About Kali Linux Tools And Information
Today's topic is about an kali linux and its Information Tools. previous video we have thought that what is collagen and and its information today we are going to talk about understood every information. so when you are trying to hack others are you want to prevent us from the hackers we should use the tools in Kali Linux in some cases. we are using some of the tool in inbuilt tool in Kali Linux so this was used and this was placed by the sea languages even when we are trying to hack the other like website these tools were used…
I am listing some of the tool
1. Nmap
2. Metasploit
3. Hydra
4. Brup suit
5.wireshark
6.Meltego
short for Network Mapper, is a network discovery and security auditing tool.
It is known for its simple and easy to remember flags that provide powerful scanning options.
Nmap is widely used by network administrators to scan for:
-
Open ports and services
-
Discover services along with their versions
-
Guess the operating system running on a target machine
-
Get accurate packet routes till the target machine
-
Monitoring hosts
Metasploit is the world's leading exploitation/hacker framework.
It is used, to some extent, by nearly every hacker/pentester.
As such, you really need to become familiar with it if you want to enter and prosper in this burgeoning field.
Metasploit is standardized framework for use in offensive security or penetration testing (legal hacking to find vulnerabilities before the bad guys do).
Before Metasploit, exploits and shellcode would be developed by various developers, in various languages, for various systems.
The pentester had to rely upon the trustworthiness of the developer that it was laden with malicious code and learn how the developer intended the exploit/shellcode/tool to work.
With Metasploit, the pentester has a standardized framework to work from where tools work similarly and all are written in the same language making things much simpler and easier.
Originally developed by HD Moore as an open-source project, it is now owned by the security company, Rapid7 (Rapid7 also owns the vulnerability scanner, Nexpose).
Although originally developed as an open-source project, Rapid7 has now developed a Pro version of Metasploit with a few more "bells and whistles".
Fortunately, the open-source, community-edition is still available to the rest of us without the tens of thousands of dollars to spend on the Pro version
(if you are a professional pentester, the efficiency and time savings accrued in using the Pro version make it a good investment).
Hydra is a login cracker that supports many protocols to attack
( Cisco AAA, Cisco auth, Cisco enable,
CVS, FTP, HTTP(S)-FORM-GET,
HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID,
PC-Anywhere, PC-NFS, POP3, PostgreSQL,
RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3,
SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet,
VMware-Auth, VNC and XMPP).
You Can Use This Command
hydra -l /usr/share/wordlists/metasploit/user -P
/usr/share/wordlists/metasploit/ passwords ftp://192.168.1.101 –V
4.Brup Suit:
You can strengthen your web security by testing for common vulnerabilities. We show how to do this using the attack proxy known as Burp Suite.
Many automated web security tools are available in the market today, but even the best of these tools have limitations.
Many web vulnerabilities are difficult – or even impossible – to detect without human interaction. Some of the best tools for web security analysis take the form of a browser (with a few simple add-ons) and an attack proxy.
This article describes how attack proxies work and shows how to look for web vulnerabilities using the popular attack proxy Burp Suite.
Attack proxies vary in functionality, price, and reliability, so for consistency, I'll use Burp Suite throughout these examples.
Burp Suite includes a tool for intercepting traffic (the "proxy" module itself), as well as modules for spidering sites, repeating and manipulating individual requests, sequencing random values, decoding traffic, and more.
Each of these components provides unique insight into the application's functionality and security ramifications, but all require an intelligent person to decode the results.
Wireshark is a very powerful and popular network analyzer for Windows, Mac and Linux.
It’s a tool that is used to inspect data passing through a network interface which could be your ethernet, LAN and WiFi.
Check out our recommended Wireshark training books and study guides.
The prices vary from only $5 for the Kindle Version to full comprehensive Wireshark tutorial guides.
Some of these titles are ideal for beginners that are interested to learn more about networking and being able to sniff traffic.
It is important to note that whilst this is an excellent tool for a network administrator that needs to check that their customers sensitive data is being transmitted securely – it can also be used be used by hackers on unsecured networks – such as airport WiFi.
Moral of the story at this point is to stay clear of clear text http protocols: that is the best advice we can give. To remedy this we would encourage you to use a Firefox addon called https everywhere or use an SSH or VPN tunnel.
Maltego is capable of gathering information about either a network or an individual with one simple scan.
Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets.
Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company.
For my series on Maltego, I’m going to be using my Kali Linux VM. To open Maltego, just type maltego into the command line.
Go through the registration process for the free community version of Maltego and sign up! There is also a paid version that can be used for more detailed outputs and for penetration testing in a business setting.
Open a blank graph and you’re golden! You’ll notice this thing called a palette on the left side. This will show you all sorts of entities we can gather data on.
You can drag and drop whatever entity you want to mine data on.
Whatever item you end up dragging and dropping onto your graph will end up being a node.
For my example, we’ll gather data on hak5.wpengine.com.
You can also change this by double clicking inside the domain box on your new graph.
But my graph still looks kind of boring so lets gather some specific data.
To do so, you’ll right click on your domain box, then choose to “run transforms”.
This means it’ll run a search based on your option.
So now that you’ve gotten a chance to check out the options under run transforms, choose one that you are interested in learning about.
First off, I can run a transform on the email domain associated with Tamil Hacking and I find that there’s a few out there available publicly.
Next, I can look for the website address, which should be TamilehHacking I can right click on the server looking icon and choose the transform labeled ToServerTechnologiesWebsite.
Now when it’s done, we can see running on Apache, with wordpress, PHP and Google Analytics both added.
It is known for its simple and easy to remember flags that provide powerful scanning options.
Nmap is widely used by network administrators to scan for:
Open ports and services
Discover services along with their versions
Guess the operating system running on a target machine
Get accurate packet routes till the target machine
Monitoring hosts
It is used, to some extent, by nearly every hacker/pentester.
As such, you really need to become familiar with it if you want to enter and prosper in this burgeoning field.
Before Metasploit, exploits and shellcode would be developed by various developers, in various languages, for various systems.
The pentester had to rely upon the trustworthiness of the developer that it was laden with malicious code and learn how the developer intended the exploit/shellcode/tool to work.
With Metasploit, the pentester has a standardized framework to work from where tools work similarly and all are written in the same language making things much simpler and easier.
Although originally developed as an open-source project, Rapid7 has now developed a Pro version of Metasploit with a few more "bells and whistles".
Fortunately, the open-source, community-edition is still available to the rest of us without the tens of thousands of dollars to spend on the Pro version
(if you are a professional pentester, the efficiency and time savings accrued in using the Pro version make it a good investment).
CVS, FTP, HTTP(S)-FORM-GET,
HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID,
PC-Anywhere, PC-NFS, POP3, PostgreSQL,
RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3,
SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet,
VMware-Auth, VNC and XMPP).
Many web vulnerabilities are difficult – or even impossible – to detect without human interaction. Some of the best tools for web security analysis take the form of a browser (with a few simple add-ons) and an attack proxy.
This article describes how attack proxies work and shows how to look for web vulnerabilities using the popular attack proxy Burp Suite.
Burp Suite includes a tool for intercepting traffic (the "proxy" module itself), as well as modules for spidering sites, repeating and manipulating individual requests, sequencing random values, decoding traffic, and more.
Each of these components provides unique insight into the application's functionality and security ramifications, but all require an intelligent person to decode the results.
It’s a tool that is used to inspect data passing through a network interface which could be your ethernet, LAN and WiFi.
The prices vary from only $5 for the Kindle Version to full comprehensive Wireshark tutorial guides.
Some of these titles are ideal for beginners that are interested to learn more about networking and being able to sniff traffic.
Moral of the story at this point is to stay clear of clear text http protocols: that is the best advice we can give. To remedy this we would encourage you to use a Firefox addon called https everywhere or use an SSH or VPN tunnel.
Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company.
You can drag and drop whatever entity you want to mine data on.
Whatever item you end up dragging and dropping onto your graph will end up being a node.
For my example, we’ll gather data on hak5.wpengine.com.
You can also change this by double clicking inside the domain box on your new graph.
But my graph still looks kind of boring so lets gather some specific data.
To do so, you’ll right click on your domain box, then choose to “run transforms”.
This means it’ll run a search based on your option.
So now that you’ve gotten a chance to check out the options under run transforms, choose one that you are interested in learning about.
First off, I can run a transform on the email domain associated with Tamil Hacking and I find that there’s a few out there available publicly.
Next, I can look for the website address, which should be TamilehHacking I can right click on the server looking icon and choose the transform labeled ToServerTechnologiesWebsite.
Now when it’s done, we can see running on Apache, with wordpress, PHP and Google Analytics both added.
Comments
Post a Comment