How to Conduct a Security Assessment with Aircrack-ng and Reaver
Kali Linux is an open-source, Debian-based Linux distribution that is geared toward various cyber security tasks. Developed by Mati Aharoni and Devon Kearns, and initially released on March 13, 2013, under the Offensive Security Company as a re-write of the BlackTrack operating system. This OS was originally meant to focus on Kernel Auditing.
Kali offers around 600 penetration-testing tools and was most prominently featured on the television show Mr. Robot.
The tagline of Kali Linux is "the quieter you become, the more you are able to hear", which is displayed on some of the system's backgrounds.
Kali Linux is distributed in both 32-bit and 64-bit images for use on host devices based on the x86 instruction set. There are also images available for ARM-based processors for use on the Beagle Board computer and Samsung's ARM Chromebook.
These devices include the following computers:
- Asus Chromebook Flip C100P
- BeagleBone Black
- HP Chromebook
- CubieBoard 2
- Raspberry Pi
- Odroid U2
- Odroid XU
- Odroid XU3
- Samsung Chromebook
- Utilite Pro
- Galaxy Note 10.1
Kali Linux is also officially available on Android devices thanks to the arrival of Kali NetHunter and officially supports the following devices...
and is available on more devices through unofficial community builds.
Minimum Hardware requirements
- A minimum of 20GB of hard disk space for installation depending on the version, Version 2020.2 requires at least 20GB.
- A minimum of 2GB RAM for i386 and AMD64 architectures.
- A bootable CD-DVD drive or a USB stick.
- A minimum of an Intel Core i3 or an AMD E1 processor for good performance.
Recommended Hardware Specs
- 50 GB of hard disk space, SSD preferred
- At least 2 GB of RAM
Kali Linux features a dedicated project for Android Devices named Kali NetHunter and is the first open-source Android penetration testing platform. Kali NetHunter supports the following...
- Wireless 802.11 frame injection
- One-click MANA Evil Access Point setups
- HID keyboard
- Bad USB MITM attacks
Kali Linux also features a forensic mode, which was carried over from Kali's predecessor BackTrack. This feature is meant to be used with Kali's bootable USB/CD as a way to make it easy to apply for a forensic job.
When booted into the forensic mode, the system does not touch the internal hard drive or swap space, and auto mounting is disabled.
Kali Linux features some of the following security tools
- Nmap: A powerful network scanning tool that helps discover hosts and services on a network.
- Recon-ng: A reconnaissance framework that gathers information about targets from various sources.
- Maltego: A data mining tool used for information gathering and visualizing relationships between entities.
- theHarvester: A tool for extracting information about targets from public sources like search engines, social media, and DNS records.
- Dmitry: A tool for gathering intelligence about a target by performing deep web searches.
- dnsenum: A DNS enumeration tool used to gather information about DNS records.
- OpenVAS: A comprehensive vulnerability scanner for identifying security issues in target systems.
- Nikto: A web server vulnerability scanner that helps in finding potential vulnerabilities and misconfigurations.
- Nessus: A widely used vulnerability scanner that scans for vulnerabilities across various platforms and applications.
- Wireshark: A network protocol analyzer that captures and analyzes network traffic to identify vulnerabilities.
- Burp Suite: A web application security testing platform that assists in discovering and exploiting vulnerabilities.
- Nexpose: A vulnerability management solution that identifies vulnerabilities in network infrastructure.
Web Application Analysis
- OWASP ZAP: A web application security scanner that helps in finding vulnerabilities in web applications.
- Skipfish: A web application security scanner designed to discover security vulnerabilities.
- Wfuzz: A web application brute-forcer used for discovering hidden resources and finding security vulnerabilities.
- Dirb: A web content scanner used to discover hidden directories and files on a web server.
- WPScan: A WordPress vulnerability scanner that identifies security issues in WordPress installations.
- sqlmap: A powerful tool for automating SQL injection detection and exploitation in web applications.
- Aircrack-ng: A suite of tools for wireless network auditing, including capturing packets, cracking encryption keys, and performing other wireless attacks.
- Kismet: A wireless network detector, sniffer, and intrusion detection system.
- Reaver: A tool for testing the security of Wi-Fi networks that use WPS (Wi-Fi Protected Setup).
- Wireshark: A network protocol analyzer that can be used for capturing and analyzing wireless network traffic.
- Fern Wi-Fi Cracker: A wireless security auditing tool that helps in cracking WEP, WPA, and WPS keys.
- Bully: A WPS vulnerability attack tool designed to exploit weak points in WPS-enabled routers.
- Metasploit Framework: A powerful framework for developing, testing, and executing exploits against target systems.
- Social Engineer Toolkit (SET): A framework for simulating social engineering attacks, including phishing, website cloning, and payload generation.
- BeEF (The Browser Exploitation Framework): A tool for exploiting web browser vulnerabilities and controlling them remotely.
- Armitage: A graphical user interface for the Metasploit Framework that simplifies penetration testing and exploit development.
- SQLninja: A tool for exploiting SQL injection vulnerabilities in web applications.
- RouterSploit: A framework for testing the security of routers, including discovering vulnerabilities and exploiting them.
- Autopsy: A digital forensics platform for analyzing and investigating computer systems and storage media.
- Sleuth Kit: A collection of command-line tools for digital forensics analysis.
- Volatility: A memory forensics framework that helps in analyzing and extracting information from memory dumps.
- Wireshark: A network protocol analyzer that can also be used for forensic analysis of network traffic.
- Guymager: A forensic imaging tool used for creating disk images of storage media.
- Foremost: A file carving tool used for recovering deleted files from disk images.
- Siege: An HTTP/HTTPS stress testing and benchmarking utility.
- SlowHTTPTest: A tool for testing HTTP server robustness by launching slow HTTP attacks.
- LOIC (Low Orbit Ion Cannon): A network stress testing tool used for conducting Distributed Denial of Service (DDoS) attacks.
- Hping: A network tool for performing various network security tasks, including stress testing and network scanning.
- THC Hydra: A fast network login cracker that supports various protocols and performs brute-force attacks.
- Xerosploit: A penetration testing tool for performing advanced MITM (Man-in-the-Middle) attacks.
- John the Ripper: A fast password cracker that uses various methods, including dictionary, brute-force, and hybrid attacks.
- Hashcat: A powerful password recovery tool that supports various algorithms and attack modes.
- Hydra: A versatile network login cracker that supports numerous protocols and performs brute-force attacks.
- Medusa: A high-performance network password cracking tool supporting various protocols and parallelized attacks.
- CeWL: A custom wordlist generator that crawls target websites to create a wordlist for password cracking.
- Crunch: A wordlist generator that creates customized wordlists based on specified criteria.
Sniffing & Spoofing
- Ettercap: A comprehensive suite for man-in-the-middle attacks, including sniffing, protocol analysis, and network manipulation.
- Bettercap: A powerful network attack framework that performs sniffing, spoofing, and MITM attacks.
- Wireshark: A network protocol analyzer used for capturing and analyzing network traffic, including sniffing packets.
- Tcpdump: A command-line packet analyzer that captures and analyzes network traffic.
- MITMf: A versatile framework for performing Man-in-the-Middle attacks, including sniffing, spoofing, and injecting malicious content.
- DNSChef: A DNS spoofing tool that allows you to forge DNS responses, redirect traffic, and perform various DNS-based attacks.
- GDB (GNU Debugger): A command-line debugger that enables analyzing and debugging compiled programs and binaries.
- Radare2: A command-line framework for reverse engineering and analyzing binaries, supporting multiple architectures.
- IDA Pro: A popular and powerful interactive disassembler and debugger for analyzing binary files.
- OllyDbg: A 32-bit assembly-level debugger for analyzing and reverse engineering Windows executables.
- apktool: A tool for reverse engineering Android APK files to extract resources and analyze application behavior.
- JD-GUI: A Java decompiler that allows you to decompile and view Java source code from compiled .class files.
Social Engineering Tools
- Social Engineer Toolkit (SET): A comprehensive framework for simulating multiple social engineering attacks, including phishing emails, website cloning, and creating malicious payloads.
- BeEF (The Browser Exploitation Framework): A powerful tool for launching browser-based attacks. BeEF allows you to exploit vulnerabilities in web browsers and control them remotely.
- Maltego: A versatile tool for information gathering and data mining. It helps in gathering and analyzing information about individuals, organizations, or online footprints, assisting with social engineering reconnaissance.
- Metasploit Framework: Although primarily known for exploitation, the Metasploit Framework includes modules and payloads specifically designed for social engineering attacks, such as creating malicious documents or deploying malicious websites.
- Cupp: A tool for generating custom wordlists based on personal information, facilitating password cracking and targeted social engineering attacks.
- Harvester: Harvester is a tool for harvesting user information from public sources, including search engines, social media platforms, and online directories, which can be useful for social engineering reconnaissance.
- Wifiphisher: This tool automates phishing attacks against Wi-Fi networks, tricking users into revealing sensitive information by presenting them with rogue access points or captive portals.