Kali Linux Network Scanning Cookbook - Second Edition
By Michael Hixon and Justin Hutchens
()
About this ebook
- Learn the fundamentals behind commonly used scanning techniques
- Deploy powerful scanning tools that are integrated into the Kali Linux testing platform
- The practical recipes will help you automate menial tasks and build your own script library
This book is for information security professionals and casual security enthusiasts alike. It provides foundational principles if you’re a novice, but will also introduce scripting techniques and in-depth analysis if you’re more advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this book will help you both understand and ultimately master many of the most powerful and useful scanning techniques in the industry. It is assumed that you have some basic security testing experience.
Related to Kali Linux Network Scanning Cookbook - Second Edition
Related ebooks
Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Metasploit Bootcamp Rating: 5 out of 5 stars5/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Advanced Penetration Testing Rating: 4 out of 5 stars4/5Learning Penetration Testing with Python Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsWireshark Network Security Rating: 3 out of 5 stars3/5Building Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsKali Linux Cookbook Rating: 4 out of 5 stars4/5Mastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsPenetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Nmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Mastering Wireshark Rating: 2 out of 5 stars2/5Mastering the Nmap Scripting Engine Rating: 0 out of 5 stars0 ratingsCuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsBurp Suite Essentials Rating: 4 out of 5 stars4/5Coding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsPractical Windows Forensics Rating: 0 out of 5 stars0 ratingsLearn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratingsPenetration Testing Bootcamp Rating: 5 out of 5 stars5/5Web Penetration Testing: Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsPenetration Testing with BackBox Rating: 0 out of 5 stars0 ratingsKali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsMastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsHands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsEffective Python Penetration Testing Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratings
Reviews for Kali Linux Network Scanning Cookbook - Second Edition
0 ratings0 reviews
Book preview
Kali Linux Network Scanning Cookbook - Second Edition - Michael Hixon
Title Page
Kali Linux Network Scanning Cookbook
Second Edition
Take your penetration-testing skills to the next level
Michael Hixon
Justin Hutchens
BIRMINGHAM - MUMBAI
Copyright
Kali Linux Network Scanning Cookbook
Second Edition
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2014
Second edition: May 2017
Production reference: 1220517
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78728-790-7
www.packtpub.com
Credits
About the Authors
Michael Hixon currently works as a security consultant with a focus on penetration testing and web application security. He previously served in the United States Marine Corp, where he was an infantryman, security forces member, and counterintelligence agent. After the military, he worked as a programmer before changing his focus to IT security. He has worked for the Red Cross, Department of Defense, Department of Justice, and numerous intelligence agencies in his career. He holds a bachelor’s degree in management information systems and multiple professional information-security certifications, including Certified Information Systems Security Professional (CISSP), eLearnSecurity Web Application Penetration Tester (eWPT), Certified Ethical Hacker (CEH), and eLearnSecurity Certified Professional Penetration Tester (eCPPT). He currently runs the Baltimore chapter of the Open Web Application Security Project (OWASP).
Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force, where he worked as an intrusion-detection specialist, network-vulnerability analyst, and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He holds a bachelor's degree in information technology and multiple professional information-security certifications, including Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), eLearnSecurity Web Application Penetration Tester (eWPT), GIAC Certified Incident Handler (GCIH), Certified Network Defense Architect (CNDA), Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), and Computer Hacking Forensic Investigator (CHFI). He is also the writer and producer of Packt's e-learning video course Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing.
About the Reviewer
Ahmad Muammar WK is an IT security consultant and penetration tester. He holds Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), and elearnsecurity Mobile Application Penetration Tester (eMAPT) certifications. He is the founder of ECHO (http://echo.or.id), one of the oldest Indonesian IT security communities, and is also a founder of IDSECCONF (http://idsecconf.org), the biggest annual security conference in Indonesia. He also a reviewed Kali Linux Cookbook by Willie L. Pritchett and David De Smet, Packt Publishing, and Kali Linux Network Scanning Cookbook by Justin Hutchens, Packt Publishing.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787287904.
If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
Getting Started
Introduction
Configuring a security lab with VMware Player (Windows)
Getting ready
How to do it...
How it works...
Configuring a security lab with VMware Fusion (macOS)
Getting ready
How to do it...
How it works...
Installing Ubuntu Server
Getting ready
How to do it...
How it works...
Installing Metasploitable2
Getting ready
How to do it...
How it works...
Installing Windows Server
Getting ready
How to do it...
How it works...
Increasing the Windows attack surface
Getting ready
How to do it...
How it works...
Installing Kali Linux
Getting ready
How to do it...
How it works...
Using text editors (Vim and GNU nano)
Getting ready
How to do it...
How it works...
Keeping Kali updated
Getting ready
How to do it...
How it works...
Managing Kali services
Getting ready
How to do it...
How it works...
Configuring and using SSH
Getting ready
How to do it...
How it works...
Installing Nessus on Kali Linux
Getting ready
How to do it...
How it works...
Reconnaissance
Introduction
Using Google to find subdomains
Getting ready
How to do it...
How it works...
Finding e-mail addresses using theHarvester
Getting ready
How to do it...
How it works...
Enumerating DNS using the host command
Getting ready
How to do it...
How it works...
Enumerating DNS using DNSRecon
Getting ready
How to do it...
Standard DNS enumeration
Reverse lookups
Zone transfer
How it works...
Enumerating DNS using the dnsenum command
Getting ready
How to do it...
Default settings
Brute-force
How it works...
Discovery
Introduction
Knowing the OSI model
Using Scapy to perform host discovery (layers 2/3/4)
Getting ready
How to do it...
Layer 2 discovery - ARP
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works...
Using Nmap to perform host discovery (layers 2/3/4)
Getting ready
How to do it...
Layer 2 discovery - ARP
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works...
Using ARPing to perform host discovery (layer 2)
Getting ready
How to do it...
How it works...
Using netdiscover to perform host discovery (layer 2)
Getting ready
How to do it...
How it works...
Using Metasploit to perform host discovery (layer 2)
Getting ready
How to do it...
How it works...
Using hping3 to perform host discovery (layers 3/4)
Getting ready
How to do it...
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works...
Using ICMP to perform host discovery
Getting ready
How to do it...
How it works...
Using fping to perform host discovery
Getting ready
How to do it...
How it works...
Port Scanning
Introduction
UDP port scanning
TCP port scanning
Port scanning with Scapy (UDP, stealth, connect, and zombie)
Getting ready
How to do it...
UDP port scanning with Scapy
Stealth scanning with Scapy
Connect scanning with Scapy
Zombie scanning with Scapy
How it works...
Port scanning with Nmap (UDP, stealth, connect, zombie)
Getting ready
How to do it...
UDP scanning with Nmap
Stealth scanning with Nmap
Connect scanning with Nmap
Zombie scanning with Nmap
How it works...
Port scanning with Metasploit(UDP, stealth, and connect)
Getting ready
How to do it...
UDP scanning with Metasploit
Stealth scanning with Metasploit
Connect scanning with Metasploit
How it works...
Port scanning with hping3 (stealth)
Getting ready
How to do it...
How it works...
Port scanning with DMitry (connect)
Getting ready
How to do it...
How it works...
Port scanning with Netcat (connect)
Getting ready
How to do it...
How it works...
Port scanning with masscan (stealth)
Getting ready
How to do it...
How it works...
Fingerprinting
Introduction
Banner grabbing with Netcat
Getting ready
How to do it...
How it works...
Banner grabbing with Python sockets
Getting ready
How to do it....
How it works...
Banner grabbing with DMitry
Getting ready
How to do it...
How it works...
Banner grabbing with Nmap NSE
Getting ready
How to do it...
How it works...
Banner grabbing with Amap
Getting ready
How to do it...
How it works...
Service identification with Nmap
Getting ready
How to do it...
How it works...
Service identification with Amap
Getting ready
How to do it...
How it works...
Operating system identification with Scapy
Getting ready
How to do it...
How it works...
Operating system identification with Nmap
Getting ready
How to do it...
How it works...
Operating system identification with xprobe2
Getting ready
How to do it...
How it works...
Passive operating system identification with p0f
Getting ready
How to do it...
How it works...
SNMP analysis with Onesixtyone
Getting ready
How to do it...
How it works...
SNMP analysis with SNMPwalk
Getting ready
How to do it...
How it works...
Firewall identification with Scapy
Getting ready
How to do it...
How it works...
Firewall identification with Nmap
Getting ready
How to do it...
How it works...
Firewall identification with Metasploit
Getting ready
How to do it...
How it works...
Vulnerability Scanning
Introduction
Vulnerability scanning with the Nmap Scripting Engine
Getting ready
How to do it...
How it works...
Vulnerability scanning with MSF auxiliary modules
Getting ready
How to do it...
How it works...
Creating scan policies with Nessus
Getting ready
How to do it...
How it works...
Vulnerability scanning with Nessus
Getting ready
How to do it...
How it works...
Vulnerability scanning with OpenVAS
Getting ready
How to do it...
How it works...
Validating vulnerabilities with HTTP interaction
Getting ready
How to do it...
How it works...
Validating vulnerabilities with ICMP interaction
Getting ready
How to do it...
How it works...
Denial of Service
Introduction
Fuzz testing to identify buffer overflows
Getting ready
How to do it...
How it works...
Remote FTP service buffer-overflow DoS
Getting ready
How to do it...
How it works...
Smurf DoS attack
Getting ready
How to do it...
How it works...
DNS amplification DoS attacks
Getting ready
How to do it...
How it works...
SNMP amplification DoS attack
Getting ready
How to do it...
How it works...
SYN flood DoS attack
Getting ready
How to do it...
How it works...
Sock stress DoS attack
Getting ready
How to do it...
How it works...
DoS attacks with Nmap NSE
Getting ready
How to do it...
How it works...
DoS attacks with Metasploit
Getting ready
How to do it...
How it works...
DoS attacks with the exploit database
Getting ready
How to do it...
How it works...
Working with Burp Suite
Introduction
Configuring Burp Suite on Kali Linux
Getting ready
How to do it...
How it works...
Defining a web application target with Burp Suite
Getting ready
How to do it...
How it works...
Using Burp Suite Spider
Getting ready
How to do it...
How it works...
Using Burp Suite Proxy
Getting ready
How to do it...
How it works...
Using Burp Suite engagement tools
Getting ready
How to do it...
How it works...
Using the Burp Suite web application scanner
Getting ready
How to do it...
How it works...
Using Burp Suite Intruder
Getting ready
How to do it...
How it works...
Using Burp Suite Comparer
Getting ready
How to do it...
How it works...
Using Burp Suite Repeater
Getting ready
How to do it...
How it works...
Using Burp Suite Decoder
Getting ready
How to do it...
How it works...
Using Burp Suite Sequencer
Getting ready
How to do it...
How it works...
Using Burp Suite Extender
Getting ready
How to do it...
How it works...
Using Burp Suite Clickbandit
Getting ready
How to do it...
How it works...
Web Application Scanning
Introduction
Web application scanning with Nikto
Getting ready
How to do it...
How it works...
SSL/TLS scanning with SSLScan
Getting ready
How to do it...
How it works...
SSL/TLS scanning with SSLyze
Getting ready
How to do it...
How it works...
GET method SQL injection with sqlmap
Getting ready
How to do it...
How it works...
POST method SQL injection with sqlmap
Getting ready
How to do it...
How it works...
Requesting a capture SQL injection with sqlmap
Getting ready
How to do it...
How it works...
Automating CSRF testing
Getting ready
How to do it...
How it works...
Validating command-injection vulnerabilities with HTTP traffic
Getting ready
How to do it...
How it works...
Validating command-injection vulnerabilities with ICMP traffic
Getting ready
How to do it...
How it works...
Attacking the Browser with BeEF
Hooking the browser withBeEF
Getting ready
How to do it...
How it works...
Collecting information with BeEF
Getting ready
How to do it...
How it works...
Creating a persistent connection with BeEF
Getting ready
How to do it...
How it works...
Integrating BeEF and Metasploit
Getting ready
How to do it...
How it works...
Using the BeEF autorule engine
Getting ready
How to do it...
How it works...
Working with Sparta
Information gathering with Sparta
Getting ready
How to do it...
How it works...
Creating custom commands for Sparta
Getting ready
How to do it...
How it works...
Port scanning with Sparta
Getting ready
How to do it...
How it works...
Fingerprinting with Sparta
Getting ready
How to do it...
How it works...
Vulnerability scanning with Sparta
Getting ready
How to do it...
How it works...
Web application scanning with Sparta
Getting ready
How to do it...
How it works...
Automating Kali Tools
Introduction
Nmap greppable output analysis
Getting ready
How to do it...
How it works...
Port scanning with NMAP NSE execution
Getting ready
How to do it...
How it works...
Automate vulnerability scanning with NSE
Getting ready
How to do it...
How it works...
Automate web application scanning with Nikto
Getting ready
How to do it...
How it works...
Multithreaded MSF exploitation with reverse shell payload
Getting ready
How to do it...
How it works...
Multithreaded MSF exploitation with backdoor executable
Getting ready
How to do it...
How it works...
Multithreaded MSF exploitation with ICMP verification
Getting ready
How to do it...
How it works...
Multithreaded MSF exploitation with admin account creation
Getting ready
How to do it...
How it works...
Preface
For better or for worse, we now live in a world where hacking is the norm. It's in our daily news stories, entertainment, governments, businesses, and homes. While it has become more and more prevalent, it has also become easier. A great deal of attacks take very little technical knowledge as scripts can be found and used by even a novice. For the technically savvy hacker, the stakes are very high as more and more systems can be compromised for financial or political gain.
In a world where hacking has become so easy that a child could do it, it is absolutely essential that organizations verify their own level of protection by having their networks tested using the same tools that cybercriminals use against them. However, the basic usage of these tools is not sufficient knowledge to be an effective information-security professional. It is absolutely critical that information-security professionals understand the techniques that are being employed by these tools and why these techniques are able to exploit various vulnerabilities in a network or system. A knowledge of the basic underlying principles that explain how these common attack tools work enables one to effectively use them, but more importantly, it also contributes to one's ability to effectively identify such attacks and defend against them.
The intention of this book is to enumerate and explain the use of common attack tools that are available on the Kali Linux platform, but more importantly, this book also aims to address the underlying principles that define why these tools work. In addition to addressing the highly functional tools integrated into Kali Linux, we will also create a large number of Python and Bash scripts that can be used to perform similar functions and/or to streamline existing tools.
Ultimately, the intention of this book is to help forge stronger security professionals through a better understanding of their adversary.
What this book covers
Chapter 1, Getting Started, explains the configuration of a security lab and then the installation and configuration of Kali Linux and other security tools.
Chapter 2, Reconnaissance, explains how to collect information on your target using passive information-gathering techniques. Collecting subdomains, e-mail addresses, and DNS enumeration are covered in depth.
Chapter 3, Discovery, explains gathering domain information on our target and identifying hosts on a given network segment.
Chapter 4, Port Scanning, covers multiple tools and methods for finding open ports on one or more hosts.
Chapter 5, Fingerprinting, explains identifying the services and versions associated with them once having identified open ports on our target(s).
Chapter 6, Vulnerability Scanning, discusses ways to identify vulnerabilities based on the services and versions found in the previous chapter.
Chapter 7, Denial of Service, covers how to execute several types of DoS attack.
Chapter 8, Working with Burp Suite, covers Burp Suite and how to use the many tools it comes bundled with.
Chapter 9, Web Application Scanning, covers a number of tools and techniques for testing web applications.
Chapter 10, Attacking the Browser with BeEF, covers the Browser Exploitation Framework (BeEF), including configuration, hooking a browser, and a number of exploits.
Chapter 11, Working with Sparta, looks at how to configure and modify Sparta. We also cover how to take full advantage of the tool to collect and organize your information gathering.
Chapter 12, Automating Kali Tools, demonstrates automating a number of Kali tools to both collect information and exploit targets.
What you need for this book
In order to perform the examples provided in this book, you will need the following:
Vmware Workstation Player 12 (or newer) or Vmware Fusion 8.5 (or newer)
PuTTY 6.9 (for Windows users needing SSH)
Nessus 5.2.6
Kali Linux 2016.2
Ubuntu 64-bit 16.x
Metasploitable2
Wndows XP SP2
Who this book is for
This book is for information-security professionals and casual security enthusiasts alike. It provides foundational principles if you're a novice but will also introduce scripting techniques and in-depth analysis if you're more advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this book will help you both understand and ultimately master many of the most powerful and useful scanning techniques in the industry. It is assumed that you have some basic security-testing experience.
Sections
In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).
To give clear instructions on how to complete a recipe, we use these sections as follows:
Getting ready
This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.
How to do it…
This section contains the steps required to follow the recipe.
How it works…
This section usually consists of a detailed explanation of what happened in the previous section.
There's more…
This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.
See also
This section provides helpful links to other useful information for the recipe.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: Enumerating DNS using the host command.
A block of code is set as follows:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: On this page, scroll down to the VMware Workstation Player link and click on Download.
Warnings or important notes appear in a box like this.
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors .
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
You can download the code files by following these steps:
Log in or register to our website using your e-mail address and password.
Hover the mouse pointer on the SUPPORT tab at the top.
Click on Code Downloads & Errata.
Enter the name of the book in the Search box.
Select the book for which you're looking to download the code files.
Choose from the drop-down menu where you purchased this book from.
Click on Code Download.
You can also download the code files by clicking on the Code Files button on the book's webpage at the Packt Publishing website. This page can be accessed by entering the book's name in the Search box. Please note that you need to be logged in to your Packt account.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
WinRAR / 7-Zip for Windows
Zipeg / iZip / UnRarX for Mac
7-Zip / PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Kali-Linux-Network-Scanning-Cookbook-Second-Edition. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/KaliLinuxNetworkScanningCookbookSecondEdition_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at copyright@packtpub.com with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at questions@packtpub.com, and we will do our best to address the problem.
Getting Started
The following recipes will be covered in this chapter:
Configuring a security lab with VMware Player (Windows)
Configuring a security lab with VMware Fusion (macOS)
Installing Ubuntu Server
Installing Metasploitable2
Installing Windows Server
Increasing the Windows attack surface
Installing Kali Linux
Using text editors (Vim and GNU nano)
Keeping Kali updated
Managing Kali services
Configuring and using SSH
Installing Nessus on Kali Linux
Introduction
This first chapter covers the basics of setting up and configuring a virtual security lab, which can be used to practice most of the scenarios and exercises addressed throughout this book. Topics addressed in this chapter include the installation of the virtualization software, the installation of various systems in the virtual environment, and the configuration of some of the tools that will be used in the exercises.
Configuring a security lab with VMware Player (Windows)
You can run a virtual security lab on a Windows PC with relatively few available resources by installing VMware Player on your Windows workstation. You can get VMware Player for free or get the more functional alternative, VMware Player Plus, for a low cost.
Getting ready
To download and install VMware Player on the Windows system, follow these steps:
To install VMware Player on your Windows workstation, you will first need to download the software. The download for the free version of VMware Workstation Player can be found at https://my.vmware.com/web/vmware/free.
On this page, scroll down to the VMware Workstation Player link and click on Download.
On page that opens up, select the Windows 64-bit installation package and then click on Download.
There are installation packages available for Linux 64-bit systems as well.
How to do it...
Follow these steps to setup the virtual environment:
Once the software package has been downloaded, you should find it in your default download directory. Double-click on the executable file in this directory to start the installation process. Once started, it is as easy as following the on-screen instructions to complete the installation.
After the installation is complete, you should be able to start VMware Player using the desktop icon, the quick launch icon, or from All Programs. Once it's loaded, you will see the virtual machine library. This library will not yet contain any virtual machines, but they will be populated as you create them in the left-hand side of the screen, as shown in the following screenshot:
Once you have opened VMware Workstation Player, you can select Create a New Virtual Machine to get started. This will initialize a very easy-to-use virtual machine installation wizard:
The first task you need to perform in the installation wizard is to define the installation media. You can choose to install it directly from your host machine's optical drive, or you can use an ISO image file. ISOs will be used for most of the installations discussed in this section, and the place you can get them from will be mentioned in each specific recipe.
For now, we will assume that we browsed to an existing ISO file and clicked on Next. VMware Workstation Player will attempt to determine the operating system of the ISO file you selected. In some cases, it cannot and will ask you what operating system you are installing. In this example, we will choose Debian 8.x and click on Next:
You then need to assign a name for the virtual machine. The virtual machine name is merely an arbitrary value that serves as a label to identify and distinguish it from other VMs in your library. Since a security lab is often classified by a diversity of operating systems, it can be useful to indicate the operating system as part of the virtual machine's name:
The next screen requests a value for the maximum size of the installation. The virtual machine will only consume hard drive space as required, but it will not exceed the value specified here.You should be aware of the minimum required disk space for your operating system and budget appropriately. Additionally, you can also define whether the virtual machine will be contained within a single file or spread across multiple files, as seen in the following screenshot: