The open-source nature of the Linux operating System has led to the release of various distributions for the operating System.

Users and businesses welcome distributions depending on the capabilities and facilities they offer.

Kali Linux is one of the most well-known Linux distributions. Its security approach is derived from the Debian distribution, and it is mostly used for penetration testing and digital criminology tests.

Kali Linux was developed by BackTrack and rewritten by Matthew Aharony and Dion Kerns of Offensive Security.

Kali Linux is equipped with hundreds of application tools for various tasks in information security, such as penetration testing, security research, computer crimes, and reverse engineering.

General acquaintance with Kali Linux

As mentioned, Kali Linux was developed using the BackTrack version. The first version of this operating system was introduced in March 2013; however, today, Offensive Security financially supports the distribution.

Kali Linux has over 600 penetration testing tools designed for specific applications. The developers of this distribution have categorized them to make them easier to use.

This classification includes data collection tools, vulnerability analysis, wireless intrusion tests, program evaluation, exploitation tools, criminology, eavesdropping, password evaluation, reverse engineering, reporting tools, and hardware hacking.
What group of users is Kali Linux suitable for?

Security executives and Security experts are the primary audiences of Kali Linux. These professionals use Kali Linux to detect and prevent Security breaches and identify vulnerabilities hidden in software and infrastructure.

In general, Kali Linux is used by the following professionals:

Security Managers: People who have been given the responsibility of protecting an organization’s information and data. They use Kali Linux to monitor the operating environment to ensure no vulnerability in the infrastructure.

Network administrators are the people entrusted with the responsibility of maintaining the network. They use Kali Linux to identify unsafe access points or unauthorized access points created by employees.

Network Architects are responsible for designing secure networks. They use Kali Linux to check the initial designs to ensure that nothing is overlooked and that the settings are configured correctly.

Intrusion Testing Experts: Kali Linux’s security tools allow security experts to test operating environments as accurately as possible and identify network breaches, software used by users, or firmware that has security breaches.

CISO: Senior Information Security Administrators (CISOs) use Kali Linux to scan the corporate environment and identify new programs that have been unauthorized by employees or configured settings.

Criminologists: Criminology is one of the most important branches of security. By providing a wide range of tools, Kali Linux allows this group of professionals to discover and retrieve data that indicates what caused a security attack and who is behind it.

White Hat Hackers: White hat hackers, like penetration testing experts, use Kali Linux to scan an organization’s operating environment for vulnerabilities.

Penetration testing course with Kali Linux (pwk-oscp)

Kali Linux is more than just a standard Linux distribution. A vital course and certification in connection with this operating System is Penetration Testing With Kali (PWK), which is called Penetration Testing With Kali with the code PEN-200 by the Offensive Security Institute.

This course is one of the most expensive training courses in Security, hacking, and criminology. Those interested in participating in this course and taking the relevant exam must pay $999, which shows that many Security points are taught in this course.

The cost of participating in this course in Iran is approximately one million and six hundred thousand tomans in person and about one million and two hundred thousand tomans online.

Scholars in the PWK course learn how to test vulnerabilities and network penetration in an advanced way.

The main topics of the PWK course are accurate data collection, finding vulnerabilities, identifying and working with various exploits, detecting vulnerabilities in applications, and identifying the techniques that hackers use to bypass firewalls and antivirus.

“People who have just entered the Security world or are interested in penetration testing should start from this point,” says the Offensive Security Institute, describing the course.

This course teaches people moral ethics step by step. “PEN-200 teaches people the skills and how to implement the penetration test.”

If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications to familiarize yourself with the basics of networking, Security, and penetration tests, and then consider improving your skills.

Table 1 shows the topics of this course.

“People who have just entered the Security world or are interested in penetration testing should start now. This course teaches people moral ethics step by step.

“PEN-200 teaches people the skills and how to implement the penetration test.” If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications to familiarize yourself with the basics of networking, Security, and penetration tests, and then consider improving your skills. Table 1 shows the topics of this course.

“People who have just entered the Security world or are interested in penetration testing should start now.

This course teaches people moral ethics step by step.

“PEN-200 teaches people the skills and how to implement the penetration test.” If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications to familiarize yourself with the basics of networking, Security, and penetration tests, and then consider improving your skills. Table 1 shows the topics of this course.

If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications to familiarize yourself with the basics of networking, Security, and penetration tests, and then consider improving your skill level.

Table 1 shows the topics of this course.

If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications to familiarize yourself with the basics of networking, Security, and penetration tests, and then consider improving your skill level. Table 1 shows the topics of this course.

With this description, we see that Kali Linux is not for normal daily activities and is more available to security professionals as a set of powerful tools. Simply put, those interested in Kali Linux and the PWK degree increase their chances of finding a job in the Security field.

How to install Kali Linux?

Now that we are somewhat familiar with Kali Linux’s functionalities, it is better to examine its different installation methods.
Run directly on PC or laptop.

Users can install Kali Linux directly on a personal computer or laptop using the existing images. This method is ideal when you have experience working with Kali Linux or want to run tests to identify access points from a computer equipped with WiFi.
Installation on virtual machines

Kali Linux supports most hypervisors and can be installed on most emulators. Pre-configured Kali Linux images can be found on the distribution’s official website, although it is possible to install them through installation files on hypervisors.

Cloud

Because Kali Linux and the certification for this distribution are world-renowned, Amazon AWS and Microsoft Azure have provided images for installing Kali Linux on their cloud environments.

USB Disk Drive

Users can use the ISO Kali Linux image to build a boot disk to use Kali Linux on a single device without the need for actual installation for digital criminology.

Windows 10 program

Fortunately, it is possible to run Kali Linux on Windows 10 via the command line.

However, some features may not be available (Figure 1).

figure 1

Installation on Mac (single or dual boot)

Kali Linux can be installed on the Mac as a secondary or main operating system. Parallels can be used to configure these settings.

What tools are available to users who are installing Linux?

When you install Linux on the target System, a complete set of tools is available (except for the Windows 10 command line mode, where some tools may not work correctly). The most essential tools of this distribution are the following:

Aircrack-ng

It is a set of tools used to check the Security status of the WiFi network. This collection focuses on the key WiFi Security features as follows:

Monitoring: Examining packets and sending data to text files to process more packages by third-party tools.

Attack: Implement replay attacks, bypass authentication, detect fake access points, and implement various operations to inject packets.

Test: Check WiFi cards and addresses

Crack: Breaking the Security patterns of WEP, WPA1, and WPA2 PSK protocols

All of these tools are provided as command-line tools that allow scripting.

Nmap

WorkNetwork Mapper is one of the most popular Kali Linux tools, and it is known as Nmap. Nmap is a free, open-source web analytics tool. Nmap is used to determine the hosts on the network, the type of services, the operating System running on the host, the kind of filter packets and firewalls, the list of network devices, the management of service upgrade schedules, the monitoring of hosts, the performance of services, and so on.

THC Hydra

Hydra is a great option when you need to launch a pervasive search attack to identify a remote service’s authentication status.
The tool can perform fast dictionary-based attacks on over 50 standard protocols, such as Telnet, HTTP, FTP, HTTPS, SMB, and various databases. Security experts can also use the above tools to scan wireless networks.

Nessus

Nessus is a remote scanning tool used to investigate System vulnerabilities. This tool does not actively perform the detection process (sending large volumes of packets or performing various operations detected by intrusion detection and prevention systems) and does not block vulnerabilities. Instead, it quickly identifies more than 1,200 vulnerabilities by performing various processes and provides patches for them.

WireShark

IreWireShark یک is an open-source data packet analysis tool used to monitor the network, prepare reports, alerts, and the like. The above tool is the most complete tool for analyzing network protocols in the Linux world.

Overview of the Kali Linux environment

‌When you install Kali Linux directly on your System or virtual machine, you must enter your username on the start screen at startup (Figure 2). By default, this value is called root.

The Kali Linux graphical Desktop environment is similar. The Kali و Linux Desktop has various toolbars, including applications tabs, locations, and the Kali Linux dock.

figure 2

Figure 3

Figure 4

Applications tab

The above tab is a drop-down list of all programs and tools installed on Linux available to the user. The Applications tab provides access to a broad and rich range of tools, not all of which can be explored in this article.

However, this article will examine the two tools Nmap and Metasploit to familiarize readers with Kali Linux tools and how to implement them. Click the Applications tab to access different applications.

Select the specific category in which the application is located and click on the desired application (Figure 5).

Figure 5

Language tabs

Kali Linux provides access to folders and images of personal documents through Places. The Places menu hosts various subcategories such as Pictures, Videos, Computer, Downloads, Documents, Home, Music, Desktop, and Browse Network. Clicking any options in this section will open the desired folder (Figure 6).

Figure 6

Dok Kali Linux

The Linux Kali dock, like the Mac dock system or Windows taskbar, is designed for easy access to applications and for adding or removing programs. It is located vertically on the left side of the window (Figure 7).

Figure 7

How to use Nmap in Kali Linux?

Nmap is one of the most important Kali Linux tools. One of its applications is vulnerability scanning. Nmap can show each host’s services and ports and their Security vulnerabilities.

At the most basic level, Nmap can be considered a ping tool. Typically, the first thing Security professionals do when running Nmap is scan. Nmap can handle the initial 1000 ports of the TCP protocol.

If the instrument detects a port being listened to, it will show its status as open, closed, or filtered.

For example, filtered ports are more likely to have their traffic manipulated by a firewall. Users can use the above tools in the following ways:

• Scan a single address: Nmap 192.168.1.1
• Scan a host: Nmap www.testnetwork.com
• After scanning a range of IP addresses: Nmap 192.168.1.1-20
• Then try scanning a subnet: Nmap 192.168.1.0/24
• The Scan targets are listed in a text file: Nmap -iL list-of-ipaddresses.txt

How do you run an initial Nmap scan on Kali Linux?

For an initial Nmap scan of the dock menu, click on the second tab, Terminal. In the window that opens, enter the ipconfig command to display the Kali Linux system’s local IP address.

In the example above, the local IP address is 10.0.2.15. Write down the local IP address below.

In the terminal window, enter the command Nmap 10.0.2.15 to scan the host’s first thousand local ports. Since the operating System is newly installed, no port should be opened.

Check the results now (Figure 8). If you want all ports scanned, you must use the—p—switch as Nmap 10.0.2.15 -p-. Nmap also offers the functionality of identifying the guest operating system.

To identify the host operating System, enter the host’s IP address and the -A switch in the terminal window.

For example, the hypothetical Nmap address 10.28.2.26 -A provides a report on the host operating System (Figure 9).

Figure 8

Figure 9

What is Metasploit?

Metasploit Framework is an open-source tool for identifying vulnerabilities. It helps security experts identify network threats and vulnerabilities. Users can use Nmap within Metasploit.

For example, to scroll a subnet, first scroll down the Applications tab to see Exploitation Tools 08. Then select the Metasploit option. The open terminal window called MSF is Metasploit.

Now enter the command db_nmap -V -SV 10.0.2.15/24. Note that in the example above, you must enter your IP address instead of the IP address above. In this example, db_stands refers to the name of the database.

The -V switch indicates verbose, and -SV is used to detect the service version. Figure 10 shows the output of the above tool, which is used to identify vulnerabilities.

For example, in the terminal window of the above tool, if you use the Hosts -R command, it will add newly identified hosts to the Metasploit database. Next, you need to enter the Show exploits command to get a complete report on Metasploit.

Figure 10

last word

Kali Linux is an amazing operating system that almost every security expert should know about. Due to its stability and ease of use, this Linux distribution has become an effective tool for identifying vulnerabilities and collecting cues that can be cited for criminology.

However, it is important to note that Kali Linux should only be used in authorized network environments. You must be licensed to run some of these distribution tools in enterprise environments.