new in Kali Linux 2.0 version?. Lot of my readers got this doubt and they are also asking how to upgrade to new version, for those i have posted a detailed article about Kali Linux 2.0 and lets check it out here: Improved Features Of New Kali Linux 2.0 And How To Upgrade To It

Anyway it is time to look into the tools, i prefer newbies to go through the tutorials also so you will get the concept of those tools and for what purposes that tools are used for.



1. Metasploit

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com


Metasploit is a framework of exploits, shellcodes, fuzzing tools, payloads,encoders etc. More over we can regard it as a collection of exploitation tools bundled into a single framework. It is avaliable in all major Linux, Windows, OS X platforms. It’s main objective is to test your/company’s/organization’s defences by attacking them. Something like “Offense for Defense”. This is actually where a penetration tester/Security Analyst begins attacking the victim after a huge recon. Metasploit has a wide range of tools & utilities to perform attacks agianst all operating systems including Android & iOS.

It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. This is a commercial product, although there might be free limited trials available.

Tutorial: Introduction to using Metasploit in Kali Linux


2. Armitage

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com


Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

Through one Metasploit instance, your team will:
  • Use the same sessions
  • Share hosts, captured data, and downloaded files
  • Communicate through a shared event log.
  • Run bots to automate red team tasks.

Tutorial: Beginners Guide To Armitage And How To Use It In Kali Linux


3. Wireshark

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com


Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.

Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and headerdata. This information can be useful for evaluating security events and troubleshooting network security device issues. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility.

Tutorial: Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark


4. Burpsuite

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

BurpSuite is an integration of tools that work together to perform security tests on web applications. It is also a platform for attacking applications on the web. Burp Suite contains all the Burp interfaces and tools made for speeding up and facilitating the process of application attacks. Every Burp Suite tool contains the same robust framework for extensibility, alerting, logging, upstream proxies, authentication, persistence and HTTP requests.. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc. You can use this on Windows, Mac OS X and Linux environments.

Tutorial: Setting Up BurpSuite Web Hacking Tool with Firefox and FoxyProxy


5. Acunetix

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Acunetix mainly aimed at web applications and related content, the software is able to scan for and detect a wide range of exposures, many of which are common to several environments.

For instance, with Acunetix Web Vulnerability Scanner it is possible to find out if a system is exposed to various types of code injection and execution, as well as to the widespread cross-site scripting (XSS) attacks.

Tutorial: Check Your Website Security Using Acunetix Web Vulnerability Scanner Tool


6. John The Ripper

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form.

Tutorial: Easy Way To Crack Password Using John The Ripper In Kali Linux


7. Social Engineer Toolkit

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons. It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows.

Tutorial: Beginners Guide: What is Hacking and How to Become a Social Engineer


8. Nmap

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced.

Tutorial: Nmap Tutorial: How To Hack ADSL Router Using NMAP Tool



9. BeEF

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows.

Tutorial: Kali Linux Tutorial: Hack A Web Browser Using BeEF


10. Aircrack-ng

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Tutorial: Kali Linux Tutorial: Wireless Auditing with Aircrack-ng, Reaver, and Pixiewps


11. Sqlmap

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms.

Tutorial: How to Hack Website Using Sql Map in Kali Linux - Sql Injection


12. Ettercap

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.

Tutorial: Man In The Middle Attack Using Ettercap In Kali Linux


13. Hydra

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Tutorial: How to Crack Online Passwords Using THC-Hydra in Kali Linux


14. Maltego

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company.

Tutorial: Kali Linux Tutorial: Using Maltego Tool To Scan Network And Finding IP


15. Nikto

Best 15 Pentest Tools In Kali Linux 2- picateshackz.com

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

Tutorial: Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto


Final Words

A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Its true that some common types of hacking can be easily done with help of tools, however doing it does not really make you a hacker. A true hacker is the one who can find a vulnerability and develop a tool to exploit and/or demonstrate it.
Hacking is not only about knowing "how things work", but its about knowing "why things work that way" and "how can we challenge it". Anyway good luck guys, happy pentesting and if you have any suggestions or quarries just type down your comment, thank you.


Available link for download

Read more »
Posted by at
Labels: , , , , , , , , , , ,

Friday, February 17, 2017

Power Up Your Ubuntu With Kali Linux Pentesting Tools Using Katoolin

Power Up Your Ubuntu With Kali Linux Pentesting Tools Using Katoolin


install-kali-tools-in-ubuntu-using-katoolin-script - picateshackz.com

Automatically install all Kali Linux tools on Ubuntu and Debian. Install and use “Katoolin” in Ubuntu 15.04, Ubuntu 14.04 and Debian, to install Kali Linux tools at once. Besides able to install Kali Linux tools, Katoolin tool can add Kali Linux repositories and/or remove Kali Linux repositories in an easy manner.

Katoolin is a powerful script that allows to install Kali Linux tools on Ubuntu, Debain or another Linux distributions. The only requirements to install and use Katoolin is an operating system (Ubuntu 14.04 or higher) and Python 2.7.

In this tutorial we are going to look at steps to install Katoolin on Debian based derivatives.

Recommended: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial


Major Features of Katoolin


  • Adding Kali Linux repositories.
  • Removing Kali Linux repositories.
  • Installing Kali Linux tools.


Requirements

Requirements for installing and using Katoolin.
  • An operating system for this case we are using Ubuntu 14.04 64-bit.
  • Python 2.7

Installing Katoolin

To install Katoolin run the following commands.
# apt-get install git
# git clone https://github.com/LionSec/katoolin.git && cp katoolin/katoolin.py /usr/bin/katoolin

Sample Output

cp katoolin/katoolin.py /usr/bin/katoolin
Cloning into katoolin...
remote: Counting objects: 52, done.
remote: Total 52 (delta 0), reused 0 (delta 0), pack-reused 52
Unpacking objects: 100% (52/52), done.
Checking connectivity... done.
Then make /usr/bin/katoolin executable by running the command below.
# chmod +x /usr/bin/katoolin
Now you can run Katoolin as follows.
# katoolin
The output below shows the interface of Katoolin when you run the command.

Sample Output

 $$ $$ $$ $$ $$ 
 $$ | $$ | $$ | $$ |__| 
 $$ |$$ / $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$ |$$ $$$$$$$ 
 $$$$$ / ____$$ _$$ _| $$ __$$ $$ __$$ $$ |$$ |$$ __$$ 
 $$ $$< $$$$$$$ | Kali linux tools installer |$$ |$$ |$$ | $$ |
 $$ |$$ $$ __$$ | $$ |$$ $$ | $$ |$$ | $$ |$$ |$$ |$$ | $$ |
 $$ | $$ $$$$$$$ | $$$$ |$$$$$$ |$$$$$$ |$$ |$$ |$$ | $$ |
 __| __| _______| ____/ ______/ ______/ __|__|__| __| V1.0 


 + -- -- +=[ Author: LionSec | Homepage: www.lionsec.net
 + -- -- +=[ 330 Tools 

 

1) Add Kali repositories & Update 
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
As you can see it provides a menu from which you can make selections of what you want to do.
Incase the above way of installation fails, you also can try the following steps.
Go to https://github.com/LionSec/katoolin.git page download the zip file and extract it.
# wget https://github.com/LionSec/katoolin/archive/master.zip
# unzip master.zip
After extracting, you should be able to find katoolin.py script. Run katoolin.py command, you will be able to view the output similar to above.
# cd katoolin-master/
# chmod 755 katoolin.py
# ./katoolin.py

Also Read:


  • Kali Linux Tutorial: Introduction To SAKIS3G Hardware Hacking
  • Practical Tutorial For Best 15 Pentest Tools In Kali Linux 2.0
  • Kali Linux Tutorial: Find IP Address Of Any Website And Trace Its Location


How do I use Katoolin?

To add Kali Linux repositories and update repositories, select option 1 from the Menu.
1) Add Kali repositories & Update 
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help

 
kat > 1

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file

 
What do you want to do ?> 1

Sample Output

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.DC9QzwECdM --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver pgp.mit.edu --recv-keys ED444FF07D8D0BF6
gpg: requesting key 7D8D0BF6 from hkp server pgp.mit.edu
gpg: key 7D8D0BF6: public key "Kali Linux Repository <devel@kali.org>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Then you can select option 2 from the interface above to update the repositories. From the output below, I have only captured a portion where Kali Linux repositories are being updated so that one can install Kali Linux tools in Ubuntu.
What do you want to do ?> 2
Ign http://in.archive.ubuntu.com vivid InRelease 
Ign http://security.ubuntu.com vivid-security InRelease 
Ign http://in.archive.ubuntu.com vivid-updates InRelease 
Get:1 http://security.ubuntu.com vivid-security Release.gpg [933B] 
Ign http://in.archive.ubuntu.com vivid-backports InRelease 
Get:2 http://repo.kali.org kali-bleeding-edge InRelease [11.9 kB] 
Get:3 http://security.ubuntu.com vivid-security Release [63.5 kB] 
Hit http://in.archive.ubuntu.com vivid Release.gpg 
Get:4 http://repo.kali.org kali-bleeding-edge/main amd64 Packages [8,164 B] 
Get:5 http://in.archive.ubuntu.com vivid-updates Release.gpg [933 B] 
Get:6 http://repo.kali.org kali-bleeding-edge/main i386 Packages [8,162 B] 
Hit http://in.archive.ubuntu.com vivid-backports Release.gpg 
...
If you want to delete the Kali Linux repositories you added, then select option 3.
What do you want to do ?> 3
 
All kali linux repositories have been deleted !
As part of its operation, the Apt package uses a /etc/apt/sources.list that lists the ‘sources‘ from which you can obtain and install other packages.
To view contents of /etc/apt/sources.list file, select of 4.
What do you want to do ?> 4

#deb cdrom:[Ubuntu 15.04 _Vivid Vervet_ - Release amd64 (20150422)]/ vivid main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://in.archive.ubuntu.com/ubuntu/ vivid main restricted
deb-src http://in.archive.ubuntu.com/ubuntu/ vivid main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://in.archive.ubuntu.com/ubuntu/ vivid-updates main restricted
deb-src http://in.archive.ubuntu.com/ubuntu/ vivid-updates main restricted
...
To go back you can simply type back and press [Enter] key.
What do you want to do ?> back

1) Add Kali repositories & Update 
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help

 
kat >
To go back to the main menu, simply type gohome and press [Enter] key.
kat > gohome

1) Add Kali repositories & Update 
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help

 
kat >
There are different categories of Kali Linux tools you can install on your Ubuntu using Katoolin.
To view the available categories, select option 2&nbs

Available link for download

Read more »
Posted by at
Labels: , , , , , , , , , ,

Subscribe to: Posts (Atom)