官术网_书友最值得收藏!

Kali Linux

BackTrack (BT), (www.offensive-security.com) was released to provide an extensive variety of penetration testing and defensive tools that were perfect for auditors and network administrators interested in assessing and securing their networks. The same tools were used by both authorized and unauthorized (hackers) penetration testers.

The final version of BackTrack, BT 5r3, was released in August 2012. Based on the Ubuntu Linux platform, it was widely adopted and supported by the security community. Unfortunately, its file architecture made it difficult to manage the array of tools and their accompanying dependencies.

In BackTrack, all of the tools used for penetration testing were placed in the /pentest directory. Subfolders such as /web or /database helped to further define the location of tools. Finding and executing tools within this hierarchy could be counterintuitive. For example, is sqlninja, which identifies an SQL injection, a web vulnerability assessment tool, a web exploit tool, or a database exploit tool?

In March 2013, BackTrack was superseded by Kali Linux, which uses a new platform architecture based on the Debian GNU/Linux operating system.

Debian adheres to the Filesystem Hierarchy Standard (FHS), which is a significant advantage over BackTrack. Instead of needing to navigate through the /pentest tree, you can call a tool from anywhere on the system because applications are included in the system path.

Other features of Kali include the following:

  • Support for multiple desktop environments such as Gnome, KDE, LXDE, and XFCE, and provides multilingual support.
  • Debian-compliant tools are synchronized with the Debian repositories at least four times daily, making it easier to update packages and apply security fixes.
  • Support for ISO customizations, allowing users to build their own versions of Kali. The bootstrap function also performs enterprise-wide network installs that can be automated using pre-seed files.
  • ARMEL and ARMHF support allows Kali to be installed on devices such as Raspberry Pi, ODROID-U2/-X2, and the Samsung Chromebook.
  • Over 300 penetration testing data forensics and defensive tools are included. They provide extensive wireless support with kernel patches to permit the packet injection required by some wireless attacks.
  • Kali remains an open source project that is free. Most importantly, it is well supported by an active online community.

Throughout this book, we'll be using a VMware virtual machine (VM) of 64-bit Kali (refer to Appendix, Installing Kali Linux for instructions on installing Kali).

A VM is used because it makes it easy to rapidly execute certain applications in other operating systems, such as Microsoft Windows. In addition, a VM can be archived with the results from a penetration test, allowing the archive to be reviewed to determine if a particular vulnerability would have been detected with the toolset that was used for testing.

When Kali is launched, the user will be taken to the default desktop GUI with a menu bar at the top and a few simple icons. By selecting the menu item Applications, and then Kali Linux, the user will gain access to a menu system that contains the Top 10 Security Tools as well as a series of folders, organized in the general order that would be followed during a penetration test, as shown in the following screenshot:

Kali Linux

Note

The menu will be familiar to users of BT 5r3. However, there are some changes, which include simplified access to network services and communications.

主站蜘蛛池模板: 自治县| 贡山| 永昌县| 时尚| 德江县| 嫩江县| 封开县| 龙里县| 出国| 乡宁县| 五莲县| 那曲县| 城口县| 盐边县| 望城县| 丹阳市| 二连浩特市| 昌江| 济阳县| 青铜峡市| 福州市| 普定县| 沙河市| 余庆县| 五莲县| 武安市| 阳泉市| 三门县| 藁城市| 青冈县| 麻江县| 安远县| 黄大仙区| 邯郸县| 仁布县| 定结县| 衡南县| 临汾市| 通海县| 麻江县| 彰化县|