networking

Penetration testing and hacking tools on Kali Linux

List of best Kali Linux tools for penetration testing and hacking

by

Kali Linux is a Linux distribution geared towards cyber security professionals, penetration testers, and ethical hackers. It comes decked out with a large assortment of hacking tools, and many more can be installed.

Perhaps you’re thinking about installing Kali Linux, or have recently installed it but aren’t sure of where to start. In this guide, we’re going to go over some of our favorite penetration testing and hacking tools on the distro. This will give you a good impression of what’s available, as well as some idea of how to use the various tools.

In this tutorial you will learn:

  • Best Kali Linux tools for penetration testing and hacking

Read more

telnet command on Kali Linux

How to install and use telnet on Kali Linux

by

The telnet utility, a once common protocol that graced the terminal of every system administrator and power user, was a precursor for SSH. These days, it’s a forgotten relic that isn’t installed by default on most Linux distros.

Despite the other protocols that have come to replace it, telnet remains an ideal utility to test the connection to a certain port of a device. In this guide, we’ll see how to install telnet on Kali Linux, along with some usage examples.

In this tutorial you will learn:

  • How to install telnet
  • Command usage examples for telnet

Read more

traceroute on Kali Linux

How to use traceroute on Kali Linux

by

When performing digital reconnaissance or penetrating testing, it’s important to fingerprint a network by understanding what servers or devices sit between your system and a target. For example, security professionals can’t go straight to attacking a web server without first taking the time to see if there’s a firewall in front of it.

This is where the traceroute utility comes in. It can send a packet from your system to the target machine, and list out its entire route for the journey there. This will reveal how many devices your network data is passing through, as well as the IP address of each device.

Kali Linux has another similar reconnaissance utility called mtr, which mostly functions the same as traceroute. In this guide, we’ll see how to use traceroute and mtr, along with their various command options, on Kali.

In this tutorial you will learn:

  • How to use traceroute
  • How to use mtr

Read more

Default user and password for Kali Linux

Kali Linux Default Password

by

The objective of this guide is to show the default username and password for Kali Linux. The guide will be applicable for persistent installations, as well as the live CD image and Kali virtual machine downloads in VirtualBox or VMware.

In this tutorial you will learn:

  • Default username and password for Kali
  • How to execute Linux commands with administrative root privileges
  • How to change to root shell
  • How to change user and root passwords
Default user and password for Kali Linux

Default user and password for Kali Linux

Read more

Using WPScan on Kali Linux

Use WPScan to scan WordPress for vulnerabilities on Kali

by

Vulnerabilities in WordPress can be uncovered by the WPScan utility, which comes installed by default in Kali Linux. It’s also a great tool for gathering general reconnaissance information about a website that’s running WordPress.

Owners of WordPress sites would be wise to try running WPScan against their site, as it may reveal security issues that need patched. It can also reveal more general web server issues, such as directory listings that haven’t been turned off inside Apache or NGINX.

WPScan itself is not a tool that can be used maliciously while performing simple scans against a site, unless you consider the extra traffic itself to be malicious. But the information it reveals about a site can be leveraged by attackers to launch an attack. WPScan can also try username and password combinations to try and gain access to a WordPress site. For this reason, it’s advised that you only run WPScan against a site that you own or have permission to scan.

In this guide, we’ll see how to use WPScan and its various command line options on Kali Linux. Try out some of the examples below to test your own WordPress installation for security vulnerabilities.

In this tutorial you will learn:

  • How to use WPScan
  • How to scan for vulnerabilities with API token

Read more

Searching for packages to install on Kali Linux

How to search for extra hacking tools on Kali

by

Kali Linux already comes with a lot of ethical hacking and penetration tools out of the box. There are even more tools available from package repositories, but sifting through hundreds of tools and finding the ones you want to install can be challenging.

We aim to make the task easier in this guide, by showing you how to search for more software and install the tools on your system. If Kali doesn’t include some of your favorite tools by default, or you just want to browse the selection of software to see what else might be available, the steps below will help you find useful tools to install.

In this tutorial you will learn:

  • How to search for packages with apt-cache
  • How to search for packages with aptitude
  • GUI software installers
  • How to search for Kali packages online
Searching for packages to install on Kali Linux

Searching for packages to install on Kali Linux

Read more

How to prevent NetworkManager connectivity checking

How to prevent NetworkManager connectivity checking

by

NetworkManager is a software utility for configuring and managing network interfaces. It is developed by the Gnome project and is used in many distributions and by many Desktop Environments. The stated goal of NetworkManager is to make setting up and configuring networking as automatic and painless as possible, so that it just works. To aid in this goal NetworkManager can perform connectivity checking in order to determine whether your network has full internet connectivity.

Read more

Parrot OS, sporting the MATE desktop environment

Parrot Linux download

by

Parrot OS is a Linux distribution with a heavy focus on user privacy and penetration testing. It’s based on Debian Linux. For other most popular Linux distributions, please visit our dedicated Linux download page.

When people think of penetration testing distributions, usually Kali Linux is the first one that comes to mind. While there’s definitely some functional overlap, the two distributions have a lot of differences. First impressions of Parrot make it clear that it’s more of a privacy-focused distro than a hacking one.

Parrot inherits a lot of Debian’s traits, like using the APT package manager, from which it can install a staggering number of packages that are available in Debian’s repos. Parrot also maintains their own repos full of penetration testing and privacy tools.

Parrot makes a point of “staying quiet” by disabling network services by default. This creates a smaller RAM footprint but also helps keep the system hidden if you’re on a target network. It also disables auto mounting by default. These extra security measures are nice, but may be frustrating for a novice that wants their system to “just work.”

Parrot’s passion for privacy becomes immediately apparent when browsing through the default applications that are included with the distro. You’ll find the Tor browser already installed, and various Firefox privacy plugins like uBlock Origin, Privacy Badger, and HTTPS Everywhere. It’s nice having a distro that works so hard to protect your privacy. This can make it very attractive as a daily driver for some users. You don’t need to be a cybersecurity professional or penetration tester to use this distribution, though it can definitely fill those purposes well.

Read more

Parrot OS

Kali Linux vs Parrot

by

Kali Linux and Parrot OS are two Linux distributions with a huge focus on cybersecurity, privacy, and penetration testing.

Both distributions are based on Debian Linux, naturally making them pretty similar. This fact, along with a big overlap in target audience, causes a lot of newcomers to question the difference between the two distributions.

In this guide, we’ll be comparing the two distributions across a few key areas and giving a brief review of both distros. Read on to learn more about Kali Linux and Parrot OS and how they compare. By the end of this article, you’ll be armed with enough information to choose the best distro for your needs.

In this tutorial you will learn:

  • Kali Linux and Parrot OS background information
  • Kali Linux and Parrot OS similarities and differences
  • Which distro should I use, Kali Linux or Parrot OS?

Read more

Create redirect and rewrite rules into .htaccess on Apache webserver

Create redirect and rewrite rules into .htaccess on Apache webserver

by

When using the Apache web server, .htaccess files (also called “distributed configuration files”) are used to specify configuration on a per-directory basis, or more generally to modify the behavior of the Apache web server without having to access virtual hosts files directly (this is usually impossible for example, on shared hosts). In this tutorial we see how we can establish URL redirections and rewriting rules inside .htaccess files.

In this tutorial you will learn:

  • How .htaccess files work
  • How to setup URL rewriting rules in .htaccess files using the RewriteRule directive
  • How to setup URL redirection rules in .htaccess files using the Redirect and RedirectMatch directives

Read more

How to switch back networking to /etc/network/interfaces on Ubuntu 20.04 Focal Fossa Linux

How to switch back networking to /etc/network/interfaces on Ubuntu 20.04 Focal Fossa Linux

by

This article will explain how to switch back networking from NetPlan/CloudInit on Ubuntu 20.04 Focal Fossa Linux to yet now already obsolete networking managed via /etc/network/interfaces.

In this tutorial you will learn:

  • How to revert to eth0..n network naming convention
  • How to install ifupdown
  • How to remove CloudInit
  • How to enable networking daemon
WARNING
Switching back from NetPlan/CloudInit to the now obsolete networking daemon is not supported nor recommended as you might end up with a broken system.

Read more

Firefox warning that the connection to this website is not secure

Firefox on Linux – Your connection is not secure

by

When browsing the web, your computer can communicate with websites through two different protocols: HTTP and HTTPS. HTTPS is the safer version of HTTP, with the “S” standing for “secure.” Whether a website is configured to communicate with its users securely or not is up to the site administrator.

On certain websites, you may notice Mozilla Firefox or another modern browser indicating that “your connection is not secure.” This basically means that the website is using HTTP instead of HTTPS. Whether a site is using HTTP or HTTPS will always be indicated by the padlock symbol next to the URL of a site.

In this guide, we’ll go over this security warning, talk about the seriousness of it, and give some tips for how you can protect yourself when browsing the web with Firefox on a Linux system.

In this tutorial you will learn:

  • Why are some sites still using HTTP?
  • Why is it important for sites to use HTTPS?
  • What can I do to protect myself when browsing a site with HTTP?

Read more