Kali Linux TOOLS FOR website penetration testing.

Getting to Know Kali Linux

Jumping into Kali Linux isn’t just about getting your hands on a bunch of cool hacking tools; it’s more like unlocking a whole new set of skills you didn’t know you had. It’s like that moment when you first learned to ride a bike—intimidating at first, but thrilling once you get the hang of it. Whether you’re diving in because you’re curious about cybersecurity, or you’re aiming to beef up your resume, Kali Linux is that friend who’s got your back, offering you all the tools you need in one place.

WhatWeb: Your First Step in Reconnaissance

WhatWeb serves as your initial reconnaissance tool, identifying the technologies underpinning a website. It reveals CMS platforms, JavaScript libraries, and server types—critical information for any ethical hacker.

whatweb -a 3 https://example.com/ --log-brief /var/tmp/whatweb-example-com

This command performs an aggressive scan (-a 3) on example.com, logging the brief results to a specified file. It’s your starting point for understanding the digital terrain you’re assessing.

Nikto: The Sentinel of Web Server Security

Nikto quickly scans web servers for misconfigurations, outdated software, and potential vulnerabilities, offering a snapshot of possible entry points for further exploration.

nikto -host https://example.com/ -o /var/tmp/nikto-example-com.html

This scans example.com and outputs the findings in HTML format to a file, serving as a roadmap for deeper analysis.

OWASP ZAP: The Automated Vulnerability Detector

OWASP ZAP automates vulnerability detection in web applications, crucial for identifying weaknesses before they’re exploited.

To use OWASP ZAP:

  1. Launch ZAP.
  2. Enter the target URL.
  3. Initiate the spider and scanner.

This process systematically tests web applications, identifying vulnerabilities from cross-site scripting to SQL injection, categorizing them by risk level.

Arachni: The Web Application Security Scanner

Arachni offers a Ruby-based framework for identifying security issues, emphasizing web application vulnerabilities with a detailed, report-driven approach.

arachni https://example.com/ --output-only-positives --report-save-path=/var/tmp/arachni-example-com

This scans example.com, focusing on definite vulnerabilities and saving the findings, facilitating targeted remediation efforts.

Skipfish: Mapping Vulnerabilities

Skipfish performs comprehensive reconnaissance, creating detailed sitemaps of web applications and pinpointing security issues, from the subtle to the severe.

skipfish -o /var/tmp/skifish-example-com https://example.com/

This command initiates a scan of example.com, with results organized in a web-accessible sitemap for easy vulnerability assessment.

Wapiti: The Black-Box Web Application Auditor

Wapiti scans web applications, identifying vulnerabilities by simulating attacks, a critical component of any penetration tester’s toolkit.

wapiti -u https://example.com/ -m "backup,blindsql,buster,crlf,delay,exec,file,htaccess,methods,nikto,permamentxss,shellshock,sql,ssrf,xss" --scope page --color -d 5 -v 2 -f html -o /var/tmp/wapiti-example-com

This comprehensive command uses multiple modules to assess example.com for a range of vulnerabilities, displaying the results in an HTML report.

DIRB: The Content Discovery Tool

DIRB searches for hidden web objects and directories, uncovering potential access points that are not readily visible.

dirb https://example.com/ -r -o /var/tmp/dirb-example-com

Running this command initiates a recursive search on example.com, with results logged for further action.

Sqliv: Massive SQL Injection Vulnerability Scanner

Sqliv scans multiple domains for SQL injection vulnerabilities, utilizing search engines to find susceptible targets.

sqliv -d "inurl:index.php?id=" -e bing

This command leverages Bing to search for URLs containing potential SQL injection points, automating the discovery of vulnerabilities across various sites.

WPScan: Uncovering WordPress Vulnerabilities

WPScan is a specialized tool for detecting vulnerabilities within WordPress installations, crucial for the security of the world’s most popular content management system.

wpscan --url https://example.com/ -e vp -o /var/tmp/wpscan-example-com

This command scans example.com for vulnerable plugins (-e vp), documenting the findings, a critical step in securing WordPress sites.

Paros: The Java-based Web Proxy

Paros is a web proxy tool that assesses web application vulnerabilities, supports editing/viewing HTTP/HTTPS messages, and includes a web spider and scanner.

To use Paros for assessing a web application:

  1. Configure your browser to use Paros as its proxy.
  2. Navigate through your application.
  3. Use Paros to analyze the traffic and identify vulnerabilities.

Hydra: The Network Logon Cracker

Hydra is a fast and flexible login cracker, supporting numerous protocols, making it ideal for testing network logon systems for vulnerabilities.

hydra -l admin -P /usr/share/wordlists/rockyou.txt http-get-form "http://example.com/login.php:username=^USER^&password=^PASS^:F=incorrect" -V

This example attempts to crack login credentials on example.com, using a dictionary attack with a known username (admin).

Wapiti: Comprehensive Web Application Vulnerability Scanner

Wapiti scans web pages of the deployed web applications, injecting data to test for vulnerabilities, acting as a fuzzer.

wapiti -u https://example.com/ --scope page -m "-sql,-xss" -o /var/tmp/wapiti-example-com

This scans example.com, excluding SQL injection and XSS tests, and outputs the findings.

jSQL Injection: Automated SQL Database Injection

jSQL Injection is a lightweight application for automatic SQL database injection, with a straightforward graphical interface for easy operation.

To use jSQL Injection:

  1. Launch the application.
  2. Input the target URL.
  3. Select the desired injection techniques.
  4. Start the injection process.

Grabber: Simple Web Application Scanner

Grabber scans small to medium-sized websites for vulnerabilities like SQL injection and XSS, suited for quick assessments.

grabber --url https://example.com/ --scan

This command initiates a basic scan of example.com, identifying potential vulnerabilities.

Vega: Open Source Web Security Scanner

Vega detects vulnerabilities in web applications, such as SQL Injection and XSS, and is designed for ease of use with a GUI for comprehensive web security testing.

To perform a scan with Vega:

  1. Open Vega.
  2. Enter the target website.
  3. Start the scan and review the vulnerabilities identified.

w3af: Web Application Attack and Audit Framework

w3af is a web application attack and audit framework aimed at identifying and exploiting all web application vulnerabilities.

To start a scan with w3af:

  1. Launch w3af console or GUI.
  2. Configure your target and audit settings.
  3. Start the scan and analyze the output for vulnerabilities.

Metasploit Framework: The Penetration Tester’s Guide

Metasploit, the most used penetration testing framework, provides testers with an extensive collection of tools and resources to test system vulnerabilities.

msfconsole

Launch msfconsole, select a suitable exploit, set the payload, and target to begin testing.

Nmap: The Network Mapper

Nmap is essential for network discovery and security auditing, capable of identifying devices on a network and their vulnerabilities.

nmap -A -T4 https://example.com/

This command performs a comprehensive scan (-A) with aggressive timing (-T4) on example.com.

Burp Suite: The Integrated Platform

Burp Suite offers a variety of tools for performing web application security testing, from initial mapping to vulnerability exploitation.

To use Burp Suite effectively:

  1. Configure it as your web browser’s proxy.
  2. Navigate your application to allow Burp to capture requests and responses.
  3. Utilize its tools to analyze and exploit vulnerabilities.

Gobuster: Web Content Discovery

Gobuster is a tool designed to brute-force URIs including directories and files as well as DNS subdomains.

gobuster dir -u https://example.com/ -w /path/to/wordlist.txt

This command uses Gobuster to search for directories on example.com using a specified wordlist.

Why It Matters

In all honesty, the reason Kali Linux feels so empowering is because it gives us a chance to really make a difference. Sure, it’s got a bit of a learning curve, but it’s all about using those tools for good. Think of it as your personal toolkit for making the internet a safer place, not just for you, but for everyone. Every time we uncover a vulnerability or patch a security hole, we’re not just flexing our tech muscles—we’re contributing to a larger community effort to keep the digital world secure.