Skip to main content

Kali Linux 101

Linux was always a bit too 'geeky' thing for me. My recent time on bench provided me however with time and motivation to go into this "terra incognita".
The intention was originally to learn some foundations of security testing. After a while I discovered that Kali Linux could provide also benefits for the everyday testing routine.
Following is a simple set of tools that will support and enhance your testing.

whatweb

Whatweb is a web scanner which provides information about the technologies used on the website, mail addresses found and many more

Example (type into terminal in Kali Linux): whatweb 0-v https://www.houseoftest.rocks/



whois 

Provides domain and legal information about the target website (where is it registered, owner, address, etc.)
Example: whois houseoftest.rocks

cewl

Outputs all the words contained in the target website. You never know when such feature comes handy. You can output also into a file of course.
Example: cewl https://www.houseoftest.rocks/ -v -w wordlist_hot.txt

theharvester

Searches and outputs mentions on social medias about specified word (for example name of your company). This is rather a tool used in penetration testing, however other forms of testing can also find usage. 
Example: theharvester -d houseoftest -b twitter 


(-b defines the data source, you can put there  google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, jigsaw, twitter, googleplus, all)

zap

OWASP ZAP (Zed Attack Proxy) is a GUI penetration testing tool devised to find vulnerabilities in a website/application. On the surface level it can be also used by a person which is not at all familiar with penetration testing. Some features of zap have very good (time investment)/(information gained) ratio. The configuration is relatively quick, you need to set the proxy both in your browser and in zap and let your browser accept the certificate which you create in zap. Among many uses of this tool to enhance your testing:

Attack

In this feature of zap you just type in your target and click "attack", it will handel the rest, you just need to correctly interpret the results
There are of course many adjustments and tweaks to this scan which you can further play with.

Testing with zap in background

When you run zap configured with your browser, it intercepts and stored all requests/responses going between the website and your browser. When you run this in background, it maps places of the website behind which the automatic scan cannot pass (logins etc.). You can get valuable information about possible flaws or vulnerabilities through this.

Fuzzing

If you were ever interested how that one particular search bar would react to XY different random or custom inputs, fuzzing can spare you some time. 
Start the fuzzer and observe the results

The fuzzer currently found no problems with the current payloads, however the sky is the limit with the prepared file fuzzers within zap or freely downloadable from internet.

Conclusion

Tester as every craftsman is greatly supported by its tools, even an expert lumberjack cannot effectively cut a tree with an blunt axe. Kali is a very sharp axe, but you need some practice to use even a fraction of its potential. I say go this way and explore.







Labels:

Comments

Post a Comment

Popular posts from this blog

When to start automation?

If you are asking this as a tester, you probably asking too late. Automation is something that can save you some portion of your work (understand resources for your client) and i rarely found cases of testing work that did not need at least some portion of automation. I know that it is rarely understood that automation is something to be developed & maintained and if you cover enough of the application, you do not need any more regression - well i do not think that somebody has done an automation regression suite that if fully reliable (i am not speaking about maintaining this code - which is another topic). There can be always a bug (or quality issue) that slips through, even when you scripts go through the afflicted part. I understand that many testers have no development background or skills, but i doubt the developers that could help you are far away. I am not assuming that they can do the scripts for you.... However if they understand what you need, they can say how e
4 comments
Read more

Testers toolkit

As every craftsman needs his tools, testers are no exceptions. I was this weekend at  SOCRATES SWITZERLAND  (SOftware CRAftsmanship and TESting) where we talked also about useful everyday tools. This list tries to be as general as possible to provide tools which can be useful to most part of everyday work, more specialised test-useful tools are very context dependent. I use most of the tools mentioned here and believe they can provide value also to you. Documenting Screenshot  - good picture is worth thousand words, this applies especially for testing, the following are some screenshotting tools and editors I used and can recommend Lightscreen  - simple tool for capturing pictures, free, cannot edit the pictures FastStone  - screen capturing tool and editor, cheap & gets the job done Snagit  - very powerful screen capturing tool and graphic editor, many functions which you never knew you can do, but wont be able to live without afterwards, a bit pricey Recording  (
1 comment
Read more

Many problems with one button

I admire the complexity which can emerge from elementary designs. Especially in the problem space. One example speaks for itself, the 'On/off app' : - an webapp consisting only from one button which can either turn 'things' on or off ( 'Picture 1 ' is an aproximate illustration of both visual states of the app) - 'things' are marketing campaigns, some more complex processes to send particular marketing messages under particular conditions to particular customers (details of such don't matter in this context) Picture 1 source: https://www.vecteezy.com/vector-art/88994-on-and-off-chrome-buttons Even when my team was highly qualified in software development, under the fog of communication  and implicit expectations that we missed, we discovered the following problems with the implementation:  Wrong template The template which we used in the test environment was not meant for production, the impact was low - only a few business
1 comment
Read more