SlideShare a Scribd company logo

Linux/Unix Night - (PEN) Testing Toolkits (English)

Download as PPTX, PDF
Jelmer de Reus, profile picture
Jelmer de Reus

The document compares the penetration testing toolkits BackBox Linux and Kali Linux. It discusses that these toolkits are used for enumeration, vulnerability scanning, penetration testing including wireless cracking, social engineering, and forensics. It provides an overview of the properties of each distro, including their menu structures and documentation. BackBox is based on Ubuntu while Kali uses a custom GNOME interface. The document demonstrates some of the tools and recommends using databases in Metasploit and focusing on tools with active communities.

Technology
1 of 25
Downloaded 133 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
(PEN) TESTING TOOLKITS: BACKBOX & KALI LINUX JELMER DE REUS 2014/01/07 LINUX/UNIX Night @msterdam
Overview  What are testing toolkits used for  What you can do with off-the-shelf distro’s  Comparing BackBox and Kali Linux  Considerations
What are testing toolkits used for?  Enumeration Open ports  Firewall/IDS testing  Topology mapping  Software version indexing  Vulnerability scan  Penetration testing  Social Engineering  Forensics 
What are testing toolkits used for? Enumeration  Vulnerability scan  Finding software editions & leaks  Finding bad configurations  Faster insight than a whitebox scan  Penetration testing  Social Engineering  Forensics 
What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit  WIFI cracking  Social Engineering  Forensics 
What are testing toolkits used for?  Enumeration  Vulnerability scan  Penetration testing (incl. WIFI cracking)  Social Engineering  E.g. emailing with hidden links in iFrames to get malicious software on your target  Inject malicious software in ‘regular’ software and spread it
What are testing toolkits used for?  Social Engineer Toolkit  Web attack
What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Social Engineering  WIFI cracking  Cracking wireless keys  Redirecting/tapping WIFI users  Social engineering (e.g. redirect to a fake website, collect pw)  Exploiting browsers 
What are testing toolkits used for? There can be also different use cases like  Network  Firewall troubleshooting handling for fragmented packets  Stress testing networks and servers  DoS defense testing
BackBox Linux in short Properties  Ubuntu user experience  Many functions through the start menu  Not extensively documented  However it’s just Ubuntu  Non-root user  Smaller selection of tools  Sorted by technology  Updates of tools are integrated and easy
Kali Linux in short Properties  Custom Gnome2  ARM support (for your Pi)  Extensive documentation  Videos and books  Root user  Extensive collection of tools  Sorted  Arduino by activity IDE
Differences in menu structure
Differences in menu structure
BackBox Linux documentation  Forum  Technical questions  Tooling requests  Howto’s  Blog articles (links at the end)
BackBox Linux Tutorials on sinflood.net
Kali Linux documentation  Extensive documentation  Securitytube  Youtube (links at the end)
Kali Linux Books & Tutorials  Packt Publishing (5x)  Securitytube
DEMO – GUI overview  BackBox Linux  Kali Linux
Tooling What is it really about when choosing either?  Installed and available tools (very personal)  Keeping track of various types of updates, e.g.  Metasploit Framework  OpenVAS signatures  Documentation and personal knowledge  Platform support (e.g. ARM)
Tooling - advice Penetration Testing Execution Standard  PTES Technical Guidelines  Structured index of available tools andn technologies Tools with an active community are more reliable on the long term.
Tooling – some favorites Useful  Fragtest  Hping3  MSF Auxiliary scanners Very dangerous  Social engineer toolkit  Sslsniff/sslstrip (this says more about SSL/TLS)
Tip: use databases in Metasploit
Tip: use databases in Metasploit
DEMO – tooling overview
Thanks for your time! More info:  Kali Linux    BackBox Linux    Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/ Penetration Testing Execution Standard   Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/ http://www.penteststandard.org/index.php/PTES_Technical_Guidelines Metasploit Unleashed  http://www.offensive-security.com/metasploit-unleashed/Main_Page

More Related Content

PPTX
Kali Linux
Chanchal Dabriya
 
PPTX
Kali Linux - Falconer - ISS 2014
TGodfrey
 
PDF
Tools kali
ketban0702
 
PPTX
Kali linux
Harsh Gor
 
PPTX
Kali presentation
Zain Ul abadin
 
PPTX
Kali Linux - Falconer
Tony Godfrey
 
PPTX
kali linux.pptx
anumeha bhatnagar
 
PPTX
Kali Linux
Sumit Singh
 
Kali Linux
Chanchal Dabriya
 
Kali Linux - Falconer - ISS 2014
TGodfrey
 
Tools kali
ketban0702
 
Kali linux
Harsh Gor
 
Kali presentation
Zain Ul abadin
 
Kali Linux - Falconer
Tony Godfrey
 
kali linux.pptx
anumeha bhatnagar
 
Kali Linux
Sumit Singh
 

What's hot (18)

PDF
penetration test using Kali linux ppt
AbhayNaik8
 
PPTX
Kali linux summarised
Sanchit Srivastava
 
PDF
penetration test using Kali linux seminar report
AbhayNaik8
 
PPTX
Shamsa altayer 10bg kali linux
shamsaot
 
PPTX
Kali linux
AadhithyanPandian
 
ODP
Kali linux and some features [view in Full screen mode]
abdou Bahassou
 
PDF
(03 2013) guide to kali linux
julius77
 
PPTX
Kali linux
futaimbinlahej
 
PPTX
kali linux
Darshan Dalwadi
 
PPTX
kali linux Presentaion
Dev Gandhi
 
PPTX
kali linux
Avinash Hanwate
 
PPTX
Kali linux
abdulla78
 
PPTX
Kali Linux - CleveSec 2015
TGodfrey
 
PPTX
Kali Linux
Shubham Agrawal
 
PPTX
Kalilinux
almuhairi2000
 
PDF
BASIC OVERVIEW OF KALI LINUX
Deborah Akuoko
 
PPTX
Kali linux
afraalfalasii
 
PDF
Web Application Security Testing: Kali Linux Is the Way to Go
Gene Gotimer
 
penetration test using Kali linux ppt
AbhayNaik8
 
Kali linux summarised
Sanchit Srivastava
 
penetration test using Kali linux seminar report
AbhayNaik8
 
Shamsa altayer 10bg kali linux
shamsaot
 
Kali linux
AadhithyanPandian
 
Kali linux and some features [view in Full screen mode]
abdou Bahassou
 
(03 2013) guide to kali linux
julius77
 
Kali linux
futaimbinlahej
 
kali linux
Darshan Dalwadi
 
kali linux Presentaion
Dev Gandhi
 
kali linux
Avinash Hanwate
 
Kali linux
abdulla78
 
Kali Linux - CleveSec 2015
TGodfrey
 
Kali Linux
Shubham Agrawal
 
Kalilinux
almuhairi2000
 
BASIC OVERVIEW OF KALI LINUX
Deborah Akuoko
 
Kali linux
afraalfalasii
 
Web Application Security Testing: Kali Linux Is the Way to Go
Gene Gotimer
 
Ad

Viewers also liked (20)

PPTX
linux backbox
1
 
PDF
toolkit_spread_A4
Ulla Malecki
 
PDF
The Javascript Toolkit 2.0
Marcos Vinícius
 
PDF
Toolkits Overview for IBM Streams V4.2
lisanl
 
PDF
IBM ODM Rules Compiler support in IBM Streams V4.2.
lisanl
 
PDF
Service frameworks and toolkits: Making design artefacts actionable
Karina Smith
 
PPTX
Working on the event budget and timeline
Mervyn Maico Aldana
 
PDF
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Jack Morton Worldwide
 
PDF
Investing in local communities by sharing the power of design
frog
 
PPTX
Prophets presents "Facebook Timeline for brands essential training"
Prophets Agency
 
PDF
Design Toolkit Analysis
Lou Fink
 
PDF
A tutorial showing you how to crack wifi passwords using kali linux!
edwardo
 
PDF
Future Proof Design and the Platform Design Canvas
Simone Cicero
 
PDF
The Platform Design Toolkit v 0.1
Simone Cicero
 
PDF
Timeline roadmap product graphs powerpoint ppt templates.
SlideTeam.net
 
PPTX
Visual CV - based on a timeline
Peter King
 
PDF
Download editable road map power point slides and road map powerpoint templates
SlideTeam.net
 
PDF
EINTROEVM - Contingency planning
Mervyn Maico Aldana
 
PPT
Brand Strategy Toolkit
mails2yamini
 
PDF
The True Timeline Behind The People vs. O.J. Simpson
Instant Checkmate
 
linux backbox
1
 
toolkit_spread_A4
Ulla Malecki
 
The Javascript Toolkit 2.0
Marcos Vinícius
 
Toolkits Overview for IBM Streams V4.2
lisanl
 
IBM ODM Rules Compiler support in IBM Streams V4.2.
lisanl
 
Service frameworks and toolkits: Making design artefacts actionable
Karina Smith
 
Working on the event budget and timeline
Mervyn Maico Aldana
 
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Jack Morton Worldwide
 
Investing in local communities by sharing the power of design
frog
 
Prophets presents "Facebook Timeline for brands essential training"
Prophets Agency
 
Design Toolkit Analysis
Lou Fink
 
A tutorial showing you how to crack wifi passwords using kali linux!
edwardo
 
Future Proof Design and the Platform Design Canvas
Simone Cicero
 
The Platform Design Toolkit v 0.1
Simone Cicero
 
Timeline roadmap product graphs powerpoint ppt templates.
SlideTeam.net
 
Visual CV - based on a timeline
Peter King
 
Download editable road map power point slides and road map powerpoint templates
SlideTeam.net
 
EINTROEVM - Contingency planning
Mervyn Maico Aldana
 
Brand Strategy Toolkit
mails2yamini
 
The True Timeline Behind The People vs. O.J. Simpson
Instant Checkmate
 
Ad

Similar to Linux/Unix Night - (PEN) Testing Toolkits (English) (20)

PDF
Operating system
KartikeyBanjara1
 
PPTX
Kalilinux
haha loser
 
PPTX
Kali Linux
Sumit Singh
 
DOCX
Operating project
ISMAT CH
 
PPTX
Kali linux.ppt
Ahmedalhassar1
 
PPTX
Kali linux
MaryamAlR
 
PPTX
kalilinux.pptxfgfgfdgfdgfdgfdgfdfgfgfgfgfg
zmulani8
 
PDF
CRYPTOGRAPHY AND CYBER SECURITY LAB EXPERIMENTS
premalatha653332
 
PPTX
Kali Linux-Operating System Presentation.pptx
SumaiyaSinja1
 
DOCX
kali linix
Mirza Baig
 
PPTX
technical-presentation-kali-linux.pptx
jayanthansabalingam
 
PPTX
Web Security Jumpstart
Satria Ady Pradana
 
PPTX
Web Security Workshop : A Jumpstart
Satria Ady Pradana
 
PPTX
technical-presentation-kali-linux.pptx hakkında
NuhAzgnolu1
 
PDF
0764-kali-linux.pdf
T17Rockstar
 
DOCX
Backtrack Manual Part2
Nutan Kumar Panda
 
PPTX
Intro to Kali Linux -.pptx
KojaSb
 
PDF
Embedded Linux on ARM
Emertxe Information Technologies Pvt Ltd
 
PPTX
Kali linux
Fa6ma_
 
PDF
Embedded Operating System - Linux
Emertxe Information Technologies Pvt Ltd
 
Operating system
KartikeyBanjara1
 
Kalilinux
haha loser
 
Kali Linux
Sumit Singh
 
Operating project
ISMAT CH
 
Kali linux.ppt
Ahmedalhassar1
 
Kali linux
MaryamAlR
 
kalilinux.pptxfgfgfdgfdgfdgfdgfdfgfgfgfgfg
zmulani8
 
CRYPTOGRAPHY AND CYBER SECURITY LAB EXPERIMENTS
premalatha653332
 
Kali Linux-Operating System Presentation.pptx
SumaiyaSinja1
 
kali linix
Mirza Baig
 
technical-presentation-kali-linux.pptx
jayanthansabalingam
 
Web Security Jumpstart
Satria Ady Pradana
 
Web Security Workshop : A Jumpstart
Satria Ady Pradana
 
technical-presentation-kali-linux.pptx hakkında
NuhAzgnolu1
 
0764-kali-linux.pdf
T17Rockstar
 
Backtrack Manual Part2
Nutan Kumar Panda
 
Intro to Kali Linux -.pptx
KojaSb
 
Embedded Linux on ARM
Emertxe Information Technologies Pvt Ltd
 
Kali linux
Fa6ma_
 
Embedded Operating System - Linux
Emertxe Information Technologies Pvt Ltd
 

Recently uploaded (20)

PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Teaching material agriculture food technology
LiaRayya
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KodekX | Application Modernization Development
KodekX
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 

Linux/Unix Night - (PEN) Testing Toolkits (English)

  • 1. (PEN) TESTING TOOLKITS: BACKBOX & KALI LINUX JELMER DE REUS 2014/01/07 LINUX/UNIX Night @msterdam
  • 2. Overview  What are testing toolkits used for  What you can do with off-the-shelf distro’s  Comparing BackBox and Kali Linux  Considerations
  • 3. What are testing toolkits used for?  Enumeration Open ports  Firewall/IDS testing  Topology mapping  Software version indexing  Vulnerability scan  Penetration testing  Social Engineering  Forensics 
  • 4. What are testing toolkits used for? Enumeration  Vulnerability scan  Finding software editions & leaks  Finding bad configurations  Faster insight than a whitebox scan  Penetration testing  Social Engineering  Forensics 
  • 5. What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit  WIFI cracking  Social Engineering  Forensics 
  • 6. What are testing toolkits used for?  Enumeration  Vulnerability scan  Penetration testing (incl. WIFI cracking)  Social Engineering  E.g. emailing with hidden links in iFrames to get malicious software on your target  Inject malicious software in ‘regular’ software and spread it
  • 7. What are testing toolkits used for?  Social Engineer Toolkit  Web attack
  • 8. What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Social Engineering  WIFI cracking  Cracking wireless keys  Redirecting/tapping WIFI users  Social engineering (e.g. redirect to a fake website, collect pw)  Exploiting browsers 
  • 9. What are testing toolkits used for? There can be also different use cases like  Network  Firewall troubleshooting handling for fragmented packets  Stress testing networks and servers  DoS defense testing
  • 10. BackBox Linux in short Properties  Ubuntu user experience  Many functions through the start menu  Not extensively documented  However it’s just Ubuntu  Non-root user  Smaller selection of tools  Sorted by technology  Updates of tools are integrated and easy
  • 11. Kali Linux in short Properties  Custom Gnome2  ARM support (for your Pi)  Extensive documentation  Videos and books  Root user  Extensive collection of tools  Sorted  Arduino by activity IDE
  • 12. Differences in menu structure
  • 13. Differences in menu structure
  • 14. BackBox Linux documentation  Forum  Technical questions  Tooling requests  Howto’s  Blog articles (links at the end)
  • 15. BackBox Linux Tutorials on sinflood.net
  • 16. Kali Linux documentation  Extensive documentation  Securitytube  Youtube (links at the end)
  • 17. Kali Linux Books & Tutorials  Packt Publishing (5x)  Securitytube
  • 18. DEMO – GUI overview  BackBox Linux  Kali Linux
  • 19. Tooling What is it really about when choosing either?  Installed and available tools (very personal)  Keeping track of various types of updates, e.g.  Metasploit Framework  OpenVAS signatures  Documentation and personal knowledge  Platform support (e.g. ARM)
  • 20. Tooling - advice Penetration Testing Execution Standard  PTES Technical Guidelines  Structured index of available tools andn technologies Tools with an active community are more reliable on the long term.
  • 21. Tooling – some favorites Useful  Fragtest  Hping3  MSF Auxiliary scanners Very dangerous  Social engineer toolkit  Sslsniff/sslstrip (this says more about SSL/TLS)
  • 22. Tip: use databases in Metasploit
  • 23. Tip: use databases in Metasploit
  • 24. DEMO – tooling overview
  • 25. Thanks for your time! More info:  Kali Linux    BackBox Linux    Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/ Penetration Testing Execution Standard   Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/ http://www.penteststandard.org/index.php/PTES_Technical_Guidelines Metasploit Unleashed  http://www.offensive-security.com/metasploit-unleashed/Main_Page