If you search around for vulnerability scanning tools – and particularly free ones – you will stumble across a lot of sites with best products lists and short reviews. You will see stuff that’s free – but with some pretty serious limitations.

After going through many of these sites, a few things start to bubble up – OpenVAS for vulnerability assessment, Metasploit for penetration testing…

… and then, if you’re really lucky, you stumble on to Kali Linux.

Kali is not a single tool like all the others. It’s a curated set of the best open source tools

Kali evolved from BackTrack Linux. It’s a full Linux distribution that includes best-of-breed free/open source security tools. It’s all there, configured, updated, and like any good Linux distribution, it has all the pointers and tools to keep all the products up to date. It includes the quality tools we mentioned earlier (Metasploit, OpenVAS) and many more.

If you want a good overview of all the tools Kali offers, check out this article.

Best of all, there’s a growing number of quality tutorials and videos to train you on getting the product up and running and running tests.

Along the way, you will find a lot of references to another product – Metasploitable. This is a virtual machine that has been pre-configured with a ton of vulnerabilities to test against!

Finally, as you keep reading, you will find that you can install Kali and Metasploitable as virtual machines under VirtualBox to run one against the other. A laptop with enough CPU power, memory and disk can run both!

Start with introductions to the topic

Overview of penetration testing

• Good overview of the types of tools and work required for pen testing, and then follows up with an overview of paid and free vulnerability scanner tools that you can ignore. You’ve already found Kali.

• Don’t buy this book – it’s online for free and not that good. Kali.org’s Introduction to Kali Revealed is really just in intro to Kali installation and Linux administration for it. If you have some proficiency with Linux, you may be better of skipping it – except for Section 11 – Intro to Security Assessments

With these two quick intros, you’ll have an idea of the scope of what you’re about to take on.

Great resources for learning

Free Video Courses and Tutorials

• Udemy: Starting Kali Linux, Ethical Hacking and Penetration Testing – Over 4 hours of on-demand video (enrolment required)
• Youtube: A well reviewed 1 hour 40 minute video – “An introduction to Penetration Testing using Kali Linux“

A more detailed overview and a great cheat sheet – and some needed focus

A problem with Kali: with its goal on being comprehensive, it has way too many tools, many of which are duplicative. We lost count of how many of them are simply front-ends and logging tools for nmap – which is also included. It can sound impressive to talk about the many different scanning tools you’ve used – until you encounter someone who knows their stuff and recognises that you’ve just used 10 different versions of nmap.

The folks at comparitech.com have put together more than a cheat sheet. In addition to listing and categorising all of the tools, they give a pretty decent overview of 20 of the top tools. I give them credit for including nmap in the list and not one of the many nmap front-ends. They provide hyperlinks to the home page for each of the top-20 tools in the summary list and in each tool’s overview heading Nice. On the surface, the list looks duplicative, with 3 separate password scanners. Read they summary and you’ll understand that each one uses different attack vectors and methods.

Installing the software – go for the Virtual Box VM

The faster you go hands-on, the better.

We found it a lot easier to load Kali as a VM under Virtual Box.

Tutorial Point has this excellent excellent tutorial called Kali Linux Installation and Configuration in Virtual Box – and it goes right to installation of Metasploitable in another VM for testing!

Warning: if you want to take it easier on yourself, make sure you are connecting the VMs though Ethernet and not wireless. Getting wireless going in the Kali system appears to be challenging. Due to time constraints (we were lazy and in a hurry), we went the Ethernet route…

… but that can also be difficult.

If you have a bunch of spare hardware available and potentially some patience and Linux skills, follow the instructions in the Intro to Kali Revealed above to install Kali directly on hardware. But beware. We tried to install it on some older laptops, and it was extremely fussy about Ethernet adapters. Unlike every other Linux distribution we’ve used, it wasn’t finding the adapter included on our hardware. It wanted us to find and load the driver, with no info on how to do it. This is a laptop that was already running Ubuntu 18. The Linux underlying Kali appears to have been stripped down a bit too much.

The Tutorial Point then goes on give you a quick intro to each of the tools. Phenomenal.

Virtualbox installation? Change the password!

If you use the Virtual Box VM, Kali is installed with a default password.

This page gives you everything you need to know about changing and managing the password – and running privileged commands.

Test locations and setting up your IP address

There are are multiple possible points for testing:

• Completely outside of your network, high-speed modem and firewall(s).
• In a DMZ between your modem and your firewall. Most decent DSL, fibre or cable modems and simple routers from communication providers have port forwarding or mapping capabilities to control what can be accessed. While these are normal firewall functions, you can’t compare them to a good quality commercial or open source firewall. Test the firewall directly from that DMZ
• Inside you firewall(s). This is where you’ll be running password tests and other vulnerability scans directly on your internal systems – because you can’t always count on your firewall. And you have those pesky humans working for you who can bring things in.

For external and DMZ testing, you can use any old IP address – and that means DHCP allocation is OK. For internal networks, you’re best to use a fixed IP address allocation for a couple of reasons.

1. If your network is really secure, maybe it shouldn’t have DHCP allocation. Any device being hooked up should get a pre-allocated IP address. You don’t want new devices coming in willy-nilly.
2. Your network people may need to know. If they’re on the ball and have good detection mechanisms, they may detect some of your traffic and go nuts. Assigning an IP to you in advance can turn off the heat. On the other hand, if you’re testing them as well… you get an address however you can.

Changing the IP address – it might be a problem

If you search on how to change the IP address in Kali, you’re going to get a lot of bad information. Kali seems to have evolved, and what worked in an earlier version won’t work in the latest version. They seem to have tightened up security so that sudo is required – which also means that the GUI methods no longer work.

Kali is built on Debian Linux ( you can check if this is still the case by running uname -a. Search on changing the IP address in Debian, and in recent versions, you’ll be pointed to the nmtui command … which you’ll need to run as sudo nmtui

This page has a good overview, but forgets the sudo part.

Updating Kali

There may be updates to since the VM was created, or you may simply be using a release you installed a while back.

The quick answer: sudo apt dist-upgrade

The detailed answer with lots of options: click here

Adding Remote Access

VNC to the virtual machine

For full console access, use VNC to remote access the Virtualbox window.

Adding ssh access

An ssh terminal window and other ssh utilities can be incredibly useful – and can make life easier since, despite the fancy GUI, many of the commands are simply run in a terminal window. It’s also useful for pulling logs of the command runs so you can keep them for audit and verification purposes.

By default, the kali VM does not include the ssh daemon. This is useful if you want to access the system remotely and easily cut and past some of the text output – all stuff that’s useful and easier than when operating a remote console like VNC.

This page tells you how to add ssh – and goes into more depth into how and why you should change the default ssh keys. Like other pages we reference, you may need to throw a sudo in front of the commands.

If sshd is not running after a Kali restart, kick it off with sudo service ssh start

Other Stuff

snyk: 100 free tests for container vulnerabilities –

15 minute video introducing OpenVAS

Ubuntu nmap map page – or here

Nmap.org’s excellent page on port scanning basics and results (open/closed/filtered/etc) and on udp scans

Faraday:

• Intro to concepts and starting – faraday wiki
• Faraday in Kali Linux

PFSense Stuff

Snort Intrusion Detection add-on

University classes

Berkely CS261: Security in Computer Systems and all of David Wagner’s classes