Welcome to this concise article discussing how to install Linux headers on Kali Linux.

Linux header files are used in interface definition between various components of the kernel. They are also used to define interfaces between the kernel and userspace. A typical case where Linux headers are required is running a Hypervisor because the tools require modules that interact with the kernel.

By default, Kali Linux does not ship with Linux headers installed; you will have to do it manually.

Installing Linux Headers Using APT

One of the methods you can use to install Kernel Headers is to use the Debian package manager with Kali Linux repositories.

You may require to run a full system upgrade before installing the Kernel Headers successfully.

Edit your sources.list file, and add the correct repositories provided in the following resource,

https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/

Next, refresh the repositories and run a full distribution upgrade

Once completed, reboot your Kali Linux installation, and install the headers.

Enter the command below to install Linux headers for your kernel version. We will use the uname –r command to grab the kernel version directly.

This command should run successfully and install the required headers for your Kernel version. However, if the method above does not work, you can install them manually.

Installing Kernel Headers Manually

Before installing the Kernel headers manually, run a full distribution update and reboot to ensure you have the latest kernel version.

Open your browser and navigate to

https://http.kali.org/kali/pool/main/l/linux/

Download the appropriate kernel headers you require in the form of a deb package.

Next, use the dpkg command to install the headers:

That should install the required Kernel headers.

Conclusion

This tutorial has shown you the manual way of installing Kernel headers on Kali Linux and using the apt package manager.

NOTE: To ensure you don’t run into issues, update your system before performing header installation.

Thank you for reading.

WireGuard is a simple and fast open-source VPN tunneling service built with high-end cryptographic technologies. It is very easy to set up and use, and many consider it better than OpenVPN or IPSec. WireGuard is also cross-platform and supports embedded devices.

WireGuard works by setting up virtual network interfaces such as wlan0 or eth0 that can be managed and controlled like normal network interfaces, helping configure and manage the WireGuard easily using net-tools and other network managing tools.

This guide will show you how to set up a WireGuard client and server on a Kali Linux system.

Let us start by installing WireGuard on the system.

Installing WireGuard

Depending on the version of Kali Linux you are running, you should have WireGuard apt repositories.  Update your system using the commands:

Next, enter a simple apt command to install WireGuard:

Once we have WireGuard installed on the system, we can proceed to configure it.

Configuring WireGuard Server

WireGuard security operates on SSH key-value pairs, which are very easy to configure. Start by creating a .wireguard directory.

Next, set read, write, and execute permissions.

Now we can generate the key-value pairs using the command:

Next, copy the contents of the private key:

Once you have the contents of the private key copied to your clipboard, create a WireGuard configuration file in /etc/wireguard/wg0.conf

In the file, add the following lines:

In the address, add the IP address of the hosting server. For PrivateKey, enter the contents of the private key you copied previously.

In the peer section, add the public key for the client and the IP address.

Once you have the configuration file set up, set the VPN server to launch at startup.

Finally, start the WireGuard service on the server:

 Configuring WireGuard Client

Next, we need to configure the WireGuard client. Ensure you have WireGuard installed on the system.

Generate Key value pairs as well.

Finally, save the file and enable the VPN:

You can verify the connection with the command:

 Conclusion

Setting up WireGuard is easy and efficient. Once set up, you can use it in a wide variety of cases. With what you’ve learned from this guide, you can test and see if it works better than other VPN services.

Let us get started.

Requirements

To set up a complete Kali Linux mirror, you will need to have a few resources. These include:

• An accessible web server with HTTP and HTTPs access
• A large disk space—As of writing this, according to Kali Linux maintainers, the Kali Linux package repository is 1.1 TB and growing fast
• HTTP and RSYNC services installed and running on the system

Set up a User for Kali Linux mirror

The first step is to set up a full account dedicated to kali Linux mirrors only. Use the adduser command:

Set up Mirror Directories

Next, we need to set up the directories that contain the mirrors and assign permissions to the user we’ve created.

The commands above will create the directories kali and kali-images and set ownership to the user we created earlier.

Set up rsync

The next step involves starting and configuring rsync service. Export the directories using the command:

Configuring your Mirrors

Next, we need to export the mirrors under http://domain.com/kali and http://domain.com/kali-images

We start by downloading and unarchiving the http://archive.kali.org/ftpsync.tar.gz archive in the user’s directory created earlier.

 Configuring SSH Access

The final step is to configure SSH authorized keys for archive.kali.org to trigger the mirror.

 Contacting Kali.org

Once you have finished setting up your system, send an email to devel@kali.org providing all details for your mirrors, including the user, the port to access the SSH service, and public hostname. You should also state who Kali should contact in case of problems and if any changes should get applied according to the mirror setup.

From there, all you have to do is wait for the first push from archive.kali.org.

Let’s discuss how we can modify installed packages and rebuild them from the source.

NOTE: Before we begin, you will need to include the source deb-src package URIs in the sources.list file.

Adding deb-src Packages

To add the deb-src package in Kali Linux sources.list file, edit the file in /etc/apt/sources.list and uncomment the deb-src line.

Next, update your source packages before proceeding.

NOTE: Ensure you have the dpkg-dev package installed.

Downloading Source Packages

The next step is to download the source package. For this example, we will use vim. Run the commands:

Next, navigate to the vim source package directory

 Modify Package Source Code

The next step is to make changes to the source code as you see fit. I will not get into details because this will depend on the package you are modifying and your targeted needs.

Once you have made your appropriate modifications, save and close the file.

Check for Build Dependencies

Before rebuilding the source packages, you need to install the package dependencies. You can check the required dependencies using the command:

Running this command will display all the required dependencies before rebuilding the package. The result will be empty if no dependencies are required. For vim, you’ll see an output similar to the one shown below:

Installing Build Dependencies

Once you have the list of required dependencies, simply use apt to install them as:

 Building the Source Package

After fulfilling the required dependencies and saving the new source package changes, you can build the new package.

Use the command below to build the new package.

Installing New Package

Once the build completes successfully, you should have a .deb package that you can install using dpkg.

 Conclusion

This quick guide has shown you how to source, modify, and rebuild packages in Kali Linux. Rebuilding packages can be very useful when you want a customized version of a tool.

Thank you for reading.

Offensive Security took note of this and included a mode known called undercover mode in Kali Linux 2019.4.

The undercover mode in Kali Linux is a collection of scripts that allow you to simulate a Windows 10 environment on Kali Linux. It converts the entire interface into a Windows 10 equivalent, limiting the attention you would attract if you were running XFCE with various terminals running and the Kali dragon in the background.

To enable and use Kali Linux undercover mode, you will need to have Kali Linux 2019.4 or later.

Upgrading to 2019.4 or Later

Start by upgrading your distribution using the commands:

You may also need to use XFCE Desktop Environment

Enabling Kali Undercover Mode

To run undercover mode, open the terminal and enter the command:

If you prefer to use GUI, launch the application menu and search for Kali Linux Undercover.

Reverting to Normal Mode

To return to the default mode, enter the command:

Nmap

Network Mapper, commonly used as Nmap, is a free and open-source tool for Network and Port scanning. It is also proficient in many other active information gathering techniques. Nmap is by far the most widely used information-gathering tool used by penetration-testers. It is a CLI based tool, but it also has a GUI based version in the market named Zenmap. It was once a “Unix Only” tool but now supports many other operating systems such as Windows, FreeBSD, OpenBSD, Sun Solaris, and many others. Nmap comes pre-installed in penetration testing distros like Kali Linux and Parrot OS. It can also be installed on other Operating Systems. To do so, seek Nmap here.

Figure 1.1 shows you a normal scan and results. The scan revealed the open ports 902 and 8080. Figure 1.2 shows you a simple service scan, which tells what service is running on the port. Figure 1.3 shows a default script scan. These scripts sometimes reveal interesting information that can be further used in the lateral parts of a pen-test. For more options, type nmap in the terminal, and it will show you the version, usage, and all other options available.

Fig 1.1: Simple Nmap scan

Fig 1.2: Nmap service/version scan

Fig 1.3: Default script scan

Tcpdump

Tcpdump is a free data-network packet analyzer that works on the CLI interface. It allows users to see, read, or capture network traffic being transmitted over a network that is attached to the computer. Originally written in 1988 by four workers at Lawrence Berkely Laboratory Network Research Group, it was organized in 1999 by Michael Richardson and Bill Fenner, who created www.tcpdump.org. It works on all Unix-like operating systems (Linux, Solaris, All BSDs, macOS, SunSolaris, etc). The windows version of Tcpdump is called WinDump and uses WinPcap, the windows alternative for libpcap.

To install tcpdump:

Usage:

For options detail :

Wireshark

Wireshark is an immensely interactive network traffic analyzer. One can dump and analyze packets as they are received. Originally developed by Gerald Combs in 1998 as Ethereal, it was renamed Wireshark in 2006 due to trademark issues. Wireshark also offers different filters so the user can specify what type of traffic to be shown or dumped for later analysis. Wireshark can be downloaded from www.wireshark.org/#download. It is available on most of the common Operating Systems (Windows, Linux, macOS), and comes pre-installed in most penetration distros like Kali Linux and Parrot OS.

Wireshark is a powerful tool and needs a good understanding of basic networking. It converts the traffic into a format that humans can easily read. It can help the users troubleshoot latency problems, dropped packets, or even hacking attempts against your organization. Moreover, it supports up to two thousand network protocols. One may not be able to use all of them as common traffic consists of UDP, TCP, DNS, and ICMP packets.

Amap

Application Mapper (also amap), as the name may suggest, is a tool to map applications on open ports on a device. It is a next generation tool that can discover applications and processes even when they are not running on their conventional ports. For example, if a web server is running on port 1337 instead of the standard port 80, amap can discover this. Amap comes with two prominent modules. First, amapcrap can send mock data to ports to generate some kind of response from the target port, which can later be used for further analysis. Second, amap has the core module, which is the Application Mapper (amap).

Amap usage:

Fig 4.1 Sample amap scan

p0f

p0f is the short form for “passive OS fingerprinting” (A zero is used instead of an O). It is a passive scanner that can identify systems remotely. p0f uses fingerprint techniques to analyze TCP/IP packets and in order to determine different configurations including the operating system of the host. It has the ability to perform this process passively without generating any suspicious traffic. p0f can also read pcap files.

Usage:

Fig 5.1 Sample p0f output
The host has to either connect to your network (spontaneously or induced) or be connected to some entity on your network by some standard means (web browsing, etc.) The host can accept or refuse the connection. This method is able to see through packet firewalls and is not bound by the restrictions of an active fingerprinting. Passive OS fingerprinting is mainly used for attacker profiling, visitor profiling, customer/user profiling, penetration testing, etc.

Cessation

Reconnaissance or Information Gathering is the first step in any penetration test. It is an essential part of the process. Starting a penetration test without a decent recon is like going to a war without knowing where and who you are fighting. As always, there is a world of amazing recon tools apart from the ones above. All thanks to an amazing open-source and cybersecurity community!

Happy Recon!

To gain a better understanding of the functionality of Kali Linux, there are several books that provide guidance for learning the relevant commands and information. These books are categorized into two primary segments. One segment contains books that help you in grasping the concept of hacking. The other segment includes books that will aid you in getting to the core of the Kali Linux OS. This article provides a list of some of the best books available on the subject of Kali Linux that will help you gain a better understanding of this system.

Linux Basics for Hackers

If you are a beginner and simply want to learn more about hacking in Kali Linux, this book is the most suitable one for you. The focus of this book is on hacking, and other subjects featured in the book include networking, scripting, and security. This book ensures that the concepts are explained in a very basic format. So, beginners can understand the basic information without any issues. This book uses the Linux distribution with the perspective of hackers and elaborates on the operating process of Kali Linux. The book constitutes 17 chapters, and each chapter can help you in getting more familiar with the operations of Kali Linux. This book can assist you in recognizing the terminals and their basic commands. It also explains the detailed procedure of how to manipulate text to evaluate and adjust the OS software and files.

If you want to administer your networks in a streamlined manner, then you should consult this book. This book also shares in-depth knowledge of resource allocation, along with teaching a steady command of the start-up and stopping processes. This book gives information about the management of environmental variables to provide amenity and optimal performance. It also teaches the procedure for how to crack the access of Wi-Fi, as well as the operations of kernel drivers.

Buy Here: AMAZON 

Kali Linux Revealed

If you are looking for a description of how to perform a penetration test on your system, then Kali Linux Revealed would be a great recommendation for you. This book is more inclined towards the operating system of Kali, rather than hacking. Even if you are new to Linux, this book can assist you in gaining a more professional understanding of Kali Linux. This book is more inclined towards penetration testing for security, and it contains comprehensive knowledge about the installation of Durbin packages. It shares the complete process of troubleshooting and system security. It helps both in gaining command over the live system and in understanding the forensic model. This book allows you to practice using the main features of Kali Linux.

The book is mainly inclined towards penetration testing and provides the necessary information with regards to security and command of Linux. This book provides information about the operating system of Kali Linux. It also gives a crash course on the security of the system and explains the process for installing the system in the enterprise environment.

Buy Here: AMAZON 

Kali Linux Networking Scanning Cookbook

This book is entirely focused on the scanning techniques used in Kali Linux. It also needs some prior information and experience to gain a better understanding of this book, so it is probably not best for beginners. Its first chapter is directed towards the installation of various servers with the integrated assistance of Kali Linux tools. The book also details how to discover different layers using different tools. It explains the entire segment of scanning and layer discovery step-by-step so that users can grasp the essence of scanning in Kali. It also contains information about footprints, which is a very efficient tool while dealing with Linux. Further, the book also provides comprehensive knowledge about the vulnerabilities of scanning, along with the command of denial of services.

Buy Here: AMAZON 

Learn Kali Linux 2019

This book is for those who are interested in hacking in Kali Linux. It not only discusses the concept of penetration testing but also infuses the process, types, approaches, and phases of penetration testing. Along with other tools, this book emphasizes the creation of a virtual lab by setting up networking and installation of Nessus. It briefly explains the various tools in Kali Linux and their usage by their nature. By reading this book, users can gain a better grasp of the reconnaissance and footprints of Kali Linux.

Buy Here: AMAZON

Mastering Kali Linux for Advanced Penetration Testing

This book is for people at the advanced level of using Kali Linux and is mostly suited for professionals. It covers the domain of testing methodology for penetration testing. It is all about the practical aspects of Linux, and therefore requires prior experience with Kali Linux. This book is under the category of hacking. It not only discusses the configuration but also helps in customizing Kali. This book can be regarded as the guide for the proper usage of Kali Linux tools at a very professional level. It teaches the correct usage of various tools, such as Nessus and Jexbox. This book should be referred to those who have a strong command over the basics of networking and penetration testing in Kali Linux. It is the second edition, so comparing this book with its first edition may help for a better understanding of penetration testing.

Buy Here: AMAZON

Kali Linux Wireless Penetration Testing

This book explains penetration testing of wireless devices in Kali Linux. It can help you to develop your concept of the core functionality of wireless networking. You can learn about the connectivity of wireless networks by reading this book. It is a complete guide, from the requirements to the actual setup of wireless networking. The user will be able to interpret the insecurities of WLAN and its credibility in this book. It discusses all the important features of WLAN, from bypassing, authentication, and encryption to the attacks on WLAN. All the categories of attacking WLAN are discussed in this book. It also enhances understanding of WPS, probes, and WLAN penetration testing.

Buy Here: AMAZON

Kali Linux Ethical Hacker’s Cookbook

This book shares many recipes of which practical implementation can bring you closer to understanding the security of Kali Linux. The book is mainly about hacking and its various features in correspondence with Kali Linux. It is a complete guide with the installation and configuration of the Kali Linux system included. Its primary emphasis is on the strategies of penetration testing by centering around tools like Jexbox and Burp. You can also learn about exploitation tools in this book. It is a good choice if you are looking for books based on hacking.

Buy Here: AMAZON

Basic Security Testing with Kali Linux

This book serves multiple functions, as it is perfect for beginners, but it also provides useful information for the experts in the field. Its focus is on security, dealing with WLAN attacks, and the strengthening of password security. This book provides a useful overview of the practical implementation of password security testing. It also teaches the use of Metasploit and the exploitation of Windows. It is a great pick if you want to learn more about Wi-Fi attacks and password cracking through Kali Linux.

Buy Here: AMAZON

Kali Linux 2: Windows Penetrating Testing

The focus of this book is on penetration testing for Windows and teaches you how to test your system’s security. This book not only helps to create a better understanding of your system, but it also enables you to audit its performance through Kali Linux. The book focuses on the functionality of footprints by giving you the chance to monitor your security, evaluating risk through penetration testing. This book also teaches you how to quickly highlighting the infestation and explains penetration testing with simply explained steps.

Buy Here: AMAZON

Kali Linux Assuring Security by Penetration Testing

This book is focused on penetrating testing to enhance the credibility of operational security. It helps in utilizing the concept of practical aspects to configure networking using Kali Linux. It explains the implementation of various tools, like Nessus for scanning for vulnerabilities and Cisco for password cracking. One of the major components of this book is the subject of target scoping, along with information gathering. It also elaborates on the usage of various tools for target discovery and the implementation of fingerprinting. In addition, you can further expand your concept of TCP/IP protocols by reading this book.

Buy Here: AMAZON

Conclusion

All the books listed above about Kali Linux share the same informational core, but your book selection should be based on your understanding of Kali Linux and your needs as a user. Some books focus on penetration testing, while others are more inclined towards digital forensics. So, it is important to select the right book, according to your level of understanding of Kali Linux, to effectively learn more about this useful OS.

We will be using VirtualBox’s emulated environment to install Kali Linux 2020,.2. VirtualBox can be installed on and is compatible with Windows, macOS, Linux, OpenSolaris, etc. By running multiple operating systems at once through VirtualBox, you don’t need to reboot your machine as compared to when you have them both installed.

A quick introduction to Kali Linux

Kali Linux is a free Linux distribution tailored for pen-testing and network forensics developed and maintained by Offensive Security. Since its release in March of 2013, Kali Linux has become the defacto choice for network and systems security auditing. It was initially released with the still available GENOME interface but now has shifted to the more userfriendly Xfce.

It comes with over 600 built-in penetration testing programs dedicated to reverse engineering, network forensics, and security research such as port scanners, sniffers, packet analyzers, password crackers, host scanners, and so on. If you’ve ever heard of pen testing before, chances are you have also heard of some of its built-in utilities such as Nmap, Wireshark, crunch, jack the ripper, etc.

Despite being so popular, with its name being synonymous with pen testing, Kali Linux OS is completely free- there are absolutely zero purchases, updates, or license fees attached. Kali Linux is updated every now and then by the devs to renew compatibility with other updated software and hardware.

System requirements

The recommended system requirements for a basic setup are:

• HDD space of 30GB
• 2GB or more RAM for i386 and amd64 platforms
• CD-DVD Drive / USB boot support/ VirtualBox

Installation:

Here’s how to go bout installing Kali Linux on your machine.

1: Download VirtualBox and VirtualBox extension pack

Go to the virtualbox.com/wiki/downloads/. You will see that VirtualBox platform packages available for free and for different operating systems. Download it and its extension pack.

2: Install VirtualBox

Once downloaded, install it and the extension pack. Leave everything else that it recommends.

3: Download Kali Linux 2020.20 VirtualBox image.

Visit the Offensive Security homepage. Click on the ellipses on the top right and scroll down to the downloads section, hit “kali Linux with virtual machines”.

You will be redirected to a new page where there will be several tabs on display. Click on the tab below Kali Linux VMware images. Then download either 32bit version or 64-bit version, depending on your machine.

4: Install to VirtualBox’s directory

To Import Kali Linux 2020.2 to VirtualBox, go to VirtualBox > File > Import Appliance. Then:

• Copy the kali-Linux-2020.2-vbox-amd64.ova file from your Downloads Folder
• Find a suitable location with enough space to import this file to
• Import said file to this location
• Check the I agree on Terms and Conditions.

Once imported, you can make the following customizations.

• Right-click Kali VM and select settings
• Enable Bidirectional for both Shared Clipboard and Drag and drop.
• Give it a suitable name or leave it as is.
• Configure Base memory settings and processors somewhere in the green area

5: fire-up Kali Linux

Right-click your virtual machine.

Go to Start > Normal Start. Wait for Kali Linux to load. It’ll take more time than usual since it is the first time.

You’ll be displayed a login screen. Use the default user credentials (both username and password: kali) to log in.

6: Essential Customizations

Here are some of the things we recommend you check on once you’ve successfully installed Kali.

1) Change the default user credentials: Come up with a username and strong password. To change the default password, type $passwd, a write the new password of your choice.

You can also change your root user’s default password by typing:

2) Doublecheck whether the Shared Clipboard and Drag & Drop are enabled. If not, then make changes to enable them.

3) Make sure that the system is up to date.

4) Change keyboard settings.

Go to Kali Menu and type “Keyboard” and select it. Then select the layout and untick the box. Next, click on the” Add” button and change to the layout of your choice and remove the default layout.

7: Getting used to the Kali UI:

There’s no better way to familiarize yourself with the UI than to play with it. As the “Xfce interface” is made user-friendly enough that anyone with basic experiences with similar software can learn intuitively learn to use it.

You can look up a comprehensive guide online, as Kali Linux is a popular tool and have many tutorials available on how to work with it.

Wrapping things up

Welcome to Kali Linux, your ultimate pen testing and cybersecurity auditing tool. You’ve sure made the right choice coming to kali Linux to begin your pen testing career. A suite of a great many tools awaits you and is available at your disposal. But the tools are only as good as the user, so we recommend getting familiarized yourself with Kali’s interface.

In this short guide, we’ve seen how to install Kali Linux with VirtualBox. We chose to install VirtualBox in particular as it is the quickest and easiest method to get Kali up and running. And unlike the more conventional methods, it poses the least security risks to your machine, as it is isolated from your host OS.

Whether you’re looking to become a security specialist or are simply an enthusiast, you’ll surely find a lot of things to be indulged with this Debian based Linux distribution.

Network Ports

There are two different network ports: TCP and UDP. TCP is commonly known as a connection-based protocol, and it requires a formal connection, which is a three-way handshake. UDP is commonly referred to as a connection-less protocol because it does not require a formal connection and does not consider the traffic flow, and this type is currently fading out.

Scans

-O detects the operating system. Detection is based upon signatures because each operating system responds differently to packets.
-V is version detection. This will detect the version of the program and whether the program is running. An alternative to this would be telnet, the IP address, and the port.
-s P is a ping sweep. Nmap gives you the option of using different styles of ping sweep; the default is ICMP, but you can also use TCP syn and TCP act.
-P n skips host discovery.
-s a uses an ACK scan.
-s T is a TCP connect scan, which is a noisy, full TCP connect scan that uses a three-way handshake for syn, synack, and AK. This is a very noisy and lengthy scan, but it is very reliable.
-s s is a stealthy sense counting that uses a partial TCP three-way handshake and is also very quick.

Scans that are effective with Linux- and UNIX-based operating systems but not as effective with Windows include the following:

-s F is a fin scan, also commonly referred to as info in the inverse scan. This bypasses stateful firewalls that have a list of IP addresses that can access the server.
-s X is an Xmas scan.
-s N is a null scan; it sends no parameters.
-s U is a UDP scan.
-s L verifies your subnet.
-s P-PP sends an ICMP timestamp request. It evades ICMP-blocking firewalls.

If you wish to update an NMAP package, enter the following command:

The addition of Kali Linux repositories in the /etc/apt/sources.the list file is important. If you forgot to add them, add the repositories given below in the sources. List files.

Usage of Nmap

In your Linux, Windows, or Mac terminal, type Nmap to perform your scan, including the option and the target specifications. You can pass hostnames, IP addresses networks, etc. Nmap 10.0.2.15 [Target or any I.P Address]. A scan medium map is a great place where you can test your scanning.

TCP Connect Port Scan

The establishment of a TCP connection to a thousand common ports is done using this command.

Use -sU Option to Scan UDP Service

It is not only useful to get information about the other’s computer. It is of paramount importance as it gives you information regarding what server information others can see. Nmap -sV allows you to get ideal information regarding programs running on a machine.

Remote OS Detection

-O detects the operating system. It detects is based upon signatures because each operating system responds differently to packets. This is achieved by using information that Nmap gets through the TCP SYN.

OS Detection, Version Detection, Script Scanning, and Traceroute

Nmap scans thousands of used ports on the machine you are targeting. This process takes a lot of time. If you wish to scan only the most common scans to reduce time consumption, use the -F flag. By using this flag, Nmap only scans the 100 most common ports.

To scan the selected ports using Nmap, use -p. Now, Nmap will only scan the specified ports.

Scan Multiple Ports

Port Range Scan

Fast Port Scan (100 ports) for Multiple IP Addresses

Port Scan within IP Address Range

Disable Host Discovery Port Scan Only

Requested scan (including ping scans) uses tiny fragmented IP packets. Harder for packet filters

s P is a ping sweep. Nmap gives you the option of using different tyles of ping sweep; the default is ICMP, but you can also use TCP syn and TCP act.

Conclusion

With the latest technology and tools, you can easily map the hidden information of any network. Nmap is a popular hacking tool used in Kali Linux for mapping and gathering information. This article gives a brief description of the use of Nmap. Hopefully, it will help you while using Kali Linux.

What Is A MAC Address?

Most manufacturers, like Dell and Cisco, use a unique identifier in the MAC address. This is called the Organizationally Unique Identifier (OUI). This will be helpful in recognizing the manufacturer. The following include the OUIs of some well-known firms:

Dell: 00-14-22, Cisco: 00-40-96, and Nortel: 00-04-DC.

To find out the MAC address for your network hardware, follow the steps listed below:

1. Go to the Activities Overview and type “network.”
2. Click “Network” to open the panel.
3. Select the device from the left pane that is Wi-Fi or wired.
   • For a wired device, the MAC address will appear as a hardware address on the right side.
   • For a wireless device, click “Settings,” and the MAC address of the wireless device will appear as a hardware address.

MAC Address Uses

There are many applications of MAC addresses. One of these applications is in the wireless networks filtering process. The router is set in such a way that it will accept only the specified MAC address. This is done to keep the network safe from strangers because, without it, anyone can access the network. Therefore, if the IP address is changed for any reason, the MAC address will still able to identify the device.

Filtering is used to track and limit network user access. Other uses of MAC addresses include recognizing the device that is stolen, and whether the system is connected to the internet.

Due to this reason, institutions and companies frequently take and record the MAC addresses of user devices. It is therefore essential for a system owner not to share their MAC address with anyone. Only authorized people or organizations should know the address.

MAC addresses are also used to connect to a wireless device to recover data. Cleverfiles has developed an app for recovering data, known as Disk Drill. The app works by looking for and scanning the lost files in two modes, a Deep scan, and a Quick scan. For the Quick scan, metadata is used that is available in the system file, while the Deep scan will dig deeper into the binary level. After filtering, you will get the resulting output. Disk Drill is a free app available for both Windows and Mac OS. You can also download it free of cost.

It is essential to find out the MAC address of a particular device for many purposes. This is done to look for the location, to recover the data, to connect the device, and to set up the filtering process.

Finding the MAC Address

To find the IP address in Linux machines, write the following terminal command in the terminal emulator:

To look for the MAC address in Windows 7 or 8, an essential step is to open a cmd window. Once the command prompt opens, enter the following command:

After entering the above command, you will see a list of different values and tables. Under the description of the physical address, you will see a MAC address in the list. The process of finding the MAC address on a Mac computer is a bit different. To find a Mac system MAC address, go to the utilities first, and then start the terminal app. Here, you will type the following:

The PC will show all the network interfaces with their MAC addresses on the Apple computer.

To find the MAC address on an iPhone, follow these next steps. First, go to the Home Menu, then Settings, then General, and finally, go to About. Here, you will see the MAC address, which can be seen under the Wi-Fi address settings.

Changing the MAC Address

Normally, the MAC address can neither be changed nor modified, as they are defined by the manufacturers. But, it is possible to change the MAC IP address. For this purpose, several different techniques can be used. As an example, the National Security Agency (NSA) in the United States contains a system to track the movement of people via their MAC addresses. Apple will begin using random MAC addresses in their devices when scanning different networks.

A temporary MAC address can be added to devices running on Linux. You can change the MAC address by executing the terminal command given below:

Conclusion

This article covered many useful details about MAC addresses, including how to find MAC address in a Kali Linux machine. Hopefully, this article will help you in processes requiring you to use the system’s MAC address.

Introduction

Wireless fidelity, or Wi-Fi, is a type of technology employed to provide connectivity to a computer network without a cable or hardwired connection. Wi-Fi works within the 2.4 Ghz to 5 Ghz range and should not interfere with cellphones, broadcast radio, television, or handheld radios. Wi-Fi functions by transmitting data over radio waves between a client device and a device called a router. A router can transmit data to systems internally, or externally to the Internet. Wi-Fi is neither more nor less secure than a traditional hard-wired network but is instead a completely different interface. The most important thing to remember is that Wired Equivalent Privacy (WEP) was released in 1997 and is easy to break into. WEP can be broken in minutes or less. Your modern devices will not work with the WEP network and most routers no longer support it. The updated WEP can also be broken into through hacking methods.

Hacking

Simply put, to crack or break into someone’s personal information is known as hacking. Hackers can easily access to your personal device or computer. They can crack your passcodes and get access to your wireless network. They can bypass the security of the wireless network and break in, no matter what type of encryption the user is using.

Typically, if you want to break in into someone’s wireless network, you will first need to know about the encryption being used. As mentioned earlier, the WPE type network has not been secure for quite some time. It can generally be broken into in a matter of minutes. The same is true with the WPA network if you use a weak password. However, if you use a strong password, it is relatively secure, except for WPS7 PIN. This is a hardware base vulnerability that a lot of routers use, allowing hackers to get the pin that provides complete access to the router. This is usually an eight-digit number written at the bottom of the router. You can derive this number by following the steps below.

Open Kali Linux Terminal

The first step is to simply open the Kali Linux terminal. To do so, press ALT+CTRL+T. You can also press on the terminal app icon to open the terminal.

Enter Command for aircrack-ng Installation

The next step is to install aircrack-ng. Enter the following command to do so:

Enter Password to Log In

Enter your root password to enable access. After entering the login password, press the Enter button to continue.

Install aircrack-ng

Soon after logging in, press the Y button. This will enable the installation of aircrack-ng.

Turn on airmon-ng

Airmon-ng is the software used to convert the managed mode into the monitor mode. Use the following command to turn on airmon-ng:

Find Monitor Name

The next step is to find the monitor name to continue hacking. You can view the monitor name in the interface column. In some cases, you may not be able to view the monitor name. This error occurs if your card is not supported.

Begin Monitoring the Network

Enter the following command to begin the monitoring process:

If you are targeting some other network, then you should replace ‘wlan0’ with the correct network name.

Enable Monitor Mode Interface

The following command is used to enable the monitor mode interface:

Kill Processes that Return Errors

Your system may cause some interference. Use the following command to remove this error.

Review Monitor Interface

The next step is to review the monitor name. In this case, it is named ‘wlan0mon.’

Get Names of All Routers

The names of all available routers will appear after you enter the following command.

Find the Name of the Router

You will first need to find the name of the specific router that you want to hack.

Ensure that the Router Uses WPA or WPA2 Security

If the WPA name appears on the screen, then you can continue hacking.

Note the MAC address and channel number.

This is the basic information about the network. You can view them on the left side of the network.

Monitor the Selected Network

Use the following command to monitor the details of the network you want to hack.

Wait for Handshake

Wait until you see ‘WPA HANDSHAKE’ written on your screen.

Exit the window by pressing CTRL+C. A cap file will appear on your computer screen.

Rename the cap File

For your ease, you can edit the name of the file. Use the following command for this purpose:

Convert File into hccapx Format

You can convert the file into hccapx format easily with the help of the Kali converter.

Use the following command to do so:

Install naive-hash-cat

Now, you can crack the password by using this service. Use the following command to begin cracking.

Run naive-hash-cat

To run the naive-hash-cat service, enter the following command:

Wait for the Network Password to Be Cracked

As soon as the password is cracked, it will be mentioned in the file. This process can take months or even years to complete. Enter the following command when this process gets completed to save the password. The cracked password is shown in the last screenshot.
[cc lang=”bash” width=”780″]
$ aircrack-ng -a2 -b MAC -w rockyou.txt name.cap
[cc]

Conclusion

By using Kali Linux and its tools, hacking can become easy. You can easily get access to the passwords by just following the steps listed above. Hopefully, this article will help you to crack the password and become an ethical hacker.

Kali was released in 2013 as essentially a complete rebranding of BackTrack Linux with a GNOME interface. The developers trimmed all the fat off of BackTrack by removing its subpar utilities and updating the ones that were acclaimed in the whitehat community.

The Kali OS includes over 600 tools in total, is completely free, and has an open-source Git tree publically available. Kali Linux is so well-known among cybersecurity professionals that its name has practically become synonymous with pen-testing.

Supports

• Single-board systems like Raspberry Pi and BeagleBone Black
• Beagle Board computers
• Samsung’s ARM Chromebook
• And many other platforms

Updating Kali Linux

The following sections will show you a step-by-step process for updating your Kali Linux system.

1. Configure Kali Linux Repositories

First, look for the Kali repositories, as you must first adjust them before updating. Double-check that your sources.list file at/etc/apt/sources.list has all the relevant Kali repositories, which include the following:

b https://http.kali.org/kali kali-rolling main non-free contrib

deb-sources https://http.kali.org/kali kali-rolling main non-free contrib

Be sure to use only the official Kali repositories, as using external unofficial repositories can jeopardize the system security of the host. Using repositories other than those that have been officially released by the Kali team can harm your system.

2. Start Update

You will first need to update the package indices list before you can update the Kali Linux system. To do so, enter the following syntax into the command terminal:

Then, check for the updates that have been released by entering the following command:

Enter the following command to individually update each package:

Or, enter the command below to update all packages simultaneously:

Wait for the updates to download and install completely. This will take some time; how much time depends upon your system specs.

The updates have finished installing, but we are not done just yet!

3. Update Held-Back Packages

It could be that you have not actually updated all the packages, as not all of them are listed. This issue is likely due to package dependency issues or could have some other issue associated with it.

Nonetheless, you can check whether there are any shortcomings in the updates you have downloaded by entering the following command in the terminal:

The procedure to download the held-back packages is the same as that used for downloading the listed packages. Enter the following command to individually download each package:

Or, you can enter the command below to download all of the packages at once:

4. Uninstall Obsolete Packages

To remove any outdated packages on your system, use the following command:

Conclusion

In short, to optimally upgrade your Kali system, all you need to do is just configure the repositories and install updates with the “$ sudo apt upgrade command.” It is as simple as that.

Remember to be mindful when you are using third-party repositories. This could potentially break your Kali system, in which case you would have to install Kali all over again. Also, be sure to free up some HDD space by deleting any outdated packages.

A Hex Editor is a software you can use to edit the hexadecimal values of data. In simple words, a file saved in any device can be edited, whether it is an image, video, or software. Hex Editing is the simplest form of game hacking that does not rely on cheat codes or anything of that sort. Instead, it is a single-player game hacking method. There are multiplayer hacking methods that are similar and usually involve resource editing. The only tools we need in this case are the Windows calculator and the HxD Hex Editor.

Where Hex Editor Is Used

Every piece of data is stored in the form of decimals. Parts of the data can easily be edited by using a Hex Editor. This software is mainly used by programmers or software engineers. It is used for finding out a file type that is not supported by Adobe, games and file hacking, debugging, and editing.

Below are listed some of the best Hex Editors that can be used in Kali Linux.

Xxd Hex Editor

Have you ever wanted to convert binary into the command line? Well, there is an easy way to create a Hex dump of a file using the Xxd Command in Linux. The data viewed in the form of hexadecimal is known as hex dump. You may wish to use hexadecimal when debugging a program or to reverse engineer a program. So, the Xxd command is very useful if you deal with binary content, if you want to see some binary files or to reverse engineer.

HexEdit Hex Editor

Another Hex Editor used to edit binary data is the HexEdit Hex Editor. Unlike the Xxd Hex Editor, HexEdit also shows the ASCII (numerical coding) form of the file. Mostly, this editor is used for modern operating systems, including Linux and Windows.

Hexyl Hex Editor

The different categories of bytes include ASCII, non-ASCII, NULL bytes, ASCII whitespace, etc. For convenience, these categories are differentiated by means of different colors. The Hexyl Hex Editor is a tool that provides the ability to differentiate various bytes by indicating them in different colors. Hexyl also gives information about the number of bytes, plus their textual representation. The Hexyl Hex editor does come with some limitations. The installation process for the Hexyl Hex Editor varies from OS to OS. So, before going for this Hex Editor, you should first check the installation process for your OS.

GHex-GNOME Hex Editor

A Hex Decimal Editor, GHex is available for your Linux system. There are a variety of Hex Editors in programs that you can use to display the hexadecimal data. Ghex is a decent option because it automatically converts binary into a decimal, octal, or hexadecimal value. It also finds the offset you are looking for and counts it. All you need to do is to simply select the bytes, and in the end, GHex will do the conversion automatically, which can be helpful to many people.

Bless Hex Editor

The Blex Hex Editor is one of the most advanced Hex Editors and is quite similar to the previous editor listed above. You can edit large file data using the Bless Hex Editor. It is a very powerful tool that can be used to search for your selves. You can easily recover data written in PHP. Bless Hex Editor has an advanced feature of editing data and can efficiently undo-redo the instructions.

Oketta Editor

Every Hex Editor has specific features that make it unique. The Oketta Hex Editor is well known for opening multiple remote files by HTTP and FTP. It is one of the simplest Hex Editors for editing or reviewing hex data.

WxhexEditor

Another advanced Hex Editor for editing the data is WxhexEditor. This Hex Editor is best for files in larger devices. WxhexEditor can be operated on various platforms, including Windows, Linux, Mac, and BSD. One of the best advanced features of Wxhexeditor is its lower memory consumption and faster working speed. It can also fix bugs, which makes the version usable again in case of errors.

Hexcurse-Console Hex Editor

The Hexcurse-Console Hex Editor is one of the most popular Hex Editors for Kali Linux. You can easily open the files and edit the data using this tool. You can also switch between HEX and ASCII formats with Hexcurse.

Hexer Binary Editor

The Hexer Binary Hex Editor is a multi-buffer editor with amazing features, including multi-file editing and multi-level undo for binary regular expressions. The Hexer Binary Editor differs from other editors in that it is a Vi-style editor.

Installing HexEdit in Kali Linux

You can install the HexEdit Hex Editor on an Ubuntu system using the terminal. First, you will need to open a browser and download the installer file of HexEdit for Linux. You may create a new dictionary into which to transfer the installer file, but his step is not mandatory, as the installer will prompt you to do so during installation.

Open the terminal and follow the steps below to install HexEdit in Kali Linux.

First, navigate to the dictionary in which you have saved the installer file.

The second step is to add another source.

The HexEdit package is ready to install.

As you have launched HexEdit for the first time, it is launched by an auto prompt given by the system. Now, you can easily use HexEdit in the Kali Linux guide.

Conclusion

The above article included a brief description of all the Hex Editors that are best to use in Kali Linux. You can choose any Hex Editor from the list above after viewing the instructions and demands of your OS.

Uses

3 Ways to Use Kali Linux Monitor Mode

If you have the wireless adapter that supports Monitor Mode, then you can easily set the wireless interface. The following sections list some of the ways that you can use Monitor Mode in Kali Linux.

1. Enable Monitor Mode Using iw

First, we will take a look at the use of the iw Wi-Fi configuration tool. It is used for configuring Wi-Fi in particular and can be more powerful than other tools. You might have already used iw for several other purposes, for example, to obtain information about your Wi-Fi network. In fact, this tool can even give you more information about different commands. The iw list gives you much more information about wireless wlan0, interface modes, HT, bit rates, scanning, etc.

The first step is to check the interface information. You can do so by entering the following:

The output will look like the following window:

To access the traffic of other people, you will have to switch this over to Monitor Mode. You can switch iw to Monitor Mode by entering the commands given below:

IFACE replaced the actual name, as shown:

The next step is to check the wireless interface one more time by entering the following command:

The output of the aforementioned commands can be seen in the window above.

Wondering how to get back to the Managed Mode? To do so, enter the following commands:

IFACE replaced the actual name, as shown:

2. Enable Monitor Mode Using airmon-ng

If you have already tried enabling Monitor Mode using iw and failed, then another method you can use to enable Monitor Mode is through airmon-ng.

The first step is to get information about your wireless interface. Do so by issuing the following command:

The output of the above command is as follows:

You will want to kill any process that can interfere with using the adapter in Monitor Mode. To do so, you can use a program called airmon-ng, simply entering the following commands:

Now, you should enable Monitor Mode without any interference.

Wlan0mon has now been created.

Use the following commands to disable Monitor Mode and return to Managed Mode:

Enter the following command to restart the network manager:

3. Enable Monitor Mode Using iwconfig

As in previous sections, check your interface name via the following command:

The next step is to enable Monitor Mode. Do so by entering the following commands:

Furthermore,

Disable Monitor Mode

Turn off the Network Manager that Prevents Monitor Mode

Conclusion

Enabling Monitor Mode is a great method for sniffing and spying around your network and router. There are a number of ways to enable Monitor Mode. Every method does not work for every adapter. So, try out any of the methods listed above if your adapter does not behave as expected.

Kali Linux is the number one security operating system of today, and this is the operating system that the programming world prefers to use to perform penetration testing, or pen-testing. Pen-testing is a methodology where people check their own systems and their own architectures to find vulnerabilities. It is a Debian-based system and widely considered one of the best options for hackers. Kali Linux was developed by offensive security as a rewrite of Backtrack, a Linux distribution that focuses on security. Kali Linux is a distribution that offers many hacking and penetration tools that are up-to-date and software by default and is widely recognized by different Windows users.

Kali Linux requires a minimum storage space of 20 GB to install and begin working. Kali Linux is a heavyweight OS and needs 1GB of RAM. This OS uses a variety of tools that require graphical hardware acceleration using the latest GPUs.

How to Reset the Root Password

Say you come to the login screen of Kali Linux and you have forgotten your password. If you enter the wrong password, it is going to say that the password is incorrect and to try again. At this point, you should simply restart Kali Linux.

The next sections provide instructions you can follow to reset your password in Kali Linux.

Boot into GRUB Menu

Once you get to the menu after reboot, be sure to hit the up or down arrow keys to cancel timeout to prevent the system from going into default mode.

Edit the GRUB Menu

Highlight ‘Advanced options for Kali GNU/Linux.’

Press the E key.

Look out for the line that starts with “Linux.”

In the Linux section, replace ‘o’ in the ‘ro_single’ with ‘w’ to make it ‘rw_single’ in the Linux line.

At the end of this line, hit the space key on the keyboard and type 'init=/bin/bash.’

Press fn+f10 on the keyboard.

Change the Password

Enter the emulator command given below to change the existing password:

Now, type your new password next to the ‘New Password’ option and hit the Enter key.

Retype your new password, after which you will see a message saying ‘password updated successfully.’

You have now reset your password successfully by following the previous steps.

Now, select the Kali/Linux option and hit the Enter key.

Provide your username, i.e., the root username, and your new password.

Click the sign-in button, and you will see that the system is now functioning properly for the root user.

Conclusion

After reading this article, forgetting the password of Kali Linux should no longer be an issue for you. You can simply reset your password by following the simple steps listed above. I hope this article has helped you in solving this issue.

Using the information covered in this article, you can keep files even after turning off the computer. By default, if you save files on a bootable USB, they are lost when you turn off the PC. This is because instead of files being saved to our USB Drive, they are instead saved in the memory, which is lost when you turn off the PC. So, the term “persistent drive” means that you can save files to a partition on the drive, and you will be able to come back to it whenever you need it. This is useful if you want to save things like logs and report modules for Metasploit or Python files for different attacks, but do not have Kali Linux installed on the new device, such as a hard drive. It can be much easier just to carry around a flash drive of a full copy of Kali Linux on the drive with all your tools.

Download Kali Linux 2020 (Live) Image

For Kali Linux USB persistence, you will need a pen drive with a minimum of 8GB storage capacity and an ISO image of Kali Linux.

You can download the Kali Linux ISO image from Kali.org/downloads. Various options will appear. Click on “Kali Linux 64-Bit (Live)” and start downloading. This is a 64-bit IOS image of Kali Linux. If your systems support only 32-Bit, then you can choose the 34-Bit Kali Linux link to begin downloading. Download the IOS image according to your system. If you do not know your system’s requirements, press Windows + R. Type “msinfo32” into the search bar, and the information you need to know about your system will appear.

Write Kali Linux 2020 Live ISO to USB

Universal USB Installer or UNetbootin is the tool used to write your ISO into the USB Drive. This article will teach you how to use the Universal USB Installer to write the IOS.

The first step is to install and run the UniverMenuSB Installer tool. From the menu, click on the Kali Linux option. Next, browse the KalMenu on your system. From the menu, click on the USB Drive. Click on the checkbox titled “Fat 32 format drive.” The last step is to click the “Create” button. This process will require some time to complete.

Resize USB Partition

Now, you will need to set up the partitions to continue with Kali Linux Persistence. A partition manager is used for this purpose. You can choose your partition manager according to your individual preference and your system requirements. The best tool I know for partition configuration is the Minitool Partition Wizard. Install this tool and run it on your system. After running the tool, select “disk and partition management.”

The USB drive contains a blue space bar. Right-click on this bar and select “Resize.”

Create Persistence Partition

To store all your files, data, and Kali settings, you will need to create a persistence partition. For this step, right-click on the “Unallocated” option and press the “Create” button. Click on the “Yes” button if any message appears saying that this partition is not supported by the windows. Click “EXT4” in the file system available in the Menu. Type “persistence” in the partition label to continue the process. You can use the partition size of your choice, but generally, the best option is to choose the maximum partition size.

The final step is to click “Apply” and save the changes. This process will also take some time.

Boot into Kali 2020 Live USB

The next step is to boot into Kali Live from the USB into your PC. Continue pressing the shift button, along with the restart button in the windows. Other keys, such as the f12, f2, ESC, or DEL buttons, may also help you perform the same function. Select the “Live System” option in the Kali Linux Menu.

Mount Persistence Partition

The next step is to check the disk devices and partition. Use fdisk for this purpose.

First, type in the following command.

Find the USB drive in a different list of partitions. It will be named as Linux below the type column.

Create a mount called “my_usb.” Follow these commands to confirm your device type. It should be sdb2; otherwise, persistence will not work.

Create the new file persistence.conf.

Type the following command in this new file.

Conclusion

Finally, the whole process is completed. Now, you may restart your system. Remember to always select the Live System option (persistence, check kali.org/prst). By following these steps, you can save your data and Kali Linux in the USB, and you can carry the saved system with you anywhere that you would like. I hope this article will make ethical hacking and pen-testing work easier for you.

Wireless Testing and Tools

This article will discuss Network Reconnaissance and the tools used for its activation.

Network Reconnaissance for Beginners

How can you target something you cannot see? For this purpose, there is a footprinting tool known as Nmap. If you are annoyed by your neighbors continuously using your WiFi, you can use this tool to scan your entire home network. Nmap can show you every device that is connected and gives all information about the target device. It is also used to scan servers or routers. You can download Nmap from any website, such as nmap.org. It is available for popular operating systems, such as Linux and Windows. Nmap is pre-installed for Kali Linux, you just have to launch it and run the program. All you have to do is open Nmap and enter your route password, and there you go.

Nmap for Local Networks

Nmap is a great Network Reconnaissance tool used for scanning the data connected to any device. You can scan all the up servers and systems and check the weaknesses of the network and OS. You can check for live systems, open ports, perform banner grabbing, prepare proxies, view the IP address and the OS version, and other details about the connected device with Nmap. To receive this information, enter the following command:

Nmap for Remote Networks

Nmap sends TCP and UDP packets to the remote host and analyzes nearly every part of the response. Nmap also performs tests, such as TCP. In a nutshell, Nmap is used for the determination of network inventory, as well as how vulnerable the host is. Nmap also provides remote OS detection. OS detection is finding what operating system is running on the target machine using TCP/IP stack fingerprinting. The following command code can help you for this purpose:

Configure Nmap to Scan a Single Target

To monitor someone’s every move, scanning their device is the best option. By running Nmap, you can get detailed information about the IP address, OS version, and all the websites connected to the device on your network. Nmap Scanning is useful even you are scanning for a single target. This can be done by scanning your local server by running Nmap. The following command code can be used to scan a single target:

Calculate the subnet and Scan a Range to Discover Devices

Nmap can discover all the devices, IP addresses, and MAC addresses connected to a server. You can find a subnet range of all the devices by using a simple tool known as IPcalc. The subnet range is the range of the IP addresses that are available or connected to a network. To list all devices in the subnet range, enter the following command:

Create a Target List of Active Hosts

After determining all the IP addresses in the given range, you can get more information by using the –A attribute with the command. You can also obtain a file containing lists of your active host by following the Nmap terminal command below:

Identify the Operating System on Discovered Devices

A useful thing to know about a device is its OS. By using Nmap, you can identify and detect the operating system the device is using. Use the following terminal emulator command to do so:

Using Nmap, you can also obtain information about the applications and their versions via the following command:

Advanced Scans and Workarounds

Nmap may stop working due to router issues. In this case, you may experience difficulties in scanning the data. You can solve this issue by adding –Pn, which can drop and beep facing by the router. If you do not want to be detected by other people for scanning, then you can add –D.

Conclusion

If you want to explore the devices that are connected to the network, then Nmap is your best option for this task. Nmap is a de facto scanning tool that scans for live hosts, OS, and open ports. It is an open tool available for all platforms. The main purpose of Nmap is that of network penetration tester; in other words, Network Reconnaissance. I hope that the concepts discussed in this article are enough for you to get the basic idea of Network Reconnaissance and tools used to perform this task in Kali Linux.

Backbox

Parrot Security

Parrot Security is one of the leading Linux distributions in penetration testing and ethical hacking. It is a Debian-based Linux distribution operating system built by the Frozen Box Network for cloud-oriented penetration testing and computer forensics, reverse engineering, hacking, and many other security purposes. Parrot Security uses MATE as its desktop environment. It supports anonymity and encrypted tools, including several tools for penetration testing. Parrot Security is available as the most updated system.

BlackArch

BlackArch is an Arch Linux-based security research and penetration testing distribution. It contains a depository consisting of more than 2500 tools that are growing day by day. The collection of BlackArch tools can be built on top of Arch Linux.

Bugtraq

Butgtraq is a great option among Linux distros, consisting of a wide variety of laboratory and penetration testing tools with easy anonymity. It is based on XFCE, KDE, and GNOME in Debian, Ubuntu, and OpenSUSE versions. Bugtraq includes automated tools and optimized systems, including a variety of penetration testing tools: Forensics, Pen Testing, Malware Laboratories, Smartphone Security, etc.

Deft Linux

Deft is one of the best distros of Linux and is made up of the GNU/Linux and Digital Advanced Response Toolkit, also known as DART. Deft Linux is based on Ubuntu for uses related to computer forensics in Italy and information security. It runs a system without interfering with the computer and its boot drives and provides the LXDE desktop WINE for window tools.

Samurai Web Testing Framework

Samurai web testing is based on Ubuntu and includes some of the finest tools used for attacking and accessing different websites. It is developed for penetration testing on the web. Samurai is supported by VMware and VirtualBox and comes as a virtual machine. It has a Wiki setup that is pre-built for storing information during penetration tests.

Pentoo Linux

Pentoo a Linux distribution that focuses on penetration testing and security. It is a live CD based on Gentoo with a selection of tools and can perform penetration testing. Pentoo includes various features, applications, and tools necessary for this function. It works with the help of XFCE, which is a desktop environment. Gentoo users can install Pentoo as an overlay on the Gentoo OS.

CAINE

CAINE is a live distribution forensic project and offers a complete digital forensic environment. It consists of tools that are easy to use and that are developed for digital forensics. CAINE also comes with a helpful graphical interface, providing a practical environment that supports digital investigators.

Network Security Toolkit

Network Security Toolkit (NST) is a bootable live CD based on Fedora that overviews and runs installation in the VMware workstation. It uses Fluxbox, MATE, and Openbox for the desktop environment. The main purpose of this toolkit is to provide a comprehensive set of open security tools to the administrator. NST also has an advanced web user interface for network monitoring with tidy organization of tools and applications.

Fedora Security Spin

Fedora Security spin is a Fedora distribution that is a secure system designed for the purpose of monitoring security and is mostly used for educational purposes. It has frequently updated software and has a variety of spinoffs. It is truly open source and is intended to help the community, and is the best suitable distro in education.

This Linux distro helps teachers and students with security methodologies, e.g., Forensic analysis and security of information.

ArchStrike

Previously known as ArchAssault, ArchStrike is best known for having a number of security and penetration tools. If you are interested in ethical hacking, you can install ArchStrike instead of Kali Linux, and you will find plenty of security and tool options with this distro.

Other Distributions

The list above is not exhaustive. There are many other Linux distros for you to use, for instance:

• Sabayon Linux
• Mageia
• Kanotix

Conclusion

Linux systems are popular for everyday activities, such as emailing and browsing and is a commonly used open operating system. Linux-based distributions provide a broad approach for hackers and are best suited for security-based work. The distributions mentioned above mentioned include some of the best Linux distributions for ethical hacking and penetration.

Kali Linux 2020

It is very compatible with almost more than 300 tools just for security testing. As penetration testing being the main focus of Kali Linux, this version provides opportunities to test the current security of your system. If you want to buy this version online, then all the instructions for the installation and usage come along. It is always best to keep your system up to date with the latest versions. It can help in strengthening your system security as well.

Buy Here: Amazon 

2020 Multiboot USB Flash Drive

It is the latest version, but with more space, it falls in the category of the live operating system with a bigger size and greater speed. It contains 15 bootable systems in its live Kali Linux OS. It is available in 32 GB to ensure fast operational activity. Just like all the other live OS of Kali Linux, this version also provides vast flexibility in penetration testing and digital forensics. It provides the user with the feasibility to use the Kali by accessing its tools to get a better hold on the operating system of Kali Linux. Just like other versions of live Kali OS, you can carry it with you to maximizing its utilization in as many systems as you like.

This version of kali Linux OS contains all the bug fixes in the previous versions. It also includes one additional image for the process of installation of Kali Linux is to facilitate the users by reducing the complications on the process.

Buy Here: Amazon 

Linux Kali 2019.4

This USB stick of Kali Linux is available in 32/64 bits. It provides the accessibility to install the operating system of Kali Linux with the bootable properties. It grants the easy of the utilization of the live operating system of kali. By installing the live Kali, the user can easily access the penetration testing tools and techniques. It is one of the very famous distributions of Linux hacking. Provides the proper pathway towards ethical hacking. This version is compatible with the windows, and the operating system of Mac X.

All the data available in the device is encrypted. By installing the Kali Linux OS, you can use it for multi-tasking. The OS of Kali Linux has found great usage in mining the cryptocurrency for the various income generation purposes. It is very suitable for the professionals in IT as well as for the ones with basic concepts of Kali Linux. It is also one of the versions that has very good reviews.

Buy Here: Amazon

Linux Mega Pack 2019

This USB stick is like a mega package of the Kali Linux live operating system offering four flavors in a single USB stick. It is available in 16 GB that is more inclined towards the small size rather than the maximum read/write cycle. This version is quite limited and isn’t always readily available. But it contains all the information to install this version on the different systems readily.

The feature of perseverance has been added in this version of the live OS of Kali Linux. It is in the default menu, allowing you to retain all of your documents even across the rebooting of the Kali Linux. It is very convenient for those who are using Kali Linux and are expecting to retain all their documents in the system before replaying the previous OS with the latest one.

Buy Here: Amazon 

Kali Linux 2018.3

This is the version of 2018.3; it contains all the specifications needed in the live Kali Linux OS for ethical hacking. It 64-bit OS in 16 GB USB stick. It provides the function of booting and penetration testing. If you intend to buy it online, then it comes along with the CD that contains the hacking course and the installation procedure.

It also contains the support programs of Linux. Different tools are added in this version that involves IDB for penetration testing, gdb-peda for assisting in the development of GDB.

Metasploit has also been added as a framework to perform recon techniques. Last, the addition of Kerberos as an assessment tool. The up-gradation of various tools is also a part of this version. Air crack-ng, burp suite, wpscan. Openvas and wifite are in their updated form in this version.

Buy Here: Amazon

Tail 4, Kali 2018 Ubuntu 18.04

The USB stick is designed explicitly per the Kali Linux OS. It helps in gaining a better understanding of Kali Linux by providing access to functions like the booting and loading of Linux without impacting the operating system of the host. Using this USB stick, it becomes convenient for the user to handle kali Linux without affecting the current operating system. It is very compatible with all the latest laptops and computers with the modified technology. Its installation is accessible in all the languages, making it easier for the user to understand.

Its specification involves its internal space of 8 GB with the long term support of 64 bits. It contains tail 3.10.1 with kali 2018. The Ubuntu 18.04 is the version used with Kali Linux OS in this USB stick and hence is considered very much compatible. While buying it online, it mostly comes along with the installation guide and boot repair, making it convenient to use.

Buy Here: Amazon 

Kali Linux 2017.1

This USB stick is mostly for multiboot purposes. It is referred to as 7 in 1 flash drive because it contains seven flavors of the Linux. The seven flavors include Kali, Cinnamon Mint, Ubuntu, Fedora, Elementary operating system, Manjaro, and Zorin. It is one of the most famous distributions of Linux with very good reviews. It is compatible with almost all the versions of computers with different technologies. You can use it in as many systems as you want. If you are looking for the complete package of the Linux live operating system, then it surely is a good choice as it doesn’t require you to purchase the different flavors separately.

This version of kali Linux OS provides streamlined support to crack CUDA GPU. It also provides an open VAS 9 package in the repositories of Kali. This version is unique as it supports RTL8812Au insertion of the wireless card. The NC series of Azure in this version allows the pass-through GPU support for the formation of AWS and azure images that, in turn, assists in cracking CUDA GPU out of their box.

Buy Here: Amazon

Conclusion

All the different version of Kali Linux live operating system ultimately assists in the penetration testing to secure the system. It also facilitates cracking various elements using the tools to gain the maximum usability of the Kali Linux. Every new version brings with it some new features that are making it very easy for the users in the IT field to operate the system. All the USB mentioned above sticks contain a different version of the Kali Linux live operating system. Some USB sticks of Kali Linux provide all the flavors of Linux distribution that is an ultimate advantage for the users. There are almost 600 tools in the OS of Kali Linux that you can carry around with you in the form of a portable USB stick containing the live Kali Linux system in it. Also, it doesn’t harm your existing system making it a very reliable OS.

Gathering Information:

The first step to initiate a penetration test is to collect maximum information about the system. This helps you to understand whether the system could be investigated from outside or if potential attackers could extract any data. Factors that significantly may amplify the chance of a successful attack include port protocols, product architecture, entry points, software versions, and Information about technologies. Your goal is to prevent potential attackers from extracting this Information from your product.

DNSMap:

DNSMap is used by DNSMap Testers to examine infrastructure security and collect Information about IP netblocks, domain names, subdomains, and so on. At the enumeration stage, this utility is utilized for the subdomain in brute-forcing.

This method proves very helpful when other methods like zone transfer don’t bring up the required results.

Network Mapper (Nmap):

A famous open-source utility for security and penetration testing is Network Mapper (Nmap). The raw Information is used to obtain the Information present in the host network and implementation of the firewall.

The result viewer (Zenmap) and a tool for comparing results (Ndiff) are some other features of Nmap. Having official binary packages for “Linux”, “Windows”, and “macOS”, it goes well with all operating systems. Speed, universality, and efficiency make it a popular tool for host and network scanning, so if you are ambiguous about the initial point, go with Nmap.

Arp-scan:

Arp scan is a tool that scans networks with Ethernet ARP packets, Layer-2, and Mac. Feedback can be received by sending ARP packets to defined hosts on your local network. ARP packets can be sent to numerous hosts using output bandwidth and configurable packet rate. It also makes uncomplicated to examine large address spaces. Outgoing ARP packets are to be constructed carefully. All fields of Ethernet frame header and ARP packets can easily be controlled by arp-scan. Received ARP packets are decoded and displayed. A specified targeted host can also be fingerprinted with its arp-fingerprint tool.

SSLsplit:

An additional high favored tool for testing penetration and network forensics is known as SSLsplit.

It is able to conduct a man in the middle (MITM) attacks in opposition to the network connections which work out with the SSL / TLS. It can stop the connections as well as has the ability to reorient the connections. It begins a novel connection to the initial location address and logs all the details transferred after the termination of an authentic SSL/TLS connection.

Plain TCP along with SSL, HTTP/HTTPS connections via IPv4 and IPv6 are supported by SSLsplit. Sign forged X509v3 certificates on-the-fly can be generated for SSL and HTTPS connections. It relies on libraries like OpenSSL, libcap, and libevent 2.x and also on liner 1.1.x, etc. STARTTLS mechanism is genetically supported by SSLsplit.

Analysis of vulnerabilities:

One of the important stages in pen testing is the analysis of vulnerabilities. It’s quite similar to collecting Information. However, here we have a specific goal of finding the weaknesses that can be exploited by an attacker. It’s a significant stage as vulnerability makes your system prone to cyberattacks. The efficient use of just one or two vulnerability tools is enough. Here is a list of the best eight tools, which are used to test and analyze the vulnerability.

APT2:

For automated penetration testing, the best tool to be used is APT2. Scanning and transferring the outcomes from various tools is one of its main functions. APT2 utilizes the processes consequences for introducing clear and enumeration modules in line with the configurable Safe Level and enumerated service information. It stores module results that are received on some localhost and combines them to the general knowledge base, which can be accessed by users from within the application in order to watch the results received from the exploit module. Its main advantage is its high flexibility and granular control over its behavior with the configurability of Safe Level. It comprises detailed documentation and is easy to use. However, the updates aren’t frequent. The recent update was made in March. 2018.

BruteXSS:

BruteXSS is another powerful tool being used for brute-forcing and fast cross-site, which scripts brute. From a certain wordlist, many payloads are transferred to certain factors. Certain measures and parameters are made to check the vulnerability of XXS. XSS brute-forcing, XSS scanning, support for GET/POST requests, and Custom word lists constitute its important characteristics. It has a user-friendly UI along with support for GET/POST; therefore, it’s very compatible with most web applications. And it is more précised.

CrackMapExec:

CrackMapExec is a tool for testing windows and Active Directory environments using multiple technologies such as PowerSploit repository as its modules.

Logged users can be enumerated and shares SMB folders can be indexed along with performing peace attacks and NTDS.dit dumping, automatic injection of Mimikaz/Shellcode/DDL into the memory using PowerShell, etc. Its main advantages include the Clear Python scripts, fully parallel multithreading, and the use of only native WinAPI calls to detect sessions, thus reducing the risk of errors, users and SAM hash dumping, etc. It is almost undetectable by security scanners and uses plain Python scripts without depending on any external library. It is rather complex and worth the effort, as most of its analogy isn’t very accurate and functional.

SQLmap:

SQLmap is another open-source tool that helps you to automate the perception along with it the utilization of SQL injection errors and commandment of database servers.

SQLmap support MySQL, Oracle, and IBM DB2 are the most popular components of the database management system

Six main SQL injection techniques:

• Time-based blind, error-based, UNION query, stacked queries, and out-of-band, and Boolean based. User’s Information such as enumeration, roles, password hashes, tables, and columns, privileges, and databases.
• A dictionary-based attack with recognition of password and supporting the password cracking.
• Find the specific database names, tables, or columns in database tables.
• Using MySQL, PostgreSQL, or Microsoft SQL Server software to download and upload any software files.
• Perform the commands on the database operating system and finding their standard output and organizing a connection that is out-of-band stateful TCP between your database server operating system and the device of the attacker.
• Increase user privileges for database execution through MetaSplit’s Metapter Gate system command. It comprises of an influential search engine which can also be introduced on a Windows little with an old homepage.

Open Vulnerability Assessment System (OpenVAS):

This framework can monitor network hosts and find security issues along with determining severity and controlling the ways of dealing with them. It detects host vulnerable due to old software usage or misconfiguration. It scans open ports of hosts being monitored, sends packets which are specially formed to copy an attack, authorizes on a specific host, gets access to a panel of admins, can run various commands, etc. It provides a set of Network Vulnerability Tests (NVT), which classifies the threat by providing 50000 security tests. CVE and Opens CAP check the description of known problems. OpenSCAP is completely free as well as it is compatible with the Virtual Box, Hyper-V virtualization systems, and ESXi and supports OVAL, ARF, XCCFF, CVSS, CVE, and CCE.

After installing it, you’ll need time to update the present version of NVT databases.

Sniffing and spoofing traffic:

Traffic sniffing and traffic spoofing is the next step. It is an interesting and equally important step in penetration testing. While performing penetration testing, sniffing and spoofing can be used for a variety of different reasons.

It is used to identify network vulnerabilities and locations that attackers can target, which is an important use of sniffing and spoofing traffic.  Paths from which the packets pass through your network can be checked and to see what information packets contain if they are encrypted or not and many more.

The possibility of the packet being caught by an attacker and accessing important information that is a threat to the security of your network. Furthermore, if an intervening a packet by an enemy and then also replacing the original with a malignant one, can turn into the destruction of the consequences. With the help of encryption, tunnelling, and other similar techniques, it is your objective to make it as difficult as possible to sniff and spoof packets sent across your network. For sniffing and forging some best tools are used. The following are the tools used for this purpose.

Burp Suite:

To run the web application test of security Burp Suite is the best choice to choose. It consists of a number of different tools that are proved to be very efficient to use in every step of the vulnerability testing process, site map creation, web application attack level analysis. Burp Suite provides full control over the testing process, and it allows you to combine high-level automation with advanced manual techniques. It is ultimately making penetration testing swift and effectual.

Burp Suite includes:

A sniffing proxy has used that checks and monitor the traffic. Moreover, it edits the traffic sent between your browser and the targeted side. An advanced web application scanner diagnoses different levels of hazards instinctively. In the application spider to crawl both content and functionality. It also adds to commentators, backslider, and sequencer gadgets.

It can redeem the work and then can also resume it when in need. You can simply mention your extensions to carry out a certain complex and more customizable piece of work because it is adaptable. Similar to the other security testing tools, it also harms and damages the other web applications. For this matter, you should always construct backup copies of the application you have tested before using Burp Suite. And do not apply it in opposition to the systems to which you cannot access permission to test it.

Note that Burp Suite is a product that is salaried and is not a free open source gadget that is dissimilar to a lot of other tools that are mentioned in this article. Its usage is not difficult at all as it comprises the intuitive interface as well, so novice teens can also apply it. It contains a number of strong characteristics that can benefit new testers, and you can customize it as per your need.

DNSChef:

Malware analyst and pen testing hackers can use the DNSchef because it is highly configurable and functions efficiently. Feedbacks can be generated, which is based on lists of both included and excluded domains. Different types of DNS data which is assisted by DNSChef. It can take part in competing domains with wildcards and can proxy real responses to asynchronous domains and define external configuration files.

DNS Proxy is a very useful instrument that is used to inspect application network traffic. For example, a DNS proxy can be used for fake requests to point to a real host anywhere on the Internet for badgoo.com but to a local machine that will process the request. Or will stop it. Only initial filtering is applied, or it signalizes to one IP address for all DNS queries. DNS Chef is mandatory for a resilient system and was created as part of a penetration test.

DNS proxies are helpful when an application has no other way to use another proxy server. The same is the case with a few mobile phones that does not regard the operating system and the system because of the HTTP proxy. This proxy (DNSchef) is the best to run all types of applications and directly enables the connection with the targeted site.

OWASP Zed Attack Proxy:

OWASP, probably the most used vulnerability and security scanner on the web. Many hackers widely use it. Leading benefits of OWASP ZAP includes that it is free, open-source, and cross-platform. Also, it is actively supported by volunteers from all over the world and is fully internationalized.

The ZAP comprises a number of significant characteristics, including some automatic and inactive scanners, proxy server interface, dawn, and traditional and AJAX web crawlers.

You can use OWASP ZAP to automatically detect security vulnerabilities in your web applications during development and testing. It is also used for experienced penetration tests to conduct manual security tests.

MITMf:

MITM FM is a popular framework for MITM attacks based on Sergio Proxy and is primarily an attempt to revitalize the project.

The MITMf is two in one tool that has the ability to attack the network and MITM.  For this purpose, it was constantly introducing and improving all the attacks and techniques available. Initially, MITMf was designed to address critical issues with other tools, such as malware and eater caps. But later, to ensure high-level framework scalability, it was completely rewritten so that every user could use MITMf to carry out their MITM attacks.

Main features of the MITMf framework:

• Preventing locating the configuration file by using DHCP or DNS (Web Proxy Auto-Discovery Protocol).
• The responder tool integration (LLMNR, MDNS poisoning, NBT-NS)
• Built-in DNS (domain name server), SMB (server message block), and HTTP (hypertext transfer protocol) servers.
• SSL Strip proxy, which bypassed HSTS (HTTP strict transport security) and modified the HTTP too.
• NBT-NS, LLMNR, and MDNS poisoning are directly related to the offender tool. Furthermore, the Web Proxy Auto-Discovery Protocol (WPAD) Supports the Fraud Server.

Wireshark:

Wire Shark is a well-known network protocol analyst. This allows you to observe every action at the micro-level. Wire share network is the barometer in many industries for traffic analysis. The Wire Shark is the successor of the 1998 project. Soon after the success, all the experts around the globe started developing the wire shark.

Wireshark has some of the most decent features to test the network and but sometimes, especially for the newbies, it’s doesn’t seem to be quite easy to operate as its built structure needs good documentation of the features to operate.

• Offline mode and a very powerful display filtering.
• Rich VoIP(voice over internet protocol) analysis.
• Ethernet and other multiple types can be used to read live data (IEEE, PPP, etc.).
• Capturing RAW USB traffic.
• Multiple platform support.
• Decryption ability for many protocols.
• Refined data display.
• Plugins can be created.

Pen testing of web applications:

Pentesting is another name of a penetration test, which is also known as ethical hacking, as it’s a legal and permissible way to hack your system so to test the loopholes and various vulnerabilities of your web application. A modern web application comprises a complex architecture, and with that, it also carries various hazards with different levels of intensity. A lot of application works and are linked directly to the international payment techniques and services of order etc. For example, you have an eCommerce website; you should have to test the payment gateway of your website prior to making it live to the customers so that there won’t be any mishap with the client’s payment date or payment methods.

Following are five essential Kali Linux tools and their brief introduction:

ATSCAN:

ATSCAN is a tool which is very efficient for advanced search, massive exploitation of the dark, and automatic detection of vulnerable websites. It is very useful for substructing known search engines, including Google, Bing, Yandex, Esco.com, and Sogo.

ATSCAN is a scanner that will scan your website or script for the vulnerabilities, especially in the admin pages, as hacking the admin page of a website means hacking the entire website as from the admin page, the hacker can perform any activity he wants.

It is obtainable for all recommended platforms. ATSCAN has the ability to diagnose Dark completely, execute external commands, find the admin pages, and automatic detection of all types of errors. For instance, different scanners such as XSS scanners, LFI / AFD scanners, etc. are used.

Iron WASP:

To detect web application security, we use IronWSP, which is free, open-source equipment. Though initially, it originated for Windows primarily supporting Python and Ruby on rails, it also works for Linux. Its majorly supports Python and Ruby, but it can also use all sort of plugins and modules that are written in C # and VB.NET.

IronWSP has a simple graphical interface that is easy to use and is supported by a powerful scanning engine and recording of continuous recording. In addition, it has the capability to detect web applications for more than 25 types of known vulnerabilities. IronWASP includes a large variety of built-in modules and provides a number of specific tools:

• WiHawk — A Wi-Fi router vulnerability scanner
• XmlChor — An automatic exploitation tool for XPATH injection
• IronSAP — An SAP security scanner
• SSL Security Checker — A scanner for detecting SSL installation vulnerabilities
• OWASP Skanda — An automatic SSRF operation tool
• CSRF PoC Generator — A tool for generating exploits for CSRF vulnerabilities
• HAWAS — A tool for automatically detecting and decoding encoded strings and hashes on websites

Nikto:

Nikto is an open-source tool for scanning web servers that scans all of the dangerous files, data, and programs on any type of web servers such as Linux, Windows or BSD servers. Nikto inspects web servers to diagnose potential troubles and security threats by testing. This includes:

• Invalid settings in web server or software files
• Unsafe files and programs
• Default files and programs
• Historical services and programs

Nikto can work on any platform with the Pearl environment because it is made on LibWhisker2 (via RFP). Host authentication, proxy, payload encoding, and much more are fully supported.

Conclusion:

Every penetration tester must know about Kali Linux tool because it is very strong and convenient to use. The final choice to use the tools will always depend on the tasks and goals of your current project even though it offers a complete set of tools at every stage of penetration tests. It offers and has the ability to show completely higher levels of accuracy and performance. This special technique is done by using different tools in different situations.

This article includes the most famous, easy, and commonly used Kali Linux tools for different functions. The functions include collecting the Information, analyzing different vulnerabilities, sniffing, connection, and interacting with fake network traffic, stress testing, and interacting with web applications. Many of these tools are not meant for investigative and security audit purposes. And it should be strictly prohibited in networks that do not grant permission.

Introduction:

Userland refers to space outside of an operating system kernel, meaning anything that doesn’t have root access. We can use an app to install Kali Linux or any other android operating system supported on Nexus or Oneplus unrooted Android phones. While this is pretty incredible but, there are some limitations to this. In general, you can communicate with the instance of whatever Linux device you want via SSH or VNC. VNC gives you a full graphic user style interface, whereas SSH is more simple but limits you to the command line. The best device for hackers is an android phone in which the Kali Linux is installed because mobile phones are more convenient and portable than laptops or personal computers. Let us see how we can use Kali Linux Nethunter on unrooted Android phones.

Requirements:

To follow along, you will need any unrooted Android phone. You can use any android phone because it doesn’t need to be rooted to work.

The second thing you need is an efficient internet connection.

Installation:

You need to install NetHunter app from the following link: https://store.nethunter.com/

After installing the store, you need to install the following things such as Hacker’s keyboard, Nethunter Kex client, and Termux. You may get stuck while installing Termux, as the option of installing does not appear. In this case, you need to ignore this and press the enter button.

Write the following command on the Termux application.

How to use:

After opening the Termux app, you can go for one of the following options given below.

If the KeX is running in the background but has no password, then you have to open KeX again and need to enter the required password. This is done using the command below.

KeX can send back by pressing CTRL+Z and,

If you want to use KeX, You have to start the KeX client. After this, you need to enter your password and press the connect button.

You can also customize the setting for a better and decent review. You can do this by pressing the option of Advance Setting.

Tips:

You can use the following tips for a better function of Kali Linux. If you have enough storage space in your android phone, you can run apt to install Kali Linux in a full version as well. For this purpose, you need to run an apt update after the complete installation of Kali Linux.

You have to install Chromium because unrooted devices do not support firefox. Edit the application by clicking on the application menu.

Not all the penetrating tools work on unrooted Android devices. The same is the case with the utilities.

Type the following command in the Termux for a regular backup.

Conclusion:

Ethical hacking can easily be done via your mobile phones by just sampling installing Kali Linux following the steps mentioned above. Depending upon your convenience, you may also use SSH for this purpose.

CeWL tool:

Crunch tool:

This password attack tool generates a wordlist where standard or customized character set can be specified for usage. It generates all the possible password combinations in a very quick process. It can also break up the results by file size and support in case of any difficulty. It supports numbers, symbols. Crunch supports uppercase and lowercase letters and also generates a status report of multiple files.

Hashcat tool:

This is one of the most popular, fast, and expert password recovery tools. It supports 5 unique attack modes for 300 plus highly-optimized hashing algos. It can support CPU, GPU, and many more hardware accelerators and helps to work on distributed password cracking. It has numerous different options to support multiple arguments during password recovery.

John the ripper toolkit:

“John the ripper” is a fast and reliable toolkit that contains numerous cracking modes, and it is highly customizable and configurable according to your requirements. By default, John can work with many hash types, including traditional DES, bigcrypt, FreeBSD MD5, Blowfish, BSDI extended DES, Kerberos, and MS Windows LM hashes. It also supports other DES-based tripcodes, but they need to be configured. It can also work on SHA hashes and Sun MD5 hashes. It also supports OpenSSH private keys, PDF files, ZIP, RAR archives, Kerberos TGT.

It has many scripts for various purposes such as unafs (warning about weak passwords), unshadows (passwords and shadows files combined), unique (duplicates are removed from wordlist).

Medusa tool:

Medusa is a brute-forcer login tool that is a very fast, reliable, and modular design. It supports many services that allow remote authentication. It supports multi thread-based parallel testing, and it also has flexible user input, a modular design that can support independent brute force services. It also supports many protocols such as SMB, HTTP, POP3, MSSQL, SSH version 2, and many more.

Ncrack tool:

A very fast network authentication cracking tool that helps organizations to secure their networks against password attacks. It searches for poor passwords by testing their hosts and networking devices. It has several components and works like the NMAP tool having a dynamic engine to work on network feedback. It has fast and reliable auditing services for multiple hosts. It is very easy to use and has sophisticated brute force attacks, timing templates, and a flexible interface for complete control of the network processes. It supports multiple protocols such as SSH, FTP, HTTPS, TELNET, IMAP, SIP, SMB, PostgreSQL, MS-SQL, MySQL, MongoDB, and many more.

Ophcrack tool:

Ophcrack is an opensource windows password cracking tool. It is based on rainbow tables and is very efficient. It has a graphical user interface as well as a command-line interface and supports multi-platforms. It has audit mode, brute force mode, debugging mode, loading hashes.

Wordlists utility:

The wordlists is a password attack tool that includes a wordlist and symlinks to several password files that are in the Kali Linux distro. The package is pre-installed in Kali Linux 2020.1, and it is an open-source tool so it can be downloaded.

Hydra tool:

This password attack tool is a centralized parallel login crack with several attack protocols. It is highly flexible, quick, reliable, and customizable for the addition of new modules. This tool can obtain unauthorized access remotely to a system, and that is very important for security professionals. It works with Cisco AAA, Cisco authorization, FTP, HTTPS GET/POST/PROXY, IMAP, MySQL, MSSQL, Oracle, PostgreSQL, SIP, POP3, SMTP, SSHkey, SSH and many more.

Mimikatz tool:

Mimikatz is a C language tool that works with windows security. It extracts passwords, PINs, Hash codes, and Kerberos tickets from host memory and saves it in a plain text file. It executes three services, i.e., pass the ticket, pass the hash, and built Golden tickets. This is an open-source tool and comes pre-installed in Kali Linux 2020.1 update.

Chntpw:

This tool helps to view information and change passwords in windows NT/2000 based DB files. This tool overwrites old passwords. It has a simple registry editor that can revoke or invoke registries in the windows database file. This tool can also be used as offline password recovery utility; just add this to custom image disk.

THC-pptp-bruter tool:

This brute forcer tool works against pptp VPN endpoints. It is a standalone package and uses TCP port 1723. It supports MSchapV2 authentication and is tested against enormous cisco gateways and windows files. This brute force tool tries 300 passwords in a second and exploits a vulnerability in Microsoft anti-brute-force operation.

Rsmangler tool:

This tool gets a wordlist and then do different operations on it just like John the Ripper tool. It takes an input of words and generates all of these transformations and the acronym of words, and then it is applied to other mangles.

Conclusion:

All of these password attack tools are open-source and can be downloaded from the Kali repository or GitHub Repository.

Bully:

A C-language tool that implements a WPS brute force attack that exploits the design flaws in a WPS protected device. It is reflected as an improved tool than the original Reaver code, as it incorporates limited dependencies, enhanced CPU and memory performance, precise management of errors, and a wide range of decisions. It includes various enhancements in detecting and handling of abnormal situations. It is tested on several Wi-Fi vendors that had different configuration settings with successful results. It is open-source and specifically designed for Linux operating systems.

Reaver:

To recover WPA / WPA2 passphrases, Reaver adopts a brute force against Wi-Fi Protected Setup (WPS) registrar PINs. Reaver is built to be a reliable and effective WPS attack tool and is tested against a broad range of access points and WPS frameworks.

Reaver can recover the desired Access point WPA/WPA2 secured password in 4-10 hours, depending on the Access Point. But in actual practice, this time might be reduced to half.

Fern wifi cracker:

A Python software tool that uses the Python Qt GUI library to perform wireless security attacks and auditing. Fern wifi cracker can crack and recover lost WPA/WEP and WPS keys. It can also launch network-based attacks on ethernet or wireless networks. It has a graphical user interface and very easy to use.

It supports WEP key cracking with many attacks such as ARP request replay, fragment attacks, caffe-latte attacks, or chop-chop attacks. It can also launch a dictionary-based attack or WPS attacks for cracking WPA/WPA2 key. After a successful attack, the recovered key is stored in a database. It has an automatic Access Point (AP) attack system and can hijack sessions in different ethernet modes. Fern can also track AP Mac address and Geographical location. It can launch brute force and internal man-in-the-middle engine attacks on HTTP, HTTPS, TELNET and FTP servers.

Spooftooph:

Spooftooph is a Bluetooth device automatic spoofing and cloning tool, and it makes a Bluetooth device disappear by cloning it. It can clone and save Bluetooth device information. It generates a new random Bluetooth profile based on the spoofed information, and the profiles get changed after a defined time. All you have to do is list down device information for Bluetooth interface and clone a device that is selected from a scan log.

Aircrack-ng:

Aircrack-ng is one of the most popular toolkits in Kali Linux and is widely used in other distros as well. It is a key cracking utility for Wi-Fi 802.11 WEP and WPA-PSK, and through capturing data packets, keys are recovered. It launches Fluhrer, Mantin, and Shamir (FMS) attack with optimization attacks like PTW attack and KoreK attacks that in turns makes this WEP key cracking tool faster than other tools.

Kismet:

It detects, sniffs an 802.11 wireless network, and also works as an intrusion detection system. It works on layer 2 of a wireless network, but it can work with only those wireless cards that can support rfmon mode. It sniffs 802.11 a/b/g/n data traffic. Kismet can use various other programs to play audial alarms for reading out network summaries, events or deliver GPS location coordinates. Kismet has three different tools for core, client, and server.

PixieWPS:

PixieWPS is a C language tool that uses brute force attacks to offline the WPS pin and exploits the low entropy of some Access Points, and this attack is called pixie dust attack. It is an opensource tool that can perform checksum optimization, produce small Diffie-Hellman keys while working with the Reaver tool. It can reduce the entropy level of some Access point seeds from 32 to 25 bit, and this is done to achieve the requirement of C LCG pseudo-random function.

Wifite:

Wifite is a highly customizable tool with only a few arguments, and it is used for attacking networks that are encrypted by WEP, WPA, and WPS keys simultaneously. It is also known as “set it and forget it” auditing tool for wireless networks. It finds targets by their signal strength in which is measured in decibels (dB) and starts cracking the closest AP first. It de-authenticates clients on a hidden network to automatically show their SSIDs. It contains several filters for specifying a target for attack. It can change MAC address to a unique random address before attacking, and when it is done attacking the original MAC address is restored. Upon exit, the session summary is displayed with cracked keys, and cracked passwords are saved to local file cracked.txt.

Conclusion:

These are the “must-have” tools when performing wireless attacks in Kali Linux. All of these tools are open source and included in Kali Linux 2020.1 version.