Vulneratility and Penetration Testing Tools

If you search around for vulnerability scanning tools – and particularly free ones – you will stumble across a lot of sites with best products lists and short reviews. You will see stuff that’s free – but with some pretty serious limitations.

After going through many of these sites, a few things start to bubble up – OpenVAS for vulnerability assessment, Metasploit for penetration testing…

… and then, if you’re really lucky, you stumble on to Kali Linux.

Kali is not a single tool like all the others. It’s a curated set of the best open source tools

Kali evolved from BackTrack Linux. It’s a full Linux distribution that includes best-of-breed free/open source security tools. It’s all there, configured, updated, and like any good Linux distribution, it has all the pointers and tools to keep all the products up to date. It includes the quality tools we mentioned earlier (Metasploit, OpenVAS) and many more.

If you want a good overview of all the tools Kali offers, check out this article.

Best of all, there’s a growing number of quality tutorials and videos to train you on getting the product up and running and running tests.

Along the way, you will find a lot of references to another product – Metasploitable. This is a virtual machine that has been pre-configured with a ton of vulnerabilities to test against!

Finally, as you keep reading, you will find that you can install Kali and Metasploitable as virtual machines under VirtualBox to run one against the other. Even laptop with enough CPU power, memory and disk can run both!

Start with introductions to the topic

With these two quick intros, you’ll have an idea of the scope of what you’re about to take on.

Installing the software

The faster you go hands-on, the better.

We found it a lot easier to load Kali as a VM under Virtual Box.

Tutorial Point has this excellent excellent tutorial called Kali Linux Installation and Configuration in Virtual Box – and it goes right to installation of Metasploitable in another VM for testing!

Warning: if you want to take it easier on yourself, make sure you are connecting the VMs though Ethernet and not wireless. Getting wireless going in the Kali system appears to be challenging. Due to time constraints (we were lazy and in a hurry), we went the Ethernet route.

If you have a bunch of spare hardware available and potentially some patience and Linux skills, follow the instructions in the Intro to Kali Revealed above to install Kali directly on hardware. But beware. We tried to install it on some older laptops, and it was extremely fussy about Ethernet adapters. Unlike every other Linux distribution we’ve used, it wasn’t finding the adapter included on our hardware. It wanted us to find and load the drive, with no info on how to do it. This is a laptop that was already running Ubuntu 18. The Linux underlying Kali appears to have been stripped down a bit too much.

The Tutorial Point then goes on give you a quick intro to each of the tools. Phenomenal.

If you want to warm up with some videos first

Free Video Courses and Tutorials

Other Stuff

snyk: 100 free tests for container vulnerabilities

15 minute video introducing OpenVAS

Ubuntu nmap map page – or here

Nmap.org’s excellent page on port scanning basics and results (open/closed/filtered/etc) and on udp scans

Faraday:

PFSense Stuff

Snort Intrusion Detection add-on

University classes

Berkely CS261: Security in Computer Systems and all of David Wagner’s classes

YLab

Located inside the Richmond Hill David Dunlap Observatory
123 Hillsview Dr, Richmond Hill, ON L4C 1T3
© YLab Inc. All rights reserved.