Kali Linux BY BLAZE STERLING

Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion

What is Kali Linux?  Advanced penetration testing and security auditing linux distribution  300+ build in penetration testing tools  Free / Open source  FHS (File Hierarchy Standard) compliant  Secure development environment  Spin off of Backtrack

Using Kali Linux  Install to hard disk  10 GB disk space  USB / CD-DVD  Live USB Install  2GB capacity  Win32 Disk Imager  Android devices  5 GB free space  Network install  Virtual Machine  Run in side another OS

Included Kali Tools  Information Gathering  Dnsdict6  Nmap  Urlcrazy  IDS/IPS (Intrusion Detection/Protection System)  Fragrouter  Network Scanners  Dnmap  Netdiscover  Traffic Analysis  intrace

Included tools continued  Vulnerability Analysis  Cisco tools  Yersinia  Web Vulnerability Scanner  ProxyStrike  Cadaver  Wireless Attacks  Bluelog  Spooftooph  Wireless Tools  Aircrack

Information Gathering Tools DNSDICT6  Finds all sub-domains of a website or web server  Enumerates all IPv4 and IPv6 addresses to extract dumps  Sub-domains  IP information  Powerful for extracting sub domains that are restricted  Tutorials Online  Google  Youtube

Information Gathering Tools NMap  Security Scanner  Gordon Lyon  Discovers hosts and services on a computer network and creates a map of the network  Special Packets  Analyzes reponses  Host discovery  Service discovery  Operating system detections

IDP / IPS Fragrouter  Intercepts, Modifies, and rewrites traffic destined for a specified host  Routes network traffic in a way that eludes IDS  Uses  Test IDS timeout and reassembly  Test TCP/IP scrubbing  Test firewalls  Evade Passive OS fingerprinting

Network Scanners DNMap  Framework for distributing nmap scans among many clients  Client/Server architecture  Server knows what to do  Clients do it  Clients work when server is offline  Real time statistics of the clients and their targets  Scans very large networks quickly

Traffic Analysis Intrace  Works along the same lines as Fragrouter  Enumerates IP hops exploiting TCP connections to display the path of packets over the network  Network reconnaissance  Who is connected to who  Firewall bypassing

Vulnerability Analysis Cisco Auditing Tool  Perl script that scans cisco routers for common vulnerabilities  Default passwords, usernames  Easy to guess names and passwords  IOS bug history  Hijack a router  Test router security  Password  username

Web Vulnerability Scanner ProxyStrike  Active web application proxy designed to find vulnerabilities while browsing a web application  Mainly javascript  Sql injection and XSS plugins  Listens to port 8008 and analyzes all the parameters of applications running in the port for vulnerabilities

Wireless Attacks Bluelog  Bluetooth scanner and logger with optional web front-end designed for site surveys and traffic monitoring  One of the only ones with a UI  Find devices with Bluetooth enabled  Records logs of all traffic over Bluetooth

Wireless Tools Aircrack  WEP and WPA-PSK key cracking program that can recover keys once enough data packets have been captured  Steal internet  Gain unauthorized network access  One of the fastest network key cracking softwares

Conclusion  Security focused Linux Distribution  300+ security tools  Spin off of popular backtrack  Multiple ways to run  Hard drive  USB / Live CD  Virtual Machine  Detailed Look at some tools  To many to cover them all

References  know-your-backtrack.html know-your-backtrack.html   installation-screen-shots/ installation-screen-shots/    v1-perl-script.html v1-perl-script.html