kali videos (36-38)
Stress Test Tool
Stress testing is a test to obtain the maximum service level that the system can provide by determining the bottleneck or unacceptable performance point of a system.
The stress test attack under Kali includes four categories: VoIP stress test, WEB stress test, network stress test and wireless stress test (including MDK3 and Reaver introduced earlier, which will not be repeated in this chapter).
VoIP digitizes analog signals and transmits them in real time on the IP network in the form of data packets. Voip stress testing tools include iaxflood and inviteflood.
As the most widely used open source VoIP product, Asterisk proposes IAX protocol based on unified service port for signaling and audio and video transmission between Asterisk server and client. iaxflood is a tool that exploits IAX design flaws to launch flood attacks
SIP is currently the most widely used and most accepted VoIP signaling protocol. INVITE is an instruction in the SIP protocol responsible for initiating a session request, and inviteflood is a tool for launching flood attacks against this instruction
With the help of the WEB stress testing tool THC-SSL-DOS, anyone can take offline attacks on websites that provide SSL secure connections. This attack method is called SSL denial of service attack (SSL-DOS). The tool was released by a German hacker organization. By default, 400 SSL connections are established with the server, and renegotiation is quickly renegotiated (renegotiation is used for authentication between the browser and the server.), in order to achieve the purpose of consuming a large amount of server CPU resources. Unlike traditional DDoS tools, it does not require any bandwidth, just a single computer to perform a single attack. The command thc-ssl-dos -l 500 目标IP 443 --acceptestablishes 500 SSL connections to the target IP and its port (default 443 port), and performs flooding attacks. The parameter -l indicates to limit the number of connections.
Network stress testing tool
dhcpig is a stress test that drains the DHCP resource pool. The DHCP service automatically assigns IP addresses to computers newly connected to the intranet, and the dhcpig tool uses Scapy to forge a large number of Mac addresses, defrauding the IP from the DHCP server, and then exhausting all the IP addresses that can be assigned by DHCP. In this way, computers newly joining the network will not be able to obtain an IP address and thus cannot access the Internet.
The Macof tool can do flooding attacks. The space of the switch Mac table is limited. When the Mac table is full of Mac addresses, an error will be reported and an abnormal state will be entered. In this state, the switch will send the received information in the form of broadcast, so that the broadcast information can be captured by the packet capture tool.
Siege is a stress testing and evaluation tool designed to evaluate the ability of web applications to withstand stress. According to the configuration, multiple users can concurrently access a Web site, record the response time of each user's request process, and repeat it under a certain number of concurrent accesses.
T50 has a unique packet injection tool with powerful functions, supports unix systems, and can perform packet injection of multiple protocols. It is the only tool that can use the GRE encapsulation protocol. In addition to being able to modify network routing to allow IT security experts to perform advanced "penetration testing", it can also send all protocol packets sequentially on a single SOCKET.
Data forensics tools
Digital forensics technology applies computer investigation and analysis techniques to the identification and acquisition of potential, legally valid electronic evidence, and again they are aimed at hackers and intrusions, with the aim of ensuring network security.
PDF forensics tool peepdf is a PDF file analysis tool written in python that can detect malicious PDF files. Its design goal is to provide security researchers with all the components that may be used in PDF analysis without having to use 3 or 4 tools to work together. peepdf also provides special analysis functions for Javascript code embedded in PDF, which can extract Javascript scripts for decoding, escaping, execution and other operations.
Anti-digital forensics chkrootkit
chkrootkit is a tool for finding and detecting rootkit backdoors under Linux system.
Memory Forensics Tool
Volatility is an open source memory forensic analysis tool for Windows, Linux, Mac, and Android. It is written in python, operates from the command line, and supports various operating systems. The tool can analyze which programs are running on the system at that time, and some data of the system, etc., through the captured memory state file.
For details, see the use of Volatility, a memory forensics tool under Linux.
Forensic segmentation tool binwalk
Firmware analysis tool designed to assist researchers in firmware analysis, extraction and reverse engineering. Simple to use, fully automated scripting, and easily extensible with custom signatures, extraction rules and plugin modules, and more importantly.
The forensic hash verification tool set is mainly used for hash verification, such as hashing the downloaded file, calculating its MD5 value and comparing it with the MD5 value of the official website to determine whether the file has been implanted with backdoor information.
- md5deep is a cross-platform solution that can calculate the hash value of files in batches and compare them with the hash value list. The tool supports a variety of hash algorithms, which can avoid hash collision problems.
- rahash2 can quickly perform various operations such as encryption, decryption and hashing of the whole file, partial blocks, strings, etc.
Digital Forensics Suite
Autopsy is a digital forensics platform and a graphical interface to the Sleuth Kit and other digital forensics tools. It is used for law enforcement on computers, military, corporate censorship, etc. It can even be used to recover photos from camera memory cards. Autopsy provides a browser platform that accesses local port 9999.
DFF is a digital forensics work aid, it has a flexible module system with a variety of functions including: replying to lost files due to errors or crashes, research and analysis of evidence. DFF provides a powerful architecture and a list of useful modules.
The forensic image tool set is mainly for the forensic analysis of image files, such as mmstat and mmls commands. Kali Linux also provides many other digital forensics tools, you can do further research, and the idea of forensics is also helpful for security testing.
Reporting Tools and System Services
A complete penetration test always ends with an elegant report as a summary. The corresponding Kali has a reporting toolset for security engineers. For each system service under Kali, separate directories are also organized.
Dradis is an information sharing framework (collaboration platform) for improving the efficiency of security inspections, providing a centralized information warehouse for marking what we have done so far and what we plan to do next. Dradis is a standalone web application that automatically opens in the browser https://127.0.0.1:3004. Set a password and use any login name to enter the Dradis framework for use.
Media capture tools include Cutycapt (to save web pages as pictures) and Recordmydesktop (screen recording tools).
Evidence Management: Maltego
MagicTree is a tool for penetration testers, which can help attackers perform data merging, query, external command execution (such as calling nmap directly, and importing scan results directly into tree) and report generation. All data will be stored in a tree structure.
Truectypt: Free and open source encryption software, supports Windows, OS, Linux and other operating systems.
The system service directory is mainly to facilitate us to start or close some services in time, and the command line input service 服务名 startcan service 服务名 stopachieve the same effect.
- BeEF: corresponding to the startup and shutdown of the XSS test framework BeEF
- Dradis: corresponding to the startup and shutdown of the note sharing service Dradis
- Openvas: corresponding to the startup and shutdown of the Openvas service