Who This Book Is For While I hope there is something in this book for readers with a wide variety of experi‐
ences, the primary audience for the book is people who may have a little Linux or
Unix experience but want to see what Kali is all about. This book is also for people
who want to get a better handle on security testing by using the tools that Kali Linux
has to offer. If you are already experienced with Linux, you may skip
Chapter 1
, for
instance. You may also be someone who has done web application testing by using
some common tools but you want to expand your range to a broader set of skills.
The Value and Importance of Ethics A word about ethics, though you will see this come up a lot because it’s so important
that it’s worth repeating. A lot. Security testing requires that you have permission.
What you are likely to be doing is illegal in most places. Probing remote systems
without permission can get you into a lot of trouble. Mentioning the legality at the
top tends to get people’s attention.
Beyond the legality is the ethics. Security professionals who acquire certifications
have to take oaths related to their ethical practices. One of the most important pre‐
cepts here is not misusing information resources. The CISSP certification has a code
of ethics that goes along with it, requiring you to agree to not do anything illegal or
unethical.
Testing on any system you don’t have permission to test on is not only potentially ille‐
gal, but also certainly unethical by the standards of our industry. It isn’t sufficient to
know someone at the organization you want to target and obtain their permission.
You must have permission from a business owner or someone at an appropriate level
of responsibility to give you that permission. It’s also best to have the permission in
writing. This ensures that both parties are on the same page. It is also important to
have the scope recognized up front. The organization you are testing for may have
restrictions on what you can do, what systems and networks you can touch, and dur‐
ing what hours you can perform the testing. Get all of that in writing. Up front. This
is your Get Out of Jail Free card. Write down the scope of testing and then live by it.
Also, communicate, communicate, communicate. Do yourself a favor. Don’t just get
the permission in writing and then disappear without letting your client know what
xii | Preface
you are doing. Communication and collaboration will yield good results for you and
the organization you are testing for. It’s also generally just the right thing to do.
Within ethical boundaries, have fun!