Kali Linux 2018:Windows Penetration Testing
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Sharpening the Saw

A craftsman is only as good as his tools and tools need to be set up and maintained. Since you have an idea of what Kali Linux distro you are interested in installing, this chapter will help you set up and configure your personal versions of the platform. Kali Linux is versatile and can be used in several use cases.

When you first decided to use Kali Linux, you probably hadn't thought about the various common and uncommon uses. This chapter introduces you to ups that will work best for your Windows penetration testing requirements, the documentation tools that we use to make sure that the results of the tests are prepared and presented properly, and the details of Linux services that you need to operate these tools. Many books, including the first book Wolf Halton wrote about penetration testing, set its chapters in the order of the sub-menus in the Kali Security desktop. We found this to be less than intuitive. We have put all the setup at the beginning to reduce confusion for first-time Kali users, and because some things, such as the documentation tools, must be understood before you start using the other tools. The reason why the title of this chapter is Sharpening the Saw is because a poor workman, or an inexperienced hacker, blames his tools, a skilled craftsman spends a bit more time preparing tools so their work goes faster.

In the Kali Gnome3 Desktop Menu, there is a sub-menu called Favorites, and on your first run these tools will be the tools that the creators of Kali Linux believe to be the most indispensable weapons for a working security analyst to understand. In this chapter, after installation and setup, we are going to show you the tools we use most. These may become your favorites. The following screenshot shows the Favorites menu at default. The defaults are as follows:

  • Firefox ESR: A web browser
  • Terminal: A Bash Terminal emulator
  • Files: A file manager similar to Windows Explorer.exe
  • metasploit framework: the gold standard of exploit frameworks
  • armitage: A GUI front-end for metasploit
  • burpsuite: A web-application attack proxy
  • beef xss framework: A cross-site scripting tool
  • faraday IDE: A multi-user pen testing environment with over 70 supported tools including Metasploit, Burpsuite, Terminal, and many others
  • Leafpad: Text editing application

Many system services on Kali Linux are the same as those on Ubuntu and other Linux servers based upon the Debian platform, but because there are security tools that use a client/server model, there are services that will need to have their servers started early to run your tests successfully.

We will learn the following topics in this chapter

  • Installing Kali Linux to an encrypted USB drive
  • Running Kali from the Live DVD
  • Installing and configuring applications
  • Setting up and configuring OpenVAS
  • Reporting tests
  • Running services on Kali Linux
上一章目录下一章