What This Book Covers
Given that the intention is to introduce Kali through the perspective of doing security
testing, the following subjects are covered:
Foundations of Kali Linux
Linux has a rich history, going back to the 1960s with Unix. This chapter covers a
bit of the background of Unix so you can better understand why the tools in
Linux work the way they do and how best to make efficient use of them. We’ll
also look at the command line since we’ll be spending a lot of time there through
the rest of the book, as well as the desktops that are available so you can have a
comfortable working environment. If you are new to Linux, this chapter will pre‐
pare you to be successful with the remainder of the book so you aren’t over‐
whelmed when we start digging deep into the tools available.
Network Security Testing Basics
The services you are most familiar with listen on the network. Also, systems that
are connected to the network may be vulnerable. To be in a better position to
perform testing over the network, we’ll cover some basics of the way network
protocols work. When you really get deep into security testing, you will find an
understanding of the protocols you are working with to be an invaluable asset.
We will also take a look at tools that can be used for stress testing of network
stacks and applications.
Reconnaissance
When you are doing security testing or penetration testing, a common practice is
to perform reconnaissance against your target. A lot of open sources are available
that you can use to gather information about your target. This will not only help
you with later stages of your testing, but also provide a lot of details you can
share with the organization you are performing testing for. This can help them
correctly determine the footprint of systems available to the outside world. Infor‐
mation about an organization and the people in it can provide stepping stones
for attackers, after all.
Looking for Vulnerabilities
Attacks against organizations arise from vulnerabilities. We’ll look at vulnerabil‐
ity scanners that can provide insight into the technical (as opposed to human)
vulnerabilities that exist at your target organization. This will lead to hints on
where to go from here, since the objective of security testing is to provide insights
to the organization you are testing for about potential vulnerabilities and expo‐
sures. Identifying vulnerabilities will help you there.
Automated Exploits
While Metasploit may be the foundation of performing security testing or pene‐
tration testing, other tools are available as well. We’ll cover the basics of using