Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux - An Ethical Hacker's Cookbook

You're reading from   Kali Linux - An Ethical Hacker's Cookbook End-to-end penetration testing solutions

Arrow left icon
Product type Paperback
Published in Oct 2017
Publisher Packt
ISBN-13 9781787121829
Length 376 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Himanshu Sharma Himanshu Sharma
Author Profile Icon Himanshu Sharma
Himanshu Sharma
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Kali – An Introduction 2. Gathering Intel and Planning Attack Strategies FREE CHAPTER 3. Vulnerability Assessment 4. Web App Exploitation – Beyond OWASP Top 10 5. Network Exploitation on Current Exploitation 6. Wireless Attacks – Getting Past Aircrack-ng 7. Password Attacks – The Fault in Their Stars 8. Have Shell Now What? 9. Buffer Overflows 10. Playing with Software-Defined Radios 11. Kali in Your Pocket – NetHunters and Raspberries 12. Writing Reports

Prepping up with custom tools

These tools you will install are open source available on GitHub. They are much faster and contain collections of different tweaks that people have included over a period of time during their own pentesting experience.

Getting ready

Here is a list of some tools that you will need before we dive deeper into penetration testing. Not to worry, you will be learning their usage with some real-life examples in the next few chapters. However, if you still wish to learn basics in an early stage it can simply be done with simple commands:

  • toolname -help
  • toolname -h

How to do it...

Some of the tools are listed in the following sections.

Dnscan

Dnscan is a Python tool that uses a wordlist to resolve valid subdomains. To learn about Dnscan follow the given steps:

  1. We will use a simple command to clone the git repository:
        git clone https://github.com/rbsec/dnscan.git

The following screenshot shows the preceding command:

  1. You can also download and save it from https://github.com/rbsec/dnscan.
  2. Next we browse into the directory where we downloaded Dnscan.
  1. Run Dnscan by using the following command:
        ./dnscan.py -h

The following screenshot shows the output for the preceding command:

Subbrute

Next we will install subbrute. It is amazingly fast and provides an extra layer of anonymity as it uses public resolvers to brute force the subdomains:

  1. The command here is again simple:
        git clone https://github.com/TheRook/subbrute.git

The following screenshot shows the preceding command:

  1. Or you can download and save it from https://github.com/TheRook/subbrute.
  2. Once the installation is complete we will need a wordlist for it to run for which we can download dnspop's list. This list can be used in the previous recipe too: https://github.com/bitquark/dnspop/tree/master/results.
  3. Once both are set up we browse into the subbrute's directory and run it using the following command:
        ./subbrute.py
  1. To run it against a domain with our wordlist we use the following command:
        ./subbrute.py -s /path/to/wordlist hostname.com

Dirsearch

Our next tool in the line is dirsearch. As the name suggests it is a simple command-line tool that can be used to brute force the directories. It is much faster than the traditional DIRB:

  1. The command to install is:
        git clone https://github.com/maurosoria/dirsearch.git
  1. Or you can download and save it from https://github.com/maurosoria/dirsearch. The following screenshot shows the preceding command:
  1. Once the cloning is complete browse to the directory and run the tool by using the following:
        ./dirsearch.py -u hostname.com -e aspx,php

The following screenshot shows the output for the preceding command:

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image