The open-source nature of the Linux operating system has led to the release of various distributions for the operating system.

Distributions are welcomed by users and businesses depending on the capabilities and facilities they offer.

Kali Linux is one of the most well-known Linux distributions with a security approach that is derived from the Debian distribution and is mostly used for penetration testing and digital criminology tests.

Kali Linux was developed by BackTrack rewritten by Matthew Aharony and Dion Kerns of Offensive Security.

The Kali Linux is equipped with hundreds of application tools that are used for various tasks in the field of information security such as penetration testing, security research, computer crimes, and reverse engineering.

General acquaintance with Kali Linux

As mentioned, Kali Linux has been developed from the BackTrack version. The first version of this operating system was introduced in March 2013, however, today the distribution is financially supported by Offensive Security.

Kali Linux has over 600 penetration testing tools, each designed for specific applications. The developers of this distribution have categorized them to make them easier to use.

This classification includes data collection tools, vulnerability analysis, wireless intrusion tests, program evaluation, exploitation tools, criminology, eavesdropping, password evaluation, reverse engineering, reporting tools, and hardware hacking.
What group of users is Kali Linux suitable for?

Security executives and security experts are the main audiences of Kali Linux. These professionals use Kali Linux to detect and prevent security breaches and to identify vulnerabilities and breaches hidden in software and infrastructure.

In general, Kali Linux is used by the following professionals:

Security Managers: People who have been given the responsibility of protecting an organization’s information and data. They use Kali Linux to monitor the operating environment to make sure there is no vulnerability in the infrastructure.

Network administrators: The people who are entrusted with the responsibility of maintaining the network. These people use Kali Linux to identify unsafe access points or unauthorized access points created by employees.

Network Architects: The people who are given the responsibility of designing secure networks. These people use Kali Linux to check the initial designs to make sure nothing is overlooked or the settings are configured correctly.

Intrusion Testing Experts: The security tools in Kali Linux allow security experts to test operating environments as accurately as possible and identify network breaches, software used by users, or firmware that has security breaches.

CISO: Senior Information Security Administrators (CISOs) use Kali Linux to scan the corporate environment and identify new programs that have been unauthorized by employees or configured settings.

Criminologists: One of the most important branches of the security world is criminology. By providing a wide range of tools, Kali Linux allows this group of professionals to discover and retrieve data that indicates what caused a security attack and who is behind a security attack.

White Hat Hackers: White hat hackers, like penetration testing experts, use Kali Linux to scan for vulnerabilities in an organization’s operating environment.

Penetration testing course with Kali Linux (pwk-oscp)

Kali Linux is more than just a normal Linux distribution; An important course and certification in connection with this operating system are called Penetration Testing With Kali (PWK) with the title Penetration Testing With Kali with the code PEN-200 by the Offensive Security Institute.

This course is one of the most expensive training courses in the world of security in the field of hacking and criminology so that those who are interested in participating in this course and taking the relevant exam must pay $ 999, which shows that many security points are taught in this course.

The cost of participating in this course in Iran is approximately one million and six hundred thousand tomans in person and about one million and two hundred thousand tomans online.

Scholars in the PWK course learn the ability to test vulnerabilities and network penetration in an advanced way.

Accurate data collection, finding vulnerabilities, identifying and working with various exploits, detecting vulnerabilities in applications, and identifying the techniques that hackers use to bypass firewalls and antivirus are the main topics of the PWK course.

“People who have just entered the security world or are interested in penetration testing should start from this point,” says the Offensive Security Institute, describing the course.

This course teaches people moral ethics step by step. “PEN-200 teaches people not only the skills but also how to implement the penetration test.”

If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications so that you are at least familiar with the basics of networking, security, and penetration tests, and then think about improving your skills.

Table 1 shows the topics of this course.

“People who have just entered the security world or are interested in penetration testing should start from this point. This course teaches people moral ethics step by step.

“PEN-200 teaches people not only the skills but also how to implement the penetration test.” If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications so that you are at least familiar with the basics of networking, security, and penetration tests, and then think about improving your skills. Table 1 shows the topics of this course.

“People who have just entered the security world or are interested in penetration testing should start from this point.

This course teaches people moral ethics step by step.

“PEN-200 teaches people not only the skills but also how to implement the penetration test.” If you are interested in this course, I suggest you first get the NetworkPlus and CEH certifications so that you are at least familiar with the basics of networking, security, and penetration tests, and then think about improving your skills. Table 1 shows the topics of this course

If you are interested in this course, I suggest that you first get the NetworkPlus and CEH certifications so that you are at least familiar with the basics of networking, security, and penetration tests, and then think about improving your skill level.

Table 1 shows the topics of this course.

If you are interested in this course, I suggest that you first get the NetworkPlus and CEH certifications so that you are at least familiar with the basics of networking, security, and penetration tests, and then think about improving your skill level. Table 1 shows the topics of this course.

Table 1

With this description, we see that Kali Linux is not to be used for normal daily activities and is more available to security professionals as a set of powerful tools. Simply put, those interested in Kali Linux and the PWK degree increase their chances of finding a job in the security field.

How to install Kali Linux?

Now that we are somewhat familiar with the functionalities of Kali Linux, it is better to examine the different methods of its installation.
Run directly on PC or laptop

Users can use the existing images to directly install Kali Linux on a personal computer or laptop. This method is ideal when you have experience working with Kali Linux or you want to run tests to identify access points from a laptop equipped with WiFi.
Installation on virtual machines

Kali Linux supports most hypervisors and can be installed on most emulators. Pre-configured Kali Linux images can be found on the official website of this distribution, although it is possible to install them through installation files on hypervisors.

Cloud

Because Kali Linux and the certification for this distribution are world-renowned, Amazon AWS and Microsoft Azer have provided images for installing Kali Linux on their cloud environments.

USB Disk Drive

Users can use the ISO Kali Linux image to build a boot disk to use Kali Linux on a single device without the need for actual installation for digital criminology.

Windows 10 program

Fortunately, it is possible to run Kali Linux on Windows 10 via the command line.

However, some features may not be available (Figure 1).

figure 1

Installation on Mac (single or dual boot)

Kali Linux can be installed on the Mac as a secondary operating system or the main operating system. Parallels can be used to configure these settings.

What tools are available to users with Linux installation?

When you install Linux on the target system, a complete set of tools is available to you (except for the Windows 10 command line mode, where some tools may not work properly). The most important tools of this distribution are the following:

Aircrack-ng

It is a set of tools used to check the security status of the WiFi network. This collection focuses on the key WiFi security features as follows:

Monitoring: Examining packets and sending data to text files to process more packages by third-party tools.

Attack: Implement replay attacks, bypass authentication, detect fake access points, and implement a variety of operations aimed at injecting packets.

Test: Check WiFi cards and addresses

Crack: Breaking the security patterns of WEP, WPA1, and WPA2 PSK protocols

All of these tools are provided as command-line tools that allow scripting.

Nmap

WorkNetwork Mapper is one of the most popular Kali Linux tools known as Nmap. Nmap is a free, open-source web analytics tool. Nmap is used to determine the hosts on the network, the type of services, the operating system running on the host, the type of filter packets and firewalls, the list of network devices, the management of service upgrade schedules, the monitoring of hosts, the performance of services, and so on.

THC Hydra

Hydra is a great option when you need to launch a pervasive search attack to identify the authentication status of a remote service. The tool can perform fast dictionary-based attacks on more than 50 common protocols such as telnet, HTTP, FTP, HTTPS, SMB, and various databases. Security experts can also use the above tools to scan wireless networks.

Nessus

Nessus is a remote scanning tool used to investigate system vulnerabilities. This tool does not actively perform the detection process (sending large volumes of packets or performing various operations detected by intrusion detection and prevention systems) and does not block vulnerabilities, but quickly identifies more than 1,200 vulnerabilities by performing various processes. And provides patches for vulnerabilities.

WireShark

IreWireShark یک is an open-source data packet analysis tool used to monitor the network, prepare reports, alerts, and the like. The above tool is the most complete tool for analyzing network protocols in the Linux world.

Overview of Kali Linux environment

‌When you install Kali Linux directly on your system or virtual machine, you must enter your username on the start screen at startup (Figure 2). By default, this value is called root.

The Kali Linux graphical desktop environment is similar. The Kali و Linux desktop has various toolbars, including applications tabs, locations, and the Kali Linux dock.

figure 2

The Figure 3

The Figure 4

Applications tab

The above tab is a drop-down list of all programs and tools installed on Linux that are available to the user. The Applications tab provides access to a wide and rich range of tools, not all of which can be explored in this article.

However, to familiarize readers with Kali Linux tools and how to implement them, in this article we will examine the two tools Nmap and Metasploit. Click the Applications tab to access different applications.

Select the specific category in which the application is located and click on the desired application (Figure 5).

Figure 5

Language tabs

Kali Linux provides access to folders and images of personal documents through Places. The Places menu hosts various subcategories such as Pictures, Videos, Computer, Downloads, Documents, Home, Music, Desktop, and Browse Network. Clicking on any of the options shown in this section will open the desired folder (Figure 6).

Figure 6

Dok Kali Linux

The Linux Kali dock, like the Mac dock system or Windows taskbar, is designed for easy access to applications and adding or removing programs. This dock is located vertically on the left side of the window (Figure 7).

Figure 7

How to use Nmap in Kali Linux?

Nmap is one of the most important Kali Linux tools and one of its applications is vulnerability scanning. Nmap can show the services and ports that each host provides and their security vulnerabilities.

At the most basic level, Nmap can be considered as a ping tool. Typically, the first thing security professionals do when running Nmap is scanning. Nmap can handle the initial 1000 ports of the TCP protocol.

If the instrument manages to detect a port being listened to, it will show its status as open, closed, or filtered.

For example, filtered ports are more likely to have their traffic manipulated by a firewall. Users can use the above tools in the following ways:

• Scan a single address: Nmap 192.168.1.1
• Scan a host: Nmap www.testnetwork.com
• After Scan a range of IP addresses: Nmap 192.168.1.1-20
• Then try Scanning a subnet: Nmap 192.168.1.0/24
• Though Scan targets listed in a text file: Nmap -iL list-of-ipaddresses.txt

How to run an initial Nmap scan on Kali Linux?

For an initial Nmap scan of the dock menu, click on the second tab called Terminal. In the window that opens, enter the ipconfig command to display the local IP address of the Kali Linux system.

In the example above, the local IP address is 10.0.2.15. Write down the local IP address below.

In the terminal window, enter the command Nmap 10.0.2.15 to scan the first thousand local ports of the host. Since the operating system is newly installed, no port should be open.

Check the results now (Figure 8). If you want all ports to be scanned, you must use the -p- switch as Nmap 10.0.2.15 -p-. Another functionality that Nmap offers is the identification of the guest operating system.

To identify the host operating system, simply enter the host’s IP address along with the -A switch in the terminal window.

For example, the hypothetical Nmap address 10.28.2.26 -A provides a report on the host operating system (Figure 9).

Figure 8

Figure 9

What is Metasploit?

A Metasploit Framework is an open-source tool used to identify vulnerabilities. The tool helps security experts identify network threats and vulnerabilities. Users can use Nmap within Metasploit.

For example, scrolling a subnet is to first scroll down the Applications tab to see Exploitation Tools 08. Then select the Metasploit option. The open terminal window called MSF is Metasploit.

Now enter the command db_nmap -V -SV 10.0.2.15/24. Note that in the example above, you must enter your IP address instead of the IP address above. In this example, db_stands refers to the name of the database.

The -V switch indicates verbose and -SV is used to detect the service version. Figure 10 shows the output of the above tool. As mentioned above, the tool is used to identify vulnerabilities.

For example, in the terminal window of the above tool, if you use the Hosts -R command, it will add newly identified hosts to the Metasploit database. Next, you need to enter the Show exploits command to get a complete report on Metasploit.

Figure 10

last word

Kali Linux is an amazing operating system that almost every security expert should have complete information about. Due to the stability, stability, and ease of use of Kali Linux, this Linux distribution has become an effective tool for identifying vulnerabilities and collecting cues that can be cited for criminology.

However, it is important to note that Kali Linux should only be used in authorized network environments, as you must be licensed to run some of these distribution tools in enterprise environments.