下载安装 Kali 系统
虚拟机环境/U 盘启动
本人 Mac 系统使用 Parallels Desktop 虚拟机, 具体安装以后推文, 如我忘记请自觉 DuckDuck.
当然使用 Windows 系统也可以, 使用 Linux 系统也可以, 使用 BSD 系统也可.
当然使用 VMware 虚拟机也可以, 使用 VirtualBox 虚拟机也可以.
如果使用虚拟机,需要远程控制登陆:可以参考文字 “修改 Kali 系统配置 - 允许远程登陆”
当然直接安装 Kali 到电脑也可以, 使用 U 盘/光盘启动也可以
如果使用 U 盘:可以参考文字 “制作 Kali 系统启动盘” 和 “制作 Kali 系统启动盘-设置额外持久化盘符”
启动 Kali 系统, 看左上的 Application 按钮, 点开查看丰富工具分类:
1 - Information Gathering 信息收集
2 - Vulnerability Analysis 弱点分析
3 - Web Application Analysis 网站分析
4 - Database Assessment 数据库评估
5 - Password Attacks 密码攻击
6 - Wireless Attacks 无线 Wifi 攻击
7 - Reverse Engineering 逆向工程
8 - Exploitation Tools 开发工具
9 - Snifering & Spoofing 嗅探与欺骗
10 - Post Exploitation 漏洞利用
11 - Forensics 取证
12 - Reporting Tools 报告工具
13 - Social Engineering Tools 社交工程工具
14 - System Services 系统服务
Usual Applications 常用的软件
1 - Information Gathering
dmitry
dnmap-client
dnmap-server
ike-scan
maltegoce
netdiscover
nmap
p0f
recon-ng
sparta
zenmap
2 - Vulnerability Analysis
golismero
lynis
nikto
nmap
sparta
unix-privesc-ckeck
3 - Web Application Analysis
burpsuite
commix
httrack
owasp-zap
paros
skipfish
sqlmap
webscarab
wpscan
4 - Database Assessment
bbqsql
hexorbase
jSQL injection
mdb-sql
oscanner
sidguesser
sqldict
SQLlite database browser
sqlmap
sqlninja
sqlsus
tmscmd10g
5 - Password Attacks
cewl
crunch
hashcat
john
johnny
medusa
ncrack
ophcrack
pyrit
rainbowcrack
rcracky_mt
wordlists
6 - Wireless Attacks
aircrack-ng
chirp
cowpatty
fern wifi cracker
ghost phisher
giskismet
kismet
mdk3
mfoc
mfterm
pixiewps
reaver
wifite
7 - Reverse Engineering
apktool
clang
clang++
dex2jar
edb-debug
flasm
jad
javaspoon
NASM shell
ollydbg
radare2
8 - Exploitation Tools
armitage
beef xxs framework
metasploit pro
msf payload creator
search sploit
social engineer toolkit
sqlmap
terminete
9 - Snifering & Spoofing
bdfproxy
driftnet
ettercap
hamster
macchanger
mitmproxy
netsniff-ng
responder
wireshark
10 - Post Exploitation
backdoor-factory
bdfproxy
exe2hex
intersect
mimikatz
nishang
powersploit
proxychains
weevely
11 - Forensics
autopsy:
binwalk:
bulk_extractor: extract infos from *.iso file or directory
chkrootkit:
foremost:
galleta:
hashdeep: calc file md5/sha1…. eg: to verify a downloaded file checksum
volafox:
volatility:
12 - Reporting Tools
casefile
cutycapt
dradis
faraday ide
keepnote
magictree
pipal
recordmydesktop
13 - Social Engineering Tools
backdoor-factory
beef xxs framework
ghost phisher
maltegoce
msf payload creator
social engineer toolkit
u3-pwn
14 - System Services
beef start
beef stop
dradis start
dradis stop