This document is a seminar report submitted by Mr. Naik Abhay Suresh to fulfill requirements for a Bachelor of Engineering degree. The report discusses penetration testing using Kali Linux. It provides background on Kali Linux, including its history and relationship to Debian. It then describes the methodology of penetration testing, including phases such as information gathering, scanning, exploitation, and post-exploitation. The report discusses advantages and applications of using Kali Linux for penetration testing.
1. Visvesvaraya Technological University
Belagavi-590 014, Karnataka
A Seminar Report on
“Penetration Test Using Kali Linux”
Submitted in partial fulfilment of the requirements for the award of
Bachelor of Engineering
In
Computer Science and Engineering
Submitted By
Mr. Naik Abhay Suresh 2JI15CS025
Under the Guidance of
Dr. Dinesha H. A.
Department of Computer Science and Engineering
Sri Bhagawan Mahaveer Jain Educational & Cultural Trust’s
Jain College of Engineering
Belagavi-590 014
Academic Year 2018-19
2. Sri Bhagawan Mahaveer Jain Educational & Cultural Trust’s
Jain College of Engineering
Belagavi-590 014
Department Of Computer Science and Engineering
Certificate
This is to certify that the seminar entitled “Penetration Test Using Kali
Linux” is carried out by Mr. Naik Abhay Suresh, bearing USN-2JI15CS025, a
bonafide student of Jain College of Engineering, Belagavi, in partial fulfilment for
the award of Bachelor of Engineering in Computer Science and Engineering from
Visvesvaraya Technological University, Belagavi, during the academic year 2018-
19. It is certified that all corrections/suggestions indicated for internal assessment have
been incorporated in the report. The seminar report has been approved as it satisfies
the academic requirements in respect of seminar work prescribed for the said degree.
-------------------------- ------------------------------------
Dr. Dinesha H. A. Prof. Praveen Y Chitti
GUIDE HOD, CSE
Name of Examiner Signature of Examiner
1.______________ 1. ________________
2.______________ 2. ________________
3. ACKNOWLEDGEMENT
The satisfaction and euphoria that accompany the progress and completion of any task
would be incomplete without the mention of the people who made it possible, whose constant
guidance and encouragement ground my efforts with success.
I consider it is a privilege to express my sincere gratitude and respect to all those who
guided and inspired me.
I express my sincere thanks and gratitude to our guide Prof. Dr. Dinesha. H. A,
Department of Computer Science & Engineering, JCE, Belagavi, for his constant guidance and
suggestions. His incessant encouragement and invaluable support has been of immense help.
It’s a great privilege to express my respect to Prof. Praveen Chitti, HOD, Department of
Computer Science & Engineering, JCE, Belagavi, who had been great source of inspiration
towards taking up this project and its successful completion.
I am thankful to Dr. K. G. Vishwanath, Principal, JCE, Belagavi for providing us with
the necessary facilities for carrying out this project work successfully.
4. ABSTRACT
Kali Linux is built for professional penetration testing and security auditing. It is the
next-generation of BackTrack, the most popular open-source penetration toolkit in
the world. It is a Debian-based Linux distribution aimed at advanced Penetration Testing
and Security Auditing services to the users. The Kali is a tool for the Linux users to
provide them numerous tricks in the security department. Kali is packed with the tools
which helps in achieving goals towards various information security tasks, such as
Penetration Testing, Security research, Computer Forensics and Reverse Engineering etc.
5. TABLE OF CONTENTS
1. Introduction……………………………………………………………………...1
2. Literature Survey...…………....…………………………………………………6
3. Methodology.……………………….…………………………..…………….…7
4. Advantages Of Kali Linux..……………...………………..……………………11
5. Applications Of Kali Linux ..…...……………...………………………………14
Conclusion ………………………………………….………………………….....18
References…………...………...……………………………….……………..…..19
6. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 1
CHAPTER – 1
INTRODUCTION
1.1 WHAT IS KALI LINUX
As we are very well aware of the dynamic Linux platform and the increase in the
utilization of the Linux system, so the need to provide the secure environment also
increased by the Linux experts. To curb the secure Linux browsing a Kali Linux has
been introduced on 13th March 2013. Kali Linux is a Debian-based Linux distribution
aimed at advanced Penetration Testing and Security Auditing services to the users. The
Kali is a tool for the Linux users to provide them numerous tricks in the security
department. Kali is packed with the tools which helps in achieving goals towards various
information security tasks, such as Penetration Testing, Security research, Computer
Forensics and Reverse Engineering etc.
This fully awesome security package of Kali Linux is adhesively developed, funded and
maintained by Offensive Security, which is one of the leading information security
training company and has achieved numerous excellence in the field of the digital
security system. In true sense, Kali Linux is an overall make over of the BackTrack
Linux, but in this Linux, all the limitations of BackTrack Linux have been removed with
some new and better security tools.
1.2 HISTORY OF KALI LINUX
Knoppix, ancestor of Kali Linux was the first ever bootable Live Linux Operating system,
which is still in existence. Knoppix project was then forked into Whoppix and then re-forked
into WHAX. WHAX was then re-branded and streamlined into the BackTrack, the
predecessor of Kali Linux. BackTrack had a long reign of almost seven years as the pen-
testers and hackers choice. BackTrack is a customised native environment dedicated to
hacking. As of 2011 it was used by more than four million amateur and professional security
researchers.
The latest version, BackTrack 5, is built on Ubuntu Lucid and contains some 350 penetration
testing tools. However, as of March 2013 the venerated distro was decommissioned and
replaced by Kali Linux. The main issue with BackTrack v1-v5 was that it was a headache for
dependencies. Too many pentesting tools embedded within Back Track all struggled to co-
exist within the dependencies. The solution was to rebuild the distro bottom-up by making
Kali Debian based. Kali Linux has 300 tools which automatically work within the Kali
ecosphere. Kali also has been created with the clean “File system Hierarchy Standard” and
offers vast plug and play wireless support. The main attraction was the ARM support
7. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 2
provided by Kali Linux. Incidentally, you can also create your own .iso file with Kali through
the Debian life build feature.
Figure 1.1 Kali Linux Family Tree
1.3 Relationship with Debian
The Kali Linux distribution is based on Debian Testing. Therefore, most of the packages
available in Kali Linux come straight from this Debian repository. While Kali Linux relies
heavily on Debian, it is also entirely independent in the sense that we have our own
infrastructure and retain the freedom to make any changes we want.
1.3.1 The Flow of Packages
On the Debian side, the contributors are working every day on updating packages and
uploading them to the Debian Unstable distribution. From there, packages migrate to the
Debian Testing distribution once the most troublesome bugs have been taken out. The
migration process also ensures that no dependencies are broken in Debian Testing. The goal
is that Testing is always in a usable (or even releasable!) state. Debian Testing’s goals align
quite well with those of Kali Linux so we picked it as the base. To add the Kali-specific
packages in the distribution, we follow a two-step process.
8. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 3
First, we take Debian Testing and force-inject our own Kali packages (located in our kali-
dev-only repository) to build the kali-dev repository. This repository will break from time to
time: for instance, our Kali-specific packages might not be installable until they have been
recompiled against newer libraries. In other situations, packages that we have forked might
also have to be updated, either to become installable again, or to fix the installability of
another package that depends on a newer version of the forked package. In any case, kali-dev
is not for end-users. kali-rolling is the distribution that Kali Linux users are expected to track
and is built out of kali-dev in the same way that Debian Testing is built out of Debian
Unstable. Packages migrate only when all dependencies can be satisfied in the target
distribution.
1.3.2. Managing the Difference with Debian
As a design decision, we try to minimize the number of forked packages as much as possible.
However, in order to implement some of Kali’s unique features, some changes must be made.
To limit the impact of these changes, we strive to send them upstream, either by integrating
the feature directly, or by adding the required hooks so that it is straightforward to enable the
desired features without further modifying the upstream packages themselves. The Kali
Package Tracker10 helps us to keep track of our divergence with Debian. At any time, we can
look up which package has been forked and whether it is in sync with Debian, or if an update
is required. All our packages are maintained in Git repositories11 hosting a Debian branch
and a Kali branch side-by-side. Thanks to this, updating a forked package is a simple two-
step process: update the Debian branch and then merge it into the Kali branch.
While the number of forked packages in Kali is relatively low, the number of additional
packages is rather high: in April 2017 there were almost 400. Most of these packages are free
software complying with the Debian Free Software Guidelines12 and our ultimate goal would
be to maintain those packages within Debian whenever possible. That is why we strive to
comply with the Debian. Unfortunately, there are also quite a few exceptions where proper
packaging was nearly impossible to create. As a result of time being scarce, few packages
have been pushed to Debian.
9. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 4
Figure 1.2 Logo Of Kali Linux
1.4 BASIC PENETRATION TESTING TERMINOLOGY
Penetration Testing is the massive field in security systems. It deals with most of common
things that usually a developer forgets to cover during the development process. But, by the
magic of Penetration Testing it is possible to remove such kind of holes in the application or
in any system. This is as crucial as development process since a single hole can spoil the
whole system without even knowing that this is actually being happened. So, in this research
in order to understand the concept of Penetration Testing some terms related to it must be
understood, the terms like:
1.4.1 Introduction to Penetration
Penetration Testing is the process of simulating attacks (on purpose) on the system that needs
to be flawed-free (i.e., there should not be any holes) in order to stop a hacker or attacker to
follow out an attack along the organization.
Hacker are Penetration Tester (Pen-Tester)? So, there is a major difference between a hacker
and pen-tester, a hacker implements an attack on a system without having rights to do this
that is, in simple words hacker is doing these activities in an unauthorized manner. But, a
Pen-Tester is having all the rights to simulate such attacks in order to make the system secure
from hackers. A pen-tester may be having a full access or a partial access to the system.
Penetration Testing is also known as:
10. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 5
Pen-Test
PT
Ethical Hacking
White Hat Hacking
Offensive Security
Red Teaming
Penetration Testing is basically done to make sure that the attacker(mainly a Hacker) should
not enter into the network, system or an application from any other way i.e., without being
authorized.
1.4.2. Legality
Let’s make it pretty clear: Penetration testing requires that you get permissions from the
person who owns the system. Otherwise, as mentioned above you are doing the hacking. And
you may be charged under the I.T. Act 2000 Section (66) for performing illegal activities or
hacking acts.
1.4.3. Introduction to Vulnerability
Vulnerability is a security hole in a Software, Operating System, and Web Application or in
any Network that allows an attacker to enter into it without having the permissions of the
owner.
11. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 6
CHAPTER – 2
LITERATURE SURVEY
Devanshu Bhatt’s in his work on Modern Day Penetration Testing Distribution Open
Source Platform Kali Linux, concluded that By utilizing Kali Linux–Open source
Distribution Framework and number of applications it supports like Dmitry and Metasploit,
he’s been able to get access on the target Debian Linux machine. Kali Linux's Dmitry and
Metasploit Framework offers significant variety of exploits with the collection of all
operating system with available versions and service packs. Specifically in actual world
situation; it is essential to include complete variety of threats and available most critical
categories applications from Kali Linux. The assessment need to be carried out on systems
with anti-virus and firewalls to get the precise final result. And all those resources need to be
utilized which have most recent vulnerability exploits. [1]
Gurdeep Singh and Jaswinder Singh in their paper on Evaluation of Penetration Testing
Tools of KALI LINUX, concluded that Web applications are becoming popular and have
wide spread interaction medium in our daily lives. But at same point many vulnerabilities
explore sensitive data. The different web application vulnerabilities based on the security
properties that web application should be preserved. However vulnerability assessment tools
are automated one which saves time and money and also defend the web applications from
modern threats. At the last the new advanced security attacks are always emerging, requires
the security professional to have positive security solution without putting huge number of
web applications at risk. [2]
12. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 7
CHAPTER – 3
METHODOLOGY
3.1 PHASES OF PENETRATION TESTING
Basically, the overall process of penetration testing can be carved up into a no. of steps that
make an inclusive methodology of penetration testing. The main purpose behind using
methodology is that it allows you to divide a complex process into a series of simple, more
manageable tasks or modules. Different methodologies use different names for the steps,
although the purpose or tasks are similar. For example, some methodologies use the term
“Information Gathering”, whereas others use the term “Reconnaissance” or “Recon”
The phases of penetration testing are as follows:
Information Gathering
Scanning
Exploitation
Post Exploitation & Maintaining Access
Figure 3.1 Zero Entry Pen-Testing Methodology
Figure.3.1 shows the “Zero Entry Penetration Testing Methodology”. The purpose of using
the inverted triangle is that it allows to describe the steps from broader to more specific
manner. For example, the information gathering stage produces a massive information
regarding the target, so the triangle shows the broad step, indicating that the data produced by
this step or phase is big or large.
The first phase involves gathering or exploring all the necessary details of the target such as
the target IP (Internet Protocol) address or in case of physical devices the MAC address is
13. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 8
also required. The second phase includes a deep scanning of the target (obviously, not the
antivirus scanning). So that the tracks (holes or backdoors) can be found to get the access into
the system or application. In simple words, the second phase is about exploring the
vulnerabilities in the target using variety of tools. In the third phase we use the results of
previous phases (like, target and its vulnerabilities) in order to exploit the system or
application. The final phase include maintaining access over the target after the exploitation,
which is quite tricky. Oftentimes, the payloads delivered by the exploits give temporary
access over the target.
3.1.1. Information Gathering (Reconnaissance)
This phase needs patience and lots of time, since this phase generates a massive amount of
information about the target. The deeper you go, the more information you explore about the
target that helps in the further activities like finding vulnerabilities of the target. In this
research Kali Linux tools are being used to simulate the testing on the target. So, Kali Linux
provides a variety of tools for gathering information about the target. To be successful at
reconnaissance, there must be a proper strategy. The most essential thing is the power of
internet. There are two types of reconnaissance:
Active Reconnaissance: Where the pen-tester directly interacts with the target.
During this type of process the target may record the pen-testers IP address and other
activity log.
Passive Reconnaissance: In this type of reconnaissance, the use of enormous amount
of information available on the web come into the picture. The benefit is that the
target cannot track the pen-tester at all (i.e., pen-tester’s IP address or activity logs).
The main motto of Information Gathering is to collect as much information as possible on the
target. The information that has been explored in this phase must be centrally organized and
that too in electronic format. The reason behind storing the information in electronic format is
that it allows easier data processing such as, data editing, sorting, searching and data retrieval
later on whenever required. Most of the times, if you are going for the web application
penetration testing then the very first thing required is the website of that web-application.
Which is not a hard part of the phase as we can make use of any search engine to locate the
website.
3.1.2. Scanning
This stage is the most important phase where the pen-tester needs to identify the exposures of
the target. This can be also referred to as “Vulnerability Assessment”. The pen-tester uses
different tools and utilities to reveal the holes in the services, ports and applications running
on the host. The typical path is to skim for the ports on the web server and find the open port
for granting the access into it.Webservers use different TCP ports, and luckily you may
encounter any one of them opened. Many protocols on the servers are handled through
14. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 9
readable non-encrypted text. Table-II gives a list of common port numbers and their
corresponding service. So, let‟s take a look at some of the tools available in Kali Linux for
finding the vulnerabilities of the target
1) Webshag:
Webshag is a multi-threaded multi-platform tool used to audit the web servers. The tool
gathers some common functionalities of a web server such as port scanning, URL scanning
and file fuzzing (security loophole). It can be used to scan a web server in HTTP or HTTPS,
using a proxy or HTTPS authentication. This tool can also perform fingerprinting of the web
pages.
2) Vega:
Vega is a security testing tool used to crawl a website and analyse page content to find links
as well as form parameters. To launch Vega in Kali Linux, go to Web Applications > Web
Vulnerability Scanners and select Vega. The tool can work as a proxy as well as a scanner
so in this research scanner is required to scan the target
3.1.3. Exploitation
Now, the environment is set up and the vulnerabilities of the target are also discovered. Now
it’s time to take over the target through the holes (vulnerabilities) of the target. This process
is nothing but the Exploitation process. In simple words gaining access to the target using its
vulnerabilities is known as Exploitation. Exploitation delivers the payloads on the target in
order to forcefully grant the access into the target. Some vulnerabilities such as default
password are easy to exploit, it hardly feels like exploitation is being done. There are
different types of exploits available over the Internet, but the widely used is the “Metasploit
Project”.
1) Metasploit Project:
The Metasploit is a computer security project that provides information about security
vulnerabilities and aids in penetration testing. Metasploit is pre-loaded in Kali Linux and can
be used in either GUI environment or through the command line interface.
3.1.4. Post Exploitation and Marinating Access
This phase plays a crucial role in the penetration testing process. Maintaining access to the
target after the exploitation is a very serious activity and needs to done carefully. Several
years ago, hackers were used to exploit the target, steal the data or manipulate the data or
crash the files and leave. But now a day‟s many modern attackers (hackers) are interested in
long-term or even permanent access to the target.
Thus, in order to achieve this “backdoors” are required to be created and needs to be loaded
on the target. Backdoors are nothing but a piece of software that allows the unauthorized user
15. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 10
to get into the target at any time. Basically, backdoors are the background process that is
hidden from the normal user. Some exploits are fleeting (short-lived). In simple words, some
exploits allow access as only as the exploited target is running. If the target reboots or the
exploit stops then the connection is lost to the target. There are different backdoor tools in
Kali Linux like: Netcat, Cryptcat, WeBaCoo (Web Backdoor Cookie), etc…
16. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 11
CHAPTER – 4
ADVANTAGES OF KALI LINUX
4.1 Advanced Penetration Testing tools.
In the Kali Linux, more than 600+ super amazing advanced Penetration’ Testing tools
are incorporated. The tools of BackTrack Linux which are not up to the mark or repeated
in many ways has been replaced in the Kali Linux system with the advanced Penetration
testing tools.
4.2 Ultimate free Linux tool.
The Kali Linux system is totally free like the BackTrack Linux and will always offer
their users the free life time services. This is huge plus factor which forces people to use
this system.
4.3 Open sourced Git tree.
This Kali Linux is openly sourced system and can be easily accessed by the users. All
the codes in the Kali Linux can be viewed easily by the anyone and the open
development tree makes easy to view the development of coding at every step.
4.4 FHS support.
Kali adheres to the File-system Hierarchy Standard, allowing Linux users to easily locate
binaries, support files, libraries, etc. This is the very important feature of the Kali Linux
that makes it stand out among the other Linux systems.
4.5 Cool Wireless support.
Kali Linux stands out in the department of connecting with the wireless support systems
as you can connect it with as many WiFi spots or USB ports you want to connect at one
time. Kali Linux allows it to run properly on a wide variety of hardware and making it
compatible with numerous USB and other wireless devices.
4.6 Custom kernel patched for injection.
As penetration testers, the development team often needs to do wireless assessments so the
kali linux kernel has the latest injection patches included.
17. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 12
4.7 Secure development environment.
The Kali Linux team is made up of a small group of trusted individuals who can only commit
packages and interact with the repositories while using multiple secure protocols.
4.8 GPG signed packages and repos.
All Kali packages are signed by each individual developer when they are built and committed
and the repositories subsequently sign the packages as well.
4.9 Kali is linguistic.
As the Kali Linux has all the Penetration’ tools in the English language, but other than
that it allows users to work in numerous languages and get the comfort of their local
language.
4.10 Completely Customizable.
Kali Linux is built by penetration testers for penetration testers but we understand that not
everyone will agree with our design decisions or choice of tools to include by default. With
this in mind, we always ensure that Kali Linux is easy to customize based on your own needs
and preferences. To this end, we publish the live-build configuration used to build the official
Kali images so you can customize it to your liking. It is very easy to start from this published
configuration and implement various changes based on your needs thanks to the versatility of
live-build.
Live-build includes many features to modify the installed system, install supplementary files,
install additional packages, run arbitrary commands, and change the values pre-seeded to
debconf.
4.11 ARMEL and ARMHF support.
As the ARM-based single-board systems like the Raspberry Pi and BeagleBone Black,
among others, are becoming more and more prevalent and inexpensive, so in their
substitute, Kali’s ARM support would need to be as robust as a management tool, with
fully working installations for both ARMEL and ARMHF systems. Kali is currently
available for the following ARM devices:
rk3306 mk/ss808
Raspberry Pi
ODROID U2/X2
Samsung Chromebook
EfikaMX
18. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 13
Beaglebone Black
CuBox
Galaxy Note 10.1
19. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 14
CHAPTER – 5
APPLICATIONS OF KALI LINUX
While Kali’s focus can be quickly summarized as “penetration testing and security auditing”,
there are many different tasks involved behind those activities. Kali Linux is built as a
framework, because it includes many tools covering very different use cases (though they
may certainly be used in combination during a penetration test).
For example, Kali Linux can be used on various types of computers: obviously on the laptops
of penetration testers, but also on servers of system administrators wishing to monitor their
network, on the workstations of forensic analysts, and more unexpectedly, on stealthy
embedded devices, typically with ARM CPUs, that can be dropped in the range of a wireless
network or plugged in the computer of target users. Many ARM devices are also perfect
attack machines due to their small form factors and low power requirements. Kali Linux can
also be deployed in the cloud to quickly build a farm of password-cracking machines and on
mobile phones and tablets to allow for truly portable penetration testing.
But that is not all; penetration testers also need servers: to use collaboration software within a
team of pen-testers, to set up a web server for use in phishing campaigns, to run vulnerability
scanning tools, and other related activities. Once you have booted Kali, you will quickly
discover that Kali Linux’s main menu is organized by theme across the various kind of tasks
and activities that are relevant for pen-testers and other information security professionals as
shown in Figure, “Kali Linux’s Applications Menu”.
20. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 15
Figure 5.1. Kali Linux’s Applications Menu
5.1 Application menu includes
• Information Gathering:
Collecting data about the target network and its structure, identifying computers, their
operating systems, and the services that they run. Identifying potentially sensitive parts of the
information system. Extracting all sorts of listings from running directory services.
• Vulnerability Analysis:
Quickly testing whether a local or remote system is affected by a number of known
vulnerabilities or insecure configurations. Vulnerability scanners use databases containing
thousands of signatures to identify potential vulnerabilities.
• Web Application Analysis:
Identifying misconfigurations and security weaknesses in web applications. It is crucial to
identify and mitigate these issues given that the public availability of these applications
makes them ideal targets for attackers.
• Database Assessment:
From SQL injection to attacking credentials, database attacks are a very common vector for
attackers. Tools that test for attack vectors ranging from SQL injection to data extraction and
analysis can be found here.
21. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 16
• Password Attacks:
Authentication systems are always a go-to attack vector. Many useful tools can be found
here, from online password attack tools to offline attacks against the encryption or hashing
systems.
• Wireless Attacks:
The pervasive nature of wireless networks means that they will always be a commonly
attacked vector. With its wide range of support for multiple wireless cards, Kali is an obvious
choice for attacks against multiple types of wireless networks.
• Reverse Engineering:
Reverse engineering is an activity with many purposes. In support of offensive activities, it is
one of the primary methods for vulnerability identification and exploit development. On the
defensive side, it is used to analyze malware employed in targeted attacks. In this capacity,
the goal is to identify the capabilities of a given piece of tradecraft.
• Exploitation Tools:
Exploiting, or taking advantage of a (formerly identified) vulnerability, allows you to gain
control of a remote machine (or device). This access can then be used for further privilege
escalation attacks, either locally on the compromised machine, or on other machines
accessible on its local network. This category contains a number of tools and utilities that
simplify the process of writing your own exploits.
• Sniffing & Spoofing:
Gaining access to the data as they travel across the network is often advantageous for an
attacker. Here you can find spoofing tools that allow you to impersonate a legitimate user as
well as sniffing tools that allow you to capture and analyze data right off the wire. When used
together, these tools can be very powerful.
• Post Exploitation:
Once you have gained access to a system, you will often want to maintain that level of access
or extend control by laterally moving across the network. Tools that assist in these goals are
found here.
• Forensics:
Forensic Linux live boot environments have been very popular for years now. Kali contains a
large number of popular Linux-based forensic tools allowing you to do everything from
initial triage, to data imaging, to full analysis and case management.
• Reporting Tools:
A penetration test is only complete once the findings have been reported. This category
contains tools to help collate the data collected from information-gathering tools, discover
non-obvious relationships, and bring everything together in various reports.
22. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 17
• Social Engineering Tools:
When the technical side is well-secured, there is often the possibility of exploiting human
behavior as an attack vector. Given the right influence, people can frequently be induced to
take actions that compromise the security of the environment. Did the USB key that the
secretary just plugged in contain a harmless PDF? Or was it also a Trojan horse that installed
a backdoor? Was the banking website the accountant just logged into the expected website or
a perfect copy used for phishing purposes? This category contains tools that aid in these types
of attacks.
• System Services:
This category contains tools that allow you to start and stop applicationsthat run in the
background as system services.
23. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 18
CONCLUSION
Kali Linux is proved to be very useful and completely free Operating System that can be used
for the penetration testing. Penetration testing requires lots of time and patience to get the
results and to get them repaired. The Kali is a tool for the Linux users to provide them
numerous tricks in the security department. Kali is packed with the tools which helps in
achieving goals towards various information security tasks, such as Penetration Testing.
Penetration Testing can be implemented using Kali Linux for future security regarding the
applications that require high level of security. Security for such applications or systems can
be tested for any risks that may or may not be associated with it with the help of Zero Entry
Methodology of penetration testing. This will lead to cover all the vulnerabilities (if any) of
the developed system or an application. Penetration Testing or Pen-Testing is the most
essential focus of any system, it may be a web application or a standalone machine.
Penetration testing allows the developer to ascertain and define the security issues associated
with the system that he/she has acquired.
24. Penetration Test Using Kali Linux
Dept. of CSE JCE-Belagavi Page 19
REFERENCES
[1] Devanshu Bhatt’s paper on Modern Day Penetration Testing Distribution Open
Source Platform -Kali Linux. International journal of scientific & technology
research volume 7, issue 4 , April 2018.
[2] Gurdeep Singh and Jaswinder Singh’s paper on Evaluation of Penetration Testing
Tools of KALI LINUX. International Journal of Innovations & Advancement in
Computer Science IJIACS ISSN 2347 – 8616 Volume 5, Issue 9, September 2016.
[3] Matthew Denis, Carlos Zena and Thaier Hayajneh’s paper on Penetration Testing:
Attack Methods, and Defence Strategies. IEEE paper, 29 April 2016.
[4] Suraj S. Mundalik’s paper on Penetration Testing: An Art of Securing the System
(Using Kali Linux). International Journal of Advanced Research in Computer
Science and Software Engineering Volume 5, Issue 10, October-2016.
[5] Kali Linux Revealed “Mastering the Penetration Testing Distribution” text book by
Raphaël Hertzog, Jim O’Gorman and Mati Aharoni 2017.
[6] Dr K. Raja Kumar’s paper on Penetration Testing using Linux Tools: Attacks and
Defense Strategies. International Journal of Engineering Research & Technology
(IJERT), Vol. 5 Issue 12, December-2016
[7] Harmandeep Singh’s paper on Penetration Testing: Analyzing the Security of the
Network by Hacker’s Mind, IEEE paper Volume V, Issue V, May 2016.
[8] Ms. Shyaml Virnodkar, Rahul Gupta, Tejas Bharambe’s paper on Cross Platform
Penetration Testing Suite. International Research Journal of Engineering and
Technology (IRJET), Volume: 05 Issue: 03, Mar-2018.
[9] Young B. Choi’s paper on Building a Penetration Testing Device for Black Box
using Modified Linux for Under $50. (IJACSA) International Journal of Advanced
Computer Science and Applications, Vol. 8, No. 1, 2017.
[10] Jyoti Pathak, Afzl Ayyub, Satyendra Mohan Srivastava’s paper on Penetration
Testing: Rolling Kali Linux. IJSRD - International Journal for Scientific Research &
Development, Vol. 4, Issue 12, 2017.