🤖 AI Prompts Cheatsheet
Daniel Osei — AI-Assisted Security Engineer
What is Kali Linux?
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It includes numerous tools for various information security tasks, including penetration testing, security research, computer forensics, and reverse engineering.
Installation
Kali Linux can be installed as a primary OS or run in a virtualized environment. You can download it from the official website and follow the installation instructions provided there. For virtual machines, you can use tools like VMware or VirtualBox.
Basic Syntax
Most tools in Kali use a command line interface. The general syntax looks like this:
COMMAND[options]
Discovery
Nmap
Nmap is one of the most powerful tools for network discovery and security auditing.
nmap -sS
TCP SYN scan, stealth scan.
nmap -sV
Service version detection.
Scanning
Nikto
For web server scanning, Nikto is a fantastic choice.
nikto -h
Scan a web server for vulnerabilities.
Exploitation
Metasploit
The Metasploit Framework is a penetration testing framework that makes discovering, exploiting, and sharing vulnerabilities easier.
msfconsole
Start the Metasploit console.
Analysis
Wireshark
Wireshark is a network protocol analyzer that gives the ability to capture and interactively browse the traffic running on a computer network.
wireshark
Start Wireshark.
Evasion
Burp Suite
Used mainly for testing web application security, Burp Suite can be crucial for evasion techniques.
burpsuite
Reporting
Dradis
Dradis is a reporting tool that helps in consolidating information gathered from various tests.
dradis
Start Dradis for collaborative reporting.
Quick Reference Table
| Tool | Use Case |
|---|---|
| Nmap | Network discovery and scanning |
| Nikto | Web server vulnerabilities |
| Metasploit | Exploitation |
| Wireshark | Traffic analysis |
| Burp Suite | Web application testing |
| Dradis | Reporting |
Pro Tips
- Use
nmap -p-to enumerate all ports on a target. - Utilize Firefox with a proxy in Burp Suite for effective web application testing.
- Regularly update tools in Kali, as vulnerability databases are continuously evolving.
Real-World Examples
Using Nmap to perform a stealth SYN scan against a target: nmap -sS 192.168.1.1. This command will help avoid logging on the target machine.
In Burp Suite, intercepting a request is as simple as setting your browser’s proxy settings to 127.0.0.1:8080.