Sunday, 5 October 2014

Information Gathering

As per OWASP Testing Guide v4, the first phase in security assessment is focused on collecting as much information as possible about a target application. Information Gathering is the most critical step of an application security test. The security test should endeavour to test as much of the code base as possible. Thus mapping all possible paths through the code to facilitate thorough testing is paramount.

This task can be carried out in many different ways.

By using public tools (search engines), scanners, sending simple HTTP requests, or specially crafted requests, it is possible to force the application to leak information, e.g., disclosing error messages or revealing the versions and technologies used.

Below are the list of tools, are used to gather information.
  • acccheck
  • ace-voip
  • Amap
  • Automater
  • bing-ip2hosts
  • braa
  • CaseFile
  • CDPSnarf
  • cisco-torch
  • Cookie Cadger
  • copy-router-config
  • DMitry
  • dnmap
  • dnsenum
  • dnsmap
  • DNSRecon
  • dnstracer
  • dnswalk
  • DotDotPwn
  • enum4linux
  • enumIAX
  • exploitdb
  • Fierce
  • Firewalk
  • fragroute
  • fragrouter
  • Ghost Phisher
  • GoLismero
  • goofile
  • hping3
  • InTrace
  • iSMTP
  • lbd
  • Maltego Teeth
  • masscan
  • Metagoofil
  • Miranda
  • Nmap
  • ntop
  • p0f
  • Parsero
  • Recon-ng
  • SET
  • smtp-user-enum
  • snmpcheck
  • sslcaudit
  • SSLsplit
  • sslstrip
  • SSLyze
  • THC-IPV6
  • theHarvester
  • TLSSLed
  • twofi
  • URLCrazy
  • Wireshark
  • WOL-E
  • Xplico

Friday, 3 October 2014

Kali Linux NetHunter


NetHunter, built on top is Kali Linux, is Andriod penetration testing platform that works on Nexus devices. With all the features of Kali tools, NetHunter has the ability to get a full VNC session from your phone to a graphical Kali chroot. A joint effort between the Kali community member “BinkyBear” and Offensive Security. NetHunter supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setup, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks – and is built upon the sturdy shoulders of the Kali Linux distribution and toolsets.

Supported Devices:
  • Nexus 4 (GSM)
  • Nexus 5 (GSM/LTE)
  • Nexus 7 [2012] (Wi-Fi)
  • Nexus 7 [2012] (Mobile)
  • Nexus 7 [2013] (Wi-Fi)
  • Nexus 7 [2013] (Mobile)
  • Nexus 10
Current Release: v1.0.2
Download Link: NetHunter

LiveCD List

The LiveCD List is an exclusive resource portal for different operating system where you can sort out the right one. It currently tracks LiveCDs, LiveDVDs and LiveUSB operating systems.

Download Link: http://www.livecdlist.com

Monday, 15 September 2014

Friday, 5 September 2014

Kali Linux Custom VMWare and ARM Images

Please find the link below for several customize VMware and ARM images. This link re-direct to the updated and customize VMWare and ARM Images.

Link: Kali Linux Custom VMWare and ARM Images

Tuesday, 2 September 2014

Kali Linux 1.0.9 released


Kali Linux 1.0.9 release now provides support for the last Raspberry Pi B+ ARM computer. It has also included two more images for the Odroid U3 and Cubox-i ARM computers. There are also a long list of bug fixes and updates to existing tools. Please click on the image to go Kali Linux download page.

New Kali Linux Tools Website

Kali Linux has launched a website for tools from various different niches of the security and forensics fields. This site aims to list them all and provide a quick reference to these tools. In addition, the versions of the tools can be tracked against their upstream sources. If you find any errors (typos, wrong URLs) please drop a mail to info@kali.org.

Saturday, 23 August 2014

Wednesday, 23 July 2014

Kali Linux 1.0.8 released


Kali Linux 1.0.8 has been released with USB EFI boot support. For more, please click here. To Download Kali Linux flavour, please click here.

Monday, 7 July 2014

The Mole for Kali Linux


The Mole is a python based automatic SQL Injection exploitation tool developed by Nasel. All you need to do is to provide a vulnerable URL and a valid string on the site it and it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features
  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  • Command line interface. Different commands trigger different actions.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections through GET/POST/Cookie parameters.
  • Developed in python 3.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.

Links:
Downloads, The Mole for different platforms.
Documentation, How to install The Mole.
Tutorial, How to use The Mole to exploit SQL injections.


Disclaimer: Usage of The Mole for attacking web servers without mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. 

Thursday, 29 May 2014

Kali Linux 1.0.7 Released


Kali Linux 1.0.7 released with a new 3.14 kernel. Please click here to know new features of Kali Linux release.

Saturday, 19 April 2014

Troubleshooting Wireless Driver

Troubleshooting wireless driver in Linux is a tedious task, if you do not know what to look for. Here is the link that will guide you to do basic troubleshooting to resolve wireless issue. Click here to goto the article page.

Monday, 31 March 2014

How to fix Kali Linux slow update?

When we talk about update, we know that the client system is downloading an update and patches from the source(online- from the network resource or offline- cd/dvd or any other secondary source). Here, we are talking about online update only. Kali Linux is relatively new and have less mirror sites, so the less the mirror sites the more online users to access the server and utilizing all the bandwidth. When you type apt-get update on the terminal, it searches for the relative links for update from /etc/apt/sources.list. So, more the number of links in the repository file, the more time it will consume to search for an update. Below are the few necessary steps that you can perform to fix the issue.

STEPS:

1. Check if you got the right repositories in /etc/apt/sources.list. Please remove unwanted and un-necessary repositories from the sources.list. Click here for more.

2. Run apt-get clean to clear cache.

3. Run apt-get autoremove to remove un-successful installed packages.

4. Choose a fast DNS server. Click here to read this article. To add DNS server address, open terminal and type leafpad/etc/resolv.conf. Once you add the address of DNS server, save and exit the file.

Now, to keep Kali Linux up-to-date, type apt-get update, then apt-get upgrade and finally apt-get dist-upgrade.

Kali Linux Repositories

Hi Everyone! this is an updated post on Kali Linux repositories. Well, a repository is an archival source from where Kali Linux softwares are updated and upgraded online. sources.list is the file where all the links for necessary update are saved. When we execute a command apt-get update, it searches for the updated package online. Un-wanted or un-necessary links can cause failure of Kali Linux package installation, so make sure what link/s should be added to the repository so that Kali Linux should get proper update. 

Kali Linux distribution has three repositories, which are mirrored world-wide:

http.kali.org (mirrorlist): the main package repository;
security.kali.org (mirrorlist): the security package repository;
cdimage.kali.org (mirrorlist): the repository with ISO images.

On a clean installation, Kali Linux, have the following two entries present in /etc/apt/sources.list:

deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
These are called Regular repositories from where Kali Linux get its update. In case, you require additional package, then your can add valid package source. You might also want to add the following repositories as well. These are Sources repositories:

deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

Finally, do not forget to do an update Kali Linux on terminal by typing apt-get update && apt-get upgrade && apt-get dist-upgrade.



Suggestion from Mr. Phong Do. Mr. Phong Do, made a change by just replacing "http:" with "deb" and found update is much faster. Hi all, please check and update me in comments so that I can update the post accordingly. THANKS.

just change http to repo like this:
deb http://repo.kali.org/kali kali main non-free contrib

Installing Cheese


Cheese is an open source application that allows Linux users to access their webcam device and take pictures or created videos with funny effects. It is mostly used under the GNOME desktop environment. The application has no binary packages for a specific Linux distribution, only a source archive that allows advanced users to configure, compile and install it under any Linux-based operating system.

STEPS:

Before you install Cheese, make sure that you do update kali linux by running apt-get update command. For more please click here, if you didn't added repository.

1. Open terminal and type apt-get install cheese.

Allowing it by typing Y to continue dependency of the package.

2. Once Cheese is installed successfully, check the installed package from the menu list. Click on Applications--> Sound & Video--> Cheese to open the application.

Saturday, 22 March 2014

GNOME Tweak Tool

GNOME Tweak Tool is an application for changing the advanced settings of GNOME 3. Below are the features that GNOME Tweak Tool can perform.


  • Reset to defaults settings
  • Startup application management
  • Enable Application menu
  • Dynamic or Static Workspaces creation
  • Disable all extensions
  • Install/Update/Uninstall extensions
  • Font size, hinting and anti-aliasing
  • Icons on Desktop
  • Clock: Show Date and Seconds
To install GNOME Tweak Tool open terminal and run
apt-get update and then 
apt-get install gnome-tweak-tool
Once it install GNOME Tweak Tool, run gnome-tweak-tool to run the application

UVC device driver for Linux

UVC(USB Video Class) is a device driver for video streaming on Universal Serial Bus. The goal of this project is to provide all necessary software components to fully support UVC compliant devices in Linux. UVC specification covers webcams, digital camcorders, analog video converters, analog and digital television tuners and still-image cameras that support video streaming for both video input and output. UVC projects is currently focusing on kernel support for UVC devices. The driver implements the Video4Linux 2 (V4L2) API. This include a V4L2 kernel device driver and patches for user-space tools. Please click here to read the article and supported devices.

Friday, 21 March 2014

Installing Skype in Kali Linux

Before you proceed make sure that you run apt-get update from terminal. Check the necessary repository in sources.list file. For more please read this post.

STEPS:

1. Goto www.skype.com and click on Downloads.

2. Being a Kali Linux user, select Choose your distribution as debian and click Save File to download.

3. Open terminal and locate the downloaded file.

4. Run dkpg -i skype-debian_x.x.x.x_i386.deb (where x is the version of skype) to install the package.
5. Type skype to run the program.

6. Accept License agreement.

Tuesday, 4 March 2014

Check Disk space in Kali Linux

After installing Kali Linux on hard drive or on virtual machine, we may have come across with a warning message of "Low Disk usage". It happens when we allocate insufficient disk space during partition for kali linux or else when we do a regular "update" and "upgrade" of patches or downloading softwares. Kali Linux comes with a graphical built-in tool, i.e. Disk Usage Analyzer. This tool helps you to check the disk space usage. There are other options too, to check usage as per file system.

If you need to check from terminal(for non-gui users), then there are two classic commands available for every linux distros, i.e. 

(a) df: Report file system disk space usage
(b) du: Estimate file space usage

df command is used to check free disk space. You can type df -h or df -k to list free disk space. It displays statistics about the amount of free disk space on the specified file system or on the file system of which file is a part. Values are displayed in 512-byte per block counts.

du command is used to show how much space one ore more files or directories is using. Type du -sh where -s option summarize the space a directory is using and -h option provides "Human-readable" output.


Sunday, 2 March 2014

Troubleshooting Kali Linux Installation

There could be various reason for installation failure. Few of the basic reasons are corrupted downloadable file, damage media during writing an iso file, in-sufficient disk space, missing hash file etc. Click here to open the link and read this article on Troubleshooting Kali Linux Installation.

Tuesday, 4 February 2014

How to uninstall GUI

If you do not wish to continue with GNOME environment then it's best to work with command line interface to face the real-life challenges. Before you proceed, make sure that you logged in as a root user or you have use sudo command with the root password. Open terminal to un-install GNOME and type,

apt-get remove gnome-shell and then type
apt-get autoremove

This will remove GUI interface from Kali Linux and you are set to work through command line interface.

Thursday, 30 January 2014

Kali Linux Images

Below are the links of Kali Linux's ISO images repository that you may found helpful in upgrading or downgrading Kali Linux.

Saturday, 25 January 2014

Top 10 Security Tools

Below are the tools that developers consider to be the top 10 security tools that could be covered to some benefit to people considering putting Kali Linux into their network security toolbox.

aircrack-ng

Sunday, 12 January 2014

Installing TOR browser

There are many ways of installing TOR but an easy step is to go to TOR website, download, extract the file and install it on Kali Linux. So, here we go.

STEPS:

2. Click on Download.
3. Navigate 32 bit or 64 bit for GNU/Linux, click on Download and then select Save file and press ok.
4. Once the file is downloaded, open terminal and type cd command to go to the directory where the file has been downloaded.
5. Decompress the file by running tar with xvzf parameters.
6. Once the file is decompressed, goto the tor folder.
7. Edit the file start-tor-browser in a text editor, like leafpad, by giving admin right
8. Run the browser, either by clicking on start-tor-browser or through terminal window by typing ./start-tor-browser.

Now let's see these by an example. Let's say, at the time of release, the filename of the tor browser is tor-browser-gnu-linux-i686-2.3.25-15-dev-en-US.tar.gz(for 32-bit, it may different depending on the architecture of your OS). This file has been downloaded in my Downloads directory. So, here are the steps that I performed.

(a) root@kali:~#cd Downloads
(b) root@kali:~/Downloads#tar -xvzf tor-browser-gnu-linux-i686-2.3.25-15-dev-en-US.tar.gz
(c) root@kali:~/Downloads#cd tor-browser_en-US
(d) root@kali:~/Downloads/cd tor-browser_en-US#leafpad start-tor-browser

Once the file is opened in leafpad, press ctrl + f and type root and then search. Now change the value from 0 to 1, as you are allowing tor browser file with administrative privilege.
Save the file and exit.
(e) root@kali:~/Downloads/cd tor-browser_en-US#./start-tor-browser to start tor browser.






Saturday, 11 January 2014

Kali Linux 1.0.6 has been released

Kali Linux 1.0.6 released with a new 3.12 kernel, a LUKS nuke feature, new Kali ARM build scripts, and Kali AMAZON AMI and Google Compute image generation scripts, not to mention numerous tool additions and updates – this release is really heavily laden with goodness. This new release brings with it the introduction of the Offensive Security Trusted ARM image scripts – a set of slowly growing scripts that are able to build Kali Linux images for various ARM devices. These scripts will replace the growing number of actual ARM image releases we have in order to reduce the exponentially growing amount of traffic we serve on each release.

Wednesday, 1 January 2014

Kali LInux KDE

Kali LInux KDE is the release, made from original source code of Kali Linux Gnome edition. Available for 32-bit and 64-bit machine. Click here to download.