{"id":29542,"date":"2023-10-05T18:58:30","date_gmt":"2023-10-05T18:58:30","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=29542"},"modified":"2023-12-13T18:45:47","modified_gmt":"2023-12-13T18:45:47","slug":"kali-linux-tutorial","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/","title":{"rendered":"Kali Linux Penetration Testing Tutorial: Step-By-Step Process"},"content":{"rendered":"\n<p>Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools.<\/p>\n\n\n\n<p>It remains to be seen if <a href=\"https:\/\/www.kali.org\/blog\/kali-linux-2023-1-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kali Purple<\/a> will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for <a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">SIEM<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/networks\/best-incident-response-tools-services\/\">incident response<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/networks\/intrusion-detection-and-prevention-systems\/\">intrusion detection<\/a> and more should raise the profile of those defensive tools.<\/p>\n\n\n\n<p>For now, Kali is primarily known for its roughly 600 open source pentesting tools, allowing pentesters to easily install a full range of offensive security tools.<\/p>\n\n\n\n<p>In this article, we\u2019ll focus primarily on how to use this powerful OS to run a pentest and mistakes to avoid. We&#8217;ll give you an overview of what can be achieved with Kali Linux using a short selection of pre-installed tools. While this guide serves as an introduction to common <a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing-phases\/\">pentesting phases<\/a>, with practical examples that highlight best practices, it&#8217;s not a substitution for a complete professional pentesting methodology.<\/p>\n\n\n\n<p><strong>Also read:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/open-source-penetration-testing-tools\/\"><strong>24 Top Open Source Penetration Testing Tools<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing\/\"><strong>What Is Penetration Testing? Complete Guide &amp; Steps<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing-program\/\"><strong>How to Implement a Penetration Testing Program in 10 Steps<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/pentest-framework\/\"><strong>What Is a Pentest Framework? Top 7 Frameworks Explained<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6f871e4972\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6f871e4972\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#What-is-Kali-Linux\" title=\"What is Kali Linux?\">What is Kali Linux?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Getting-Started-How-to-Install-Kali-Linux\" title=\"Getting Started: How to Install Kali Linux\">Getting Started: How to Install Kali Linux<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Using-Kali-Linux-Finding-Tools\" title=\"Using Kali Linux: Finding Tools\">Using Kali Linux: Finding Tools<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Using-a-Pentesting-Framework\" title=\"Using a Pentesting Framework\">Using a Pentesting Framework<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#How-To-Use-Kali-Linux-for-Pentesting\" title=\"How To Use Kali Linux for Pentesting\">How To Use Kali Linux for Pentesting<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Open-source-Alternatives-to-Kali-Linux\" title=\"Open-source Alternatives to Kali Linux\">Open-source Alternatives to Kali Linux<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Kali-Purple-Edition\" title=\"Kali Purple Edition\">Kali Purple Edition<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Resources-for-Kali-Linux-Training\" title=\"Resources for Kali Linux Training\">Resources for Kali Linux Training<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#Bottom-Line-Kali-Linux\" title=\"Bottom Line: Kali Linux\">Bottom Line: Kali Linux<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What-is-Kali-Linux\"><\/span><strong>What is Kali Linux?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kali Linux is a popular pentesting distribution maintained by Offensive Security (OffSec), a 15-year-old private security company. Kali contains scanners, sniffers, and many other attacking tools.<\/p>\n\n\n\n<p>The OS can power a full pentest session or more specific attacks. While there are many other pentesting distributions, Kali is the top one recommended by professionals.<\/p>\n\n\n\n<p>Indeed, most of its pre-installed packages are available as standalone packages, but Kali incorporates and maintains high-quality solutions that are meant for professional usage.<\/p>\n\n\n\n<p>The idea behind the operating system is to have a comprehensive toolbox that is relatively easy to update while following the best standards in the industry.<\/p>\n\n\n\n<p>Kali is built for pentesting only. That&#8217;s why you won&#8217;t want to install it as a primary OS unless your machine is dedicated to pentesting or it&#8217;s a virtual machine.<\/p>\n\n\n\n<div class=\"wp-block-buttons alignwide is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button has-custom-width wp-block-button__width-50 has-custom-font-size is-style-outline has-large-font-size td_btn_large is-style-outline--dff8d53e561ba9c365becdcc8f4bf16c\"><a class=\"wp-block-button__link has-white-color has-luminous-vivid-orange-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/link.technologyadvice.com\/r\/kali-linux-main\" style=\"border-radius:38px\" target=\"_blank\" rel=\"noopener nofollow sponsored\">Visit Kali Linux<\/a><\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>What\u2019s new in Kali Linux in 2023?<\/strong><\/h3>\n\n\n\n<p>There have been three quarterly releases thus far in 2023, with the first one by far the most eventful.<\/p>\n\n\n\n<p>Kali 2023.1, <a href=\"https:\/\/www.kali.org\/blog\/kali-linux-2023-1-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">released<\/a> in March, introduced a new kernel version and eight new packages, including <a href=\"https:\/\/gchq.github.io\/CyberChef\/\" target=\"_blank\" rel=\"noreferrer noopener\">CyberChef<\/a>, which is a pretty convenient interface to decipher, decrypt, and decode various strings and hashes with granularity and accuracy.<\/p>\n\n\n\n<p>The release also included a temporary patch to make sure that Python and its PIP package manager worked with Debian\u2019s upcoming Stable release, as Kali is a Debian-based distribution. A bug with Nvidia drivers and some specific GPU models might cause all affected Linux devices to become slow or freeze; a fix was expected.<\/p>\n\n\n\n<p>But the biggest change in Kali Linux 2023.1 was the addition of the Purple Edition for defensive security, which we\u2019ll cover further down.<\/p>\n\n\n\n<p>Kali 2023.2, released May 30, added a <a href=\"https:\/\/www.kali.org\/blog\/kali-linux-2023-2-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hyper-V VM image<\/a> that should be much easier for users, requiring no configuration. In addition to other changes, the 2023.2 release added 13 new tools, including a few container and <a href=\"https:\/\/www.esecurityplanet.com\/compliance\/sbom\/\">SBOM<\/a> tools, the Evilginx man-in-the-middle attack framework, the GoPhish open-source phishing toolkit, and TheHive open source incident response platform, among other interesting tools.<\/p>\n\n\n\n<p>Kali&#8217;s third-quarter release, <a href=\"https:\/\/www.kali.org\/blog\/kali-linux-2023-3-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">2023.3<\/a>, dropped on Aug. 23, and the main focus was changes to Kali&#8217;s internal infrastructure to coincide with the release of Debian 12. <a href=\"https:\/\/gitlab.com\/re4son\/kali-autopilot\/-\/wikis\/home\" target=\"_blank\" rel=\"noreferrer noopener\">Kali Autopilot<\/a>, an automated attack framework that debuted with Kali Purple, got a redesigned GUI and other new features.<\/p>\n\n\n\n<p>Kali Linux 2023.3 also added 9 new tools, ranging from cloud and container security to automated pentesting tools, and replaced two tools that are no longer actively supported.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Is Kali beginner-friendly?<\/strong><\/h3>\n\n\n\n<p>Kali is available for anyone. It&#8217;s free and open-source, so anyone can download it. It\u2019s a good idea to try things on your own and then read the documentation or tutorials.<\/p>\n\n\n\n<p>However, is it a good place for beginners to start? While Kali IS beginner-friendly, professional pentesting is not something you can improvise. It requires knowledge and planning to be effective.<\/p>\n\n\n\n<p>Here are some requirements for becoming a good pentester:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mastery of pentesting basics: legal aspects, scopes, essential steps (such as passive recon, network discovery, enumeration, privilege escalation), post-exploitation, and persistence<\/li>\n\n\n\n<li>Mastery of the network layers (the OSI model, IP, subnets, and more)<\/li>\n\n\n\n<li>Mastery of Windows and Linux systems<\/li>\n\n\n\n<li>Proficiency in Python and some programming languages (like Go, C, C++, Ruby); in my opinion, this isn&#8217;t optional, but some security specialists might say otherwise<\/li>\n<\/ul>\n\n\n\n<p>Some people learn faster than others, but there&#8217;s a massive range of tools and concepts to know, so it will take time regardless of your learning skills or speed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Getting-Started-How-to-Install-Kali-Linux\"><\/span><strong>Getting Started: How to Install Kali Linux<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kali Linux is remarkably easy to install. The <a href=\"https:\/\/www.kali.org\/get-kali\/\" target=\"_blank\" rel=\"noreferrer noopener\">&#8220;Get Kali&#8221; page<\/a> lists various installation modes, with pre-configured images and ready-to-use virtual machines.<\/p>\n\n\n\n<p>Virtual machines are perfect for a quick intro. Feel free to test them, even if it\u2019s just to see what the OS looks like.<\/p>\n\n\n\n<p>Most operating systems are supported, and you\u2019ll find Docker containers, and even support for Android and Raspberry Pi. Windows users can install Kali using the Windows Subsystem (WSL2), for example.<\/p>\n\n\n\n<p>The bare metal installation is not recommended for beginners, though.<\/p>\n\n\n\n<p>You can flash ISO images on an external drive to install Kali on the device of your choice by booting from that drive.<\/p>\n\n\n\n<p>You can also run Kali in live mode with the live distributions without installing it on your device.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Mistakes to avoid with Kali Linux<\/strong><\/h3>\n\n\n\n<p>Without proper knowledge, your pentest will likely fail, as there\u2019s no magic recipe you can apply blindly regardless of how good your tools are.<\/p>\n\n\n\n<p>Besides, attacking tools can send multiple probes or headers along with their requests (e.g., during scanning and discovery), which can be detected and blocked by security tools. Note that Kali won\u2019t hide your IP or cover your fingerprints automagically. You may use a VPN or install utilities to capture and forward traffic to other subnets, or configure proxychains.<\/p>\n\n\n\n<p>You may also leverage external platforms like Linode for your setup and operations.<\/p>\n\n\n\n<p>However, if you are a complete newbie, my advice is to not rush on the tools, and to start with free open-source projects to attack, like the Juice Shop or many other vulnerable applications that are meant to help you learn cybersecurity.<\/p>\n\n\n\n<p>Then you might want to learn more advanced techniques or to invest in dedicated online training programs (see the final section of this article).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Pentesting is not just about servers and web apps<\/strong><\/h3>\n\n\n\n<p>A penetration test aims to emulate a real attack on a targeted system. It\u2019s actually a broad term that covers a wide range of tests and procedures, not just for web apps, and organizations can leverage regular pentests to improve their security and fix critical vulnerabilities.<\/p>\n\n\n\n<p>Unlike <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-conduct-a-vulnerability-assessment-steps-toward-better-cybersecurity\/\">vulnerability assessments<\/a>, pentests involve exploitation, which means you, as an attacker, will hack the system, for real, according to the rules defined before the test. The ultimate goal is to write a good report that provides recommendations.<\/p>\n\n\n\n<p>Note that your pentest is not an exhaustive analysis, as you will likely have limited time and only need one working exploit to achieve your mission.<\/p>\n\n\n\n<p>It\u2019s important to bear in mind that pentesting is not limited to hacking vulnerable servers that host apps and databases. There are multiple other attack angles to test, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network compromises<\/li>\n\n\n\n<li>Social engineering (e.g., phishing)<\/li>\n\n\n\n<li>Memory corruptions<\/li>\n\n\n\n<li>Wi-Fi attacks<\/li>\n<\/ul>\n\n\n\n<p>Kali is a wonderful toolbox, because it has tools for a wide range of pentests. Web apps are good for learning because many web servers are vulnerable and expose a large surface to attackers, as organizations have to expose their <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network<\/a> to the public.<\/p>\n\n\n\n<p>However, if it\u2019s necessary (and in the contract), a pentester can perform physical attacks too.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Don\u2019t neglect the legal aspects<\/strong><\/h3>\n\n\n\n<p>Laws are not the same everywhere, which means the same procedures can be legal in some countries and illegal in others. It&#8217;s especially true if you compare the EU to the U.S.<\/p>\n\n\n\n<p>As far as I know, &#8220;Ethical hacking&#8221; is not a legally protected status. Legitimate security researchers have been sued after demonstrating critical vulnerabilities.<\/p>\n\n\n\n<p>Scope is essential for distinguishing a pentest from a real attack. Of course, you need an explicit consent, which is usually a legal agreement, to run a pentest, but you must also define the scope very precisely <em>before the operation<\/em>.<\/p>\n\n\n\n<p>Last but not least, installing Kali Linux at work without permission would raise liabilities too. The distribution contains sensitive programs that can expose your organization, not to mention jeopardize your employment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using-Kali-Linux-Finding-Tools\"><\/span><strong>Using Kali Linux: Finding Tools<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>There are literally hundreds of <a href=\"https:\/\/kali.org\/tools\" target=\"_blank\" rel=\"noreferrer noopener\">Kali Linux tools<\/a> for various purposes. Beginners can start with very popular packages for classic and recurrent tasks, or they could ask security pros for their favorite tools.<\/p>\n\n\n\n<p>While the list of tools can provide some hints, it can be confusing for beginners. Here&#8217;s a range of pentest tasks and the appropriate Kali Linux tools:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OSINT<\/strong>: Use Maltego to gather information, Dmitry for passive recon<\/li>\n\n\n\n<li><strong>Social Engineering<\/strong>: Use SET (the Social Engineer Toolkit)<\/li>\n\n\n\n<li><strong>Knowledge base<\/strong>: Use exploitdb<\/li>\n\n\n\n<li><strong>pentesting framework<\/strong>: Use the <a href=\"https:\/\/www.esecurityplanet.com\/products\/metasploit-framework-tutorial\/\">Metasploit Framework<\/a><\/li>\n\n\n\n<li><strong>Port scanning<\/strong>: Use <a href=\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\">Nmap<\/a> to scan the targeted network and Ndiff to compare Nmap scans (e.g., to see which ports get closed\/opened)<\/li>\n\n\n\n<li><strong>Wireless pentesting<\/strong>: Use Aircrack-ng to crack Wi-Fi, Bettercap for recon and MitM attacks on Wi-Fi and BLE (Bluetooth Low Energy) devices<\/li>\n\n\n\n<li><strong>Packet sniffing:<\/strong> Use Scapy to manipulate packets, Ettercap is also excellent to perform MitM attacks, and Wireshark is a must-have<\/li>\n\n\n\n<li><strong>Brute-Force URLs<\/strong>: Use Gobuster or DirBuster to scan URLs (directories, files, and DNS), and Nikto to detect server vulnerabilities<\/li>\n\n\n\n<li><strong>Web fuzzing<\/strong>: Use Wfuzz<\/li>\n\n\n\n<li><strong>Web hacking<\/strong>: Use BeEF to exploit XSS and other vulnerabilities with the browser or the <a href=\"https:\/\/www.esecurityplanet.com\/networks\/getting-started-with-burp-suite-pentest-tutorial\/\">Burp Suite<\/a> to intercept requests<\/li>\n\n\n\n<li><strong>SQL injections<\/strong>: Use sqlmap to crack vulnerable databases<\/li>\n\n\n\n<li><strong>WordPress scanning<\/strong>: Use WPscan<\/li>\n\n\n\n<li><strong>Brute-Force logins remotely<\/strong>: Use Hydra (Hydra GTK for the graphical interface)<\/li>\n\n\n\n<li><strong>Brute-Force passwords<\/strong>: Use <a href=\"https:\/\/www.esecurityplanet.com\/products\/john-the-ripper\/\">John The Ripper<\/a><\/li>\n\n\n\n<li><strong>Active Directory<\/strong>: Use Mimikatz, Impacket<\/li>\n<\/ul>\n\n\n\n<p>The lists won\u2019t tell you how to use each tool or the right combination to achieve your mission. Once installed, however, Kali Linux sorts packages by categories, which adds some helpful context and labels.<\/p>\n\n\n\n<p>The category usually matches the typical phases of a pentest, like \u201cinformation gathering\u201d or \u201cpost-exploitation,\u201d but also recurrent tasks, such as \u201cpassword attacks.\u201d<\/p>\n\n\n\n<p>Just open the interactive menu:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"564\" height=\"635\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu.jpg\" alt=\"\" class=\"wp-image-32253\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu.jpg 564w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu-266x300.jpg 266w\" sizes=\"(max-width: 564px) 100vw, 564px\" \/><figcaption class=\"wp-element-caption\">Kali Linux menu<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using-a-Pentesting-Framework\"><\/span><strong>Using a Pentesting Framework<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The Metasploit Framework can support many steps of your work, from scanning and discovery to exploitation, and even post-exploitation.<\/p>\n\n\n\n<p>On Kali, just open the interactive menu or type \u201cmsfconsole\u201d in the terminal to start the console.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"638\" height=\"505\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_msf_console_show_options.jpg\" alt=\"\" class=\"wp-image-32252\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_msf_console_show_options.jpg 638w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_msf_console_show_options-300x237.jpg 300w\" sizes=\"(max-width: 638px) 100vw, 638px\" \/><figcaption class=\"wp-element-caption\">Kali Linux msfconsole<\/figcaption><\/figure>\n\n\n\n<p>The console is verbose, so you\u2019ll know quickly whether the exploit has succeeded. In my experience, the interface provides advanced payload capabilities and a standardized way to use very different hacking modules.<\/p>\n\n\n\n<p>Note that you don\u2019t have to use a framework, but you\u2019ll have to combine several other pre-installed resources to achieve similar results. If you don\u2019t like manual setups (e.g., for listeners) and other repetitive procedures, the console is a great option.<\/p>\n\n\n\n<p>Of course, some cases may require other tools.<\/p>\n\n\n\n<p><strong>Also read: <\/strong><a href=\"https:\/\/www.esecurityplanet.com\/products\/metasploit-framework-tutorial\/\"><strong>Getting Started With the Metasploit Framework: A Pentesting Tutorial<\/strong><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How-To-Use-Kali-Linux-for-Pentesting\"><\/span>How To Use Kali Linux for Pentesting<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kali Linux contains many options to help pentesters execute each of the <a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing-phases\/\">7 pentesting steps<\/a>. Here we&#8217;ll go through those steps and highlight Kali tools that we&#8217;ve found to be particularly helpful.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 1: Defining Scope and Goals<\/strong><\/h3>\n\n\n\n<p>Clear goals and scope are critical for the success of your pentest. You and the organization will define the scope and the rules to apply during the test, which ensures there&#8217;s no misunderstanding and that there are clear goals.<\/p>\n\n\n\n<p>Your customer will likely have to choose between three common approaches for the test:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Black box<\/strong>: You operate without any prior access or information about the target and usually focus on gaining initial access<\/li>\n\n\n\n<li><strong>Gray box:<\/strong> An intermediary approach where you could be given some credentials or internal information just to speed your progression and allow for deeper testing<\/li>\n\n\n\n<li><strong>White box<\/strong>: These tests are usually longer and focus on the later phases, like post-exploitation or persistence, to challenge the system and see how resilient it is against privilege escalations, insider jobs, or lateral movements<\/li>\n<\/ul>\n\n\n\n<p>Not all organizations will need a white box test that requires significant time and budget, but it\u2019s sometimes necessary.<\/p>\n\n\n\n<p>You must discuss the timeline and other legal conditions during this step too. It\u2019s critical for your customers to explain in detail what&#8217;s allowed and what&#8217;s not<strong> <\/strong>in a document that will be signed by you and them.<\/p>\n\n\n\n<p>Wild attacks may appear more realistic for beginners, but in practice, it&#8217;s not uncommon to whitelist specific IPs that will be used by the pentesters. You need to define a methodology.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 2: Recon and OSINT<\/strong><\/h3>\n\n\n\n<p>Reconnaissance, or \u201crecon,\u201d can be either passive or active.<\/p>\n\n\n\n<p>For example, OSINT (Open-source Intelligence) is an indirect way to collect information, whereas Nmap involves active scanning, as you send probes to the targeted network.<\/p>\n\n\n\n<p>Kali has powerful OSINT tools, like Maltego (the community edition is free to use). These programs can help you organize and automate your research.<\/p>\n\n\n\n<p>In any case, you will generally need both passive and active recon during your pentest.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"529\" height=\"546\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu_maltego.jpg\" alt=\"\" class=\"wp-image-32251\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu_maltego.jpg 529w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu_maltego-291x300.jpg 291w\" sizes=\"(max-width: 529px) 100vw, 529px\" \/><figcaption class=\"wp-element-caption\">Maletgo in the Kali Linux menu<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 3: Scan and Discover<\/strong><\/h3>\n\n\n\n<p>Let\u2019s say we have an IP\/URL to scan. We can use classic Nmap commands to discover services and potential hosts to attack, for example:<\/p>\n\n\n<pre><code>\nnmap -oN nmapscan.txt -v -A {IP\/URL}\n<\/code><\/pre>\n\n\n<p>The -v option is for \u201cverbose\u201d and -A means \u201caggressive scan,\u201d which is slower and sends more probes to the target, but it\u2019s not problematic here, as we are not in a real case. The -oN option is to export output to a text file with essential results.<\/p>\n\n\n\n<p>If we discover that the server hosts a vulnerable database system, we will attack it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 4: Gain Unauthorized Access and Exploit<\/strong><\/h3>\n\n\n\n<p>SQL injections in a vulnerable database can lead to a Remote Code Execution (RCE).<\/p>\n\n\n\n<p>If we manage to inject malicious SQL queries in the targeted database with <a href=\"https:\/\/www.kali.org\/tools\/sqlmap\/\" target=\"_blank\" rel=\"noreferrer noopener\">sqlmap<\/a>, we may exploit a typical vulnerability that allows writing files to pass arbitrary commands to the server.<\/p>\n\n\n\n<p>Many exploits consist in uploading a reverse shell, which is basically a \u201cconnect-back\u201d channel between your machine and the targeted server.<\/p>\n\n\n\n<p>If such a shell can be opened as a privileged user (e.g., administrator), we\u2019ll get the same privileges for our session!<\/p>\n\n\n\n<p>The root account grants the highest privileges, allowing pretty much any operation while remaining undetected, which is perfect for post-exploitation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 5: Post-exploitation<\/strong><\/h3>\n\n\n\n<p>After exploiting a vulnerability and compromising a network, you may want to show what you can do with it to your customers to prove the impact and the risks associated with the breach.<\/p>\n\n\n\n<p>Metasploit has tons of modules for this purpose, but you can open the interactive menu of Kali Linux to get the full list of post-exploitation tools available:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"524\" height=\"622\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu_post_exploitation.jpg\" alt=\"\" class=\"wp-image-32250\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu_post_exploitation.jpg 524w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_menu_post_exploitation-253x300.jpg 253w\" sizes=\"(max-width: 524px) 100vw, 524px\" \/><figcaption class=\"wp-element-caption\">Kali Linux post-exploitation tools<\/figcaption><\/figure>\n\n\n\n<p>If it\u2019s a Windows\/Active directory environment, Kali has several packages for that, like <a href=\"https:\/\/www.kali.org\/tools\/mimikatz\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mimikatz<\/a>, a small but powerful utility for Kerberoasting and password dumping, or Impacket, a set of scripts to attack.<\/p>\n\n\n\n<p>Depending on the brief and the size of the organization, you may have to get further access, and progress from the system you\u2019ve just compromised to another.<\/p>\n\n\n\n<p>This technique is called <em>pivoting<\/em>. You may have to demonstrate that you can maintain access and get deeper into the targeted infrastructure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 6: Clean Up Your Mess<\/strong><\/h3>\n\n\n\n<p>The targeted network must be restored to its original state before you started your operation, which means removing all temporary accounts, scripts, and any other modifications you made on the system.<\/p>\n\n\n\n<p>This phase is usually skipped during a CTF (Capture The Flag event) because the goal is to practice attacking techniques, but in real-world conditions, a pentester must cover all tracks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 7: Report and Make Recommendations<\/strong><\/h3>\n\n\n\n<p>During this step, you will write a report containing the vulnerabilities you\u2019ve just exploited, the potential stolen data, and the recommendations to fix the situation, including technical advice.<\/p>\n\n\n\n<p>The report is the heart of a pentest and a critical document that literally determines the value of your work. It has to be meaningful and readable, so the organization can take concrete decisions to secure its network.<\/p>\n\n\n\n<p>It may contain the following items:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Techniques used to gather intelligence<\/li>\n\n\n\n<li>Techniques used to gain unauthorized access<\/li>\n\n\n\n<li>The threat model and the level of risks<\/li>\n\n\n\n<li>The estimated value of stolen data and credentials<\/li>\n<\/ul>\n\n\n\n<p>You must prioritize the most relevant measures. Watch <a href=\"https:\/\/www.youtube.com\/watch?v=J34DnrX7dTo\" target=\"_blank\" rel=\"noreferrer noopener\">this tutorial<\/a> by Hackersploit to learn more.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Open-source-Alternatives-to-Kali-Linux\"><\/span><strong>Open-source Alternatives to Kali Linux<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>There are some alternatives to Kali Linux worth considering.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Parrot OS Security Edition<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.parrotsec.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Parrot OS Security<\/a> should be very convenient for beginners, with lots of default configurations. Be careful when downloading the archive, though, as Parrot provides a &#8220;home edition&#8221; that is not meant for pentesting.<\/p>\n\n\n\n<p>You&#8217;ll need the &#8220;security&#8221; edition. It&#8217;s still possible to install the home edition and the pentesting tools afterwards, but the security edition is more straightforward.<\/p>\n\n\n\n<p>What I like about Parrot is the ease of use and the privacy-focused approach (no telemetry, anon surf, proxy).<\/p>\n\n\n\n<p>The &#8220;Hack The Box Edition&#8221; is also worth mentioning. It aims to help beginners quickly set up a machine for a CTF (e.g., on the HTB platform), but you can use it to build a lab or a training environment for other objectives.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Black Arch Linux<\/strong><\/h3>\n\n\n\n<p>You may have read that Arch is for \u201cthe real ones\u201d (not beginners), as the installation is said to be more technical compared to many other Linux distros.<\/p>\n\n\n\n<p>That\u2019s not exactly true, as the latest versions are way easier to install compared to the oldest ones. You can now download a &#8220;slim\u201d version too.<\/p>\n\n\n\n<p>If you already use Arch, you can \u201cupgrade\u201d your installation to <a href=\"https:\/\/blackarch.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Black Arch<\/a> with a dedicated installer in minutes.<\/p>\n\n\n\n<p>Linux users may appreciate the core philosophy, which is very different from other distros like Ubuntu or Debian, and the ability to get the latest versions of security packages.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-black_arch_linux_gui-1024x576.jpg\" alt=\"\" class=\"wp-image-32249\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-black_arch_linux_gui-1024x576.jpg 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-black_arch_linux_gui-300x169.jpg 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-black_arch_linux_gui-768x432.jpg 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-black_arch_linux_gui.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Black Arch GUI<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kali-Purple-Edition\"><\/span><strong>Kali Purple Edition<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The Kali &#8220;Purple&#8221; edition was released recently and ships many popular packages for defensive security, including Yara and DefectDojo. There\u2019s also a large range of forensic and reversing tools to discover.<\/p>\n\n\n\n<p>The team added specific menus that follow the principles of the NIST Cybersecurity Framework: identify, protect, detect, respond, recover.<\/p>\n\n\n\n<p>Users should be aware that this initiative is in its early stages, so you won\u2019t get pre-configured VMs and the large support provided by the standard version.<\/p>\n\n\n\n<p>Of course, you\u2019re not supposed to migrate your current working environment to Purple right now. That would be a pretty crazy move, as this edition is not yet mature.<\/p>\n\n\n\n<p>However, it\u2019s stable enough to be tested, and defenders will certainly appreciate this new flavor despite the inevitable bugs and oversights.<\/p>\n\n\n\n<p>It\u2019s interesting to see OffSec exploring new fields. The Purple edition is aimed at <a href=\"https:\/\/www.esecurityplanet.com\/networks\/red-team-vs-blue-team-vs-purple-team\/\">Blue and Purple teams<\/a> for defensive security, which means it\u2019s a mix of both worlds, red and blue.<\/p>\n\n\n\n<p>You can get more details about Kali Purple in <a href=\"https:\/\/gitlab.com\/kalilinux\/kali-purple\/documentation\/-\/wikis\/home\" target=\"_blank\" rel=\"noreferrer noopener\">the official wiki.<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"768\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_purple_menu_dark.jpg\" alt=\"\" class=\"wp-image-32248\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_purple_menu_dark.jpg 576w, https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231006-kali-linux-tutorial-kali_purple_menu_dark-225x300.jpg 225w\" sizes=\"(max-width: 576px) 100vw, 576px\" \/><figcaption class=\"wp-element-caption\">Kali Purple menu<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Resources-for-Kali-Linux-Training\"><\/span><strong>Resources for Kali Linux Training<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kali Linux requires effort and time. The key is to practice regularly and to learn from professionals in the field if you want to make it a career. An ethical hacking <a href=\"https:\/\/www.esecurityplanet.com\/networks\/cybersecurity-certifications\/\">certification<\/a> may help too.<\/p>\n\n\n\n<p>The following links could help you unlock many skills:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.kali.org\/docs\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kali documentation<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kali.training\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kali training<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/hackersploit.org\/penetration-testing-tutorials\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hackersploit: penetration testing tutorials<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.offsec.com\/courses\/pen-200\/\" target=\"_blank\" rel=\"noreferrer noopener\">OffSec: OSCP certification<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bottom-Line-Kali-Linux\"><\/span><strong>Bottom Line: Kali Linux<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kali Linux deserves its great reputation as a critically important toolkit for pentesters and anyone hoping to become one. If your organization contains critically important data, whether web-facing or internal, pentesting is a cybersecurity best practice you should adopt to find vulnerabilities before the bad guys do. Kali Linux is a great place to start.<\/p>\n\n\n\n<div class=\"wp-block-buttons alignwide is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-2 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button has-custom-width wp-block-button__width-50 has-custom-font-size is-style-outline has-large-font-size td_btn_large is-style-outline--dff8d53e561ba9c365becdcc8f4bf16c\"><a class=\"wp-block-button__link has-white-color has-luminous-vivid-orange-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/link.technologyadvice.com\/r\/kali-linux-main\" style=\"border-radius:38px\" target=\"_blank\" rel=\"noopener nofollow sponsored\">Visit Kali Linux<\/a><\/div>\n<\/div>\n\n\n\n<p><strong>Further reading:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/open-source-vulnerability-scanners\/\">10 Best Open-Source Vulnerability Scanners for 2023<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/rapid7-insightidr-review\/\">Testing &amp; Evaluating SIEM Systems: A Review of Rapid7 InsightIDR<\/a><\/li>\n<\/ul>\n\n\n<p><em>This article was created by Julien Maury on April 7, 2023 and updated by eSecurity Planet Editor <a href=\"https:\/\/www.esecurityplanet.com\/author\/paul-shread-2\/\">Paul Shread<\/a> on Oct. 5, 2023<\/em><\/p>\n\n<div id=\"ta-campaign-widget-66d6f871debc0-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6f871debc0\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6f871debc0\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6f871debc0\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6f871debc0\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6f871debc0\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6f871debc0\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of [&hellip;]<\/p>\n","protected":false},"author":267,"featured_media":29555,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[3790,3414,4296,31708,730,30773,22929,10917,5277],"b2b_audience":[33,35],"b2b_industry":[],"b2b_product":[382,378,395,381,31776,31775,392,396],"class_list":["post-29542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-cybersecurity","tag-network-security","tag-penetration-testing","tag-pentesting","tag-security","tag-vulnerability-assessment","tag-vulnerability-management","tag-vulnerability-scanning","tag-web-security","b2b_audience-awareness-and-consideration","b2b_audience-implementation-and-support","b2b_product-application-security-vulnerability-management","b2b_product-endpoint-security","b2b_product-firewalls-and-intrusion-prevention-and-detection","b2b_product-network-access-control-nac","b2b_product-siem","b2b_product-web-applications-security","b2b_product-web-security","b2b_product-wireless-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Kali Linux Penetration Testing Tutorial: How to Use Kali Linux<\/title>\n<meta name=\"description\" content=\"Kali Linux is a comprehensive collection of pentesting tools. Here&#039;s what&#039;s new, and how to get started with Kali Linux.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kali Linux Penetration Testing Tutorial: How to Use Kali Linux\" \/>\n<meta property=\"og:description\" content=\"Kali Linux is a comprehensive collection of pentesting tools. Here&#039;s what&#039;s new, and how to get started with Kali Linux.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-05T18:58:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-13T18:45:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png\" \/>\n\t<meta property=\"og:image:width\" content=\"638\" \/>\n\t<meta property=\"og:image:height\" content=\"505\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Julien Maury\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Julien Maury\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\"},\"author\":{\"name\":\"Julien Maury\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\"},\"headline\":\"Kali Linux Penetration Testing Tutorial: Step-By-Step Process\",\"datePublished\":\"2023-10-05T18:58:30+00:00\",\"dateModified\":\"2023-12-13T18:45:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\"},\"wordCount\":3382,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png\",\"keywords\":[\"cybersecurity\",\"network security\",\"penetration-testing\",\"pentesting\",\"security\",\"vulnerability assessment\",\"Vulnerability Management\",\"vulnerability scanning\",\"Web security\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\",\"name\":\"Kali Linux Penetration Testing Tutorial: How to Use Kali Linux\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png\",\"datePublished\":\"2023-10-05T18:58:30+00:00\",\"dateModified\":\"2023-12-13T18:45:47+00:00\",\"description\":\"Kali Linux is a comprehensive collection of pentesting tools. Here's what's new, and how to get started with Kali Linux.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png\",\"width\":638,\"height\":505},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kali Linux Penetration Testing Tutorial: Step-By-Step Process\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\",\"name\":\"Julien Maury\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"caption\":\"Julien Maury\"},\"description\":\"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kali Linux Penetration Testing Tutorial: How to Use Kali Linux","description":"Kali Linux is a comprehensive collection of pentesting tools. Here's what's new, and how to get started with Kali Linux.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/","og_locale":"en_US","og_type":"article","og_title":"Kali Linux Penetration Testing Tutorial: How to Use Kali Linux","og_description":"Kali Linux is a comprehensive collection of pentesting tools. Here's what's new, and how to get started with Kali Linux.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/","og_site_name":"eSecurity Planet","article_published_time":"2023-10-05T18:58:30+00:00","article_modified_time":"2023-12-13T18:45:47+00:00","og_image":[{"width":638,"height":505,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png","type":"image\/png"}],"author":"Julien Maury","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Julien Maury","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/"},"author":{"name":"Julien Maury","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a"},"headline":"Kali Linux Penetration Testing Tutorial: Step-By-Step Process","datePublished":"2023-10-05T18:58:30+00:00","dateModified":"2023-12-13T18:45:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/"},"wordCount":3382,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png","keywords":["cybersecurity","network security","penetration-testing","pentesting","security","vulnerability assessment","Vulnerability Management","vulnerability scanning","Web security"],"articleSection":["Networks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/","url":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/","name":"Kali Linux Penetration Testing Tutorial: How to Use Kali Linux","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png","datePublished":"2023-10-05T18:58:30+00:00","dateModified":"2023-12-13T18:45:47+00:00","description":"Kali Linux is a comprehensive collection of pentesting tools. Here's what's new, and how to get started with Kali Linux.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kali-msf-console-show-options.png","width":638,"height":505},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Kali Linux Penetration Testing Tutorial: Step-By-Step Process"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a","name":"Julien Maury","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","caption":"Julien Maury"},"description":"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.","url":"https:\/\/www.esecurityplanet.com\/author\/jmaury\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/29542"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/267"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=29542"}],"version-history":[{"count":6,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/29542\/revisions"}],"predecessor-version":[{"id":33193,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/29542\/revisions\/33193"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/29555"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=29542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=29542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=29542"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=29542"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=29542"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=29542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}