Pentest Software Installation in Kali Linux

How to install all the tools found in the Pwnieexpress Pwn Plug Elite (http://pwnieexpress.com/pages/pwnplug-toolkit) on for Debian-for-Alix (http://code.google.com/p/debian-for-alix/) (or really any Debian based OS).

A

aircrack-ng – http://www.aircrack-ng.org

# cd ~/source

# svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng

# cd aircrack-ng

# make

# make install

# airodump-ng-oui-update

alive6 – http://www.thc.org/

See THC-IPV6

amap & amap6 - http://www.thc.org/

# apt-get install libssl-dev

# cd ~/source

# wget http://www.thc.org/releases/amap-5.4.tar.gz

# tar zxvf amap-5.4.tar.gz

# cd amap-5.4/

# ./configure

# make

# make install

arping - http://www.habets.pp.se/synscan/files/

# apt-get install libpcap0.8-dev

# cd ~/source

# links http://sourceforge.net/projects/libnet-dev/files/latest/download

# tar zxvf libnet-1.1.6.tar.gz

# cd libnet-1.1.6/

# ./configure

# make && make install

# cd ~/source

# wget http://www.habets.pp.se/synscan/files/arping-2.12.tar.gz

# tar zxvf arping-2.12.tar.gz

# cd arping-2.12/

# ./configure

# make && make install

arp-scan (http://www.nta-monitor.com)

# cd ~/source

# wget http://www.nta-monitor.com/files/arp-scan/arp-scan-1.8.tar.gz

# tar zxvf arp-scan-1.8.tar.gz

# cd arp-scan-1.8/

# ./configure

# make && make install

asleap - http://sourceforge.net/projects/asleap/

# cd ~/source

# wget http://sourceforge.net/projects/asleap/files/asleap/asleap-1.4/asleap-1.4.tgz/download

# tar zxvf asleap-1.4.tgz

# cd asleap

# make

# cp asleap ~/tools/

asp-auditor

# cd ~/source

# wget http://dl.packetstormsecurity.net/UNIX/scanners/asp-audit-v2.tar.gz

# tar zxvf asp-audit-v2.tar.gz

# cp asp-audit-latest.pl ~/tools

# chmod 777 ~/tools/asp-audit-latest.pl

B

BED (aka Bruteforce Exploit Detector) - http://www.aldeid.com/wiki/Bed

# cd ~/source

# wget http://web.archive.org/web/20101229024258/

http://www.remote-exploit.org/wp-content/uploads/2010/01/bed-0.5.tar.gz

# tar xzvf bed-0.5.tar.gz

# mkdir -p ~/tools/fuzzers/

# mv bed-0.5/ ~/tools/fuzzers/bed/

C

cisco-auditing-tool

# cd ~/source

# wget http://dl.packetstormsecurity.net/cisco/CiscoAuditingTool-v1.tar.gz

# tar zxvf CiscoAuditingTool-v1.tar.gz

# mv CiscoAuditingTool ~/tools/

cisco-global-exploiter

# cd ~/source

# wget http://dl.packetstormsecurity.net/0405-exploits/cge-13.tar.gz

# tar zxvf cge-13.tar.gz

# mv cge-13/ ~/tools

cms-explorer - http://code.google.com/p/cms-explorer/

# cd ~/source

# wget http://cms-explorer.googlecode.com/files/cms-explorer-1.0.tar.bz2

# tar jxvf cms-explorer-1.0.tar.bz2

# mv cms-explorer-1.0/ ~/tools/

creddump - http://code.google.com/p/creddump/

# cd ~/source

# wget http://creddump.googlecode.com/files/creddump-0.3.tar.bz2

# tar jxvf creddump-0.3.tar.bz2

# mv creddump-0.3 ~/tools/

cryptcat - http://sourceforge.net/projects/cryptcat/ I’m being lazy with this one. Also compiling for Windows is outside the scope of this document.

#apt-get install cryptcat

D

DarkMySQLi - http://dl.packetstormsecurity.net/papers/database/darkmysqli-injection.pdf

NOTE: www.darkc0de.com is no more

# cd ~/source

# wget http://www.jedge.com/utilities/darkMySQLi16.zip

# unzip darkMySQLi16.zip

# mkdir -p ~/tools/darkMySQLi

# unzip darkMySQLi16.zip -d ~/tools/darkMySQLi

darkstat - http://unix4lyfe.org/darkstat/

# apt-get install libpcap0.8-dev

# cd ~/source

# wget http://unix4lyfe.org/darkstat/darkstat-3.0.715.tar.bz2

# tar jxvf darkstat-3.0.715.tar.bz2

# cd darkstat-3.0.715/

# mkdir -p /var/lib/empty

# ./configure

# make

# make install

denial6 – http://www.thc.org/

See THC-IPV6

detect-new-ip6 – http://www.thc.org/

See THC-IPV6

DMitry - http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/ Latest available is in Debian repository

# apt-get install dmitry

dnsdict6 – http://www.thc.org/

See THC-IPV6

dnsenum - http://code.google.com/p/dnsenum/

# cd ~/source

# wget http://dnsenum.googlecode.com/files/dnsenum-1.2.2.tar.gz

# mkdir -p ~/tools/dnsenum

# tar zxvf dnsenum-1.2.2.tar.gz -C ~/tools/dnsenum/

dnstracer - http://www.mavetju.org/unix/dnstracer.php

# apt-get install dnstracer

dos-new-ip6 – http://www.thc.org/

See THC-IPV6

dsniff - http://monkey.org/~dugsong/dsniff/

# apt-get install dsniff libnids1.21

E

EAPeak - http://code.google.com/p/eapeak/

See Scapy install first

# cd ~/source

# wget http://eapeak.googlecode.com/files/EAPeak-v0.1.5.tar.bz2

# tar jxvf EAPeak-v0.1.5.tar.bz2

# cd EAPeak-v0.1.5

easy-creds - http://sourceforge.net/projects/easy-creds/

See installation of the following tools first:  ettercap, dsniff (urlsnarf), sslstrip, 

metasploit, aircrack-ng, hamster, ferret, ipcalc, asleap, 

mdk3, and ipcalc

# cd ~/source

# wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.11.tar.bz2

# tar jxvf freeradius-server-2.1.11.tar.bz2

# cd freeradius-server-2.1.11

# wget http://www.opensecurityresearch.com/files/freeradius-wpe-2.1.11.patch 

# patch -p1 < freeradius-wpe-2.1.11.patch

# ./configure && make && make install

# /usr/local/etc/raddb/certs/bootstrap

# cd ~/source

# wget http://sourceforge.net/projects/easy-creds/files/latest/download -O easycreds.tar.gz

# tar zxvf easycreds.tar.gz

# mv easy-creds ~/tools

ettercap - http://ettercap.sourceforge.net/

I’ll leave this

 to personal choice.  You can go with ettercap (NG-0.7.3 – 2005) or ettercap 

(0.7.4.1-Lazarus – 2012)

# apt-get install ettercap ettercap-common

Or

# apt-get install libpcap0.8-dev libssl-dev libncurses5-dev

# cd ~/source

# links http://sourceforge.net/projects/libnet-dev/files/latest/download

# tar zxvf libnet-1.1.6.tar.gz

# cd libnet-1.1.6/

# ./configure

# make && make install

# wget http://prdownloads.sourceforge.net/ettercap/ettercap-0.7.4.1.tar.gz

# tar zxvf ettercap-0.7.4.1.tar.gz

# cd ettercap-0.7.4.1

# ./configure --with-libnet=/usr/local --disable-gtk

# make && make install

exploit6 – http://www.thc.org/

See THC-IPV6

F

fake_advertise6 - See THC-IPV6

fake_dhcps6 - See THC-IPV6

fake_dnsupdate6 - See THC-IPV6

fake_mipv6 - See THC-IPV6

fake_mld26 - See THC-IPV6

fake_mld6 - See THC-IPV6

fake_mldrouter6 - See THC-IPV6

fake_router6 - See THC-IPV6 

 

ferret - http://www.erratasec.com/ferret.html

# mkdir -p ~/tools/sidejack/ferret

# cd ~/source

# svn checkout http://ferret.googlecode.com/svn/trunk/ ferret

# cd ferret/

# make

# cp bin/ferret /root/tools/sidejack

fierce - http://ha.ckers.org/fierce/

Install a pair of perl modules via CPAN

# perl -MCPAN -e 'install Net::DNS'

# perl -MCPAN -e 'install Net::hostent'

# mkdir -p ~/tools/fierce

# cd ~/tools/fierce

# wget http://ha.ckers.org/fierce/fierce.pl

# wget http://ha.ckers.org/fierce/hosts.txt

# chmod 777 fierce.pl

fimap – http://code.google.com/p/fimap/

# cd ~/source

# wget http://fimap.googlecode.com/files/fimap_alpha_v09.tar.gz

# tar zxvf fimap_alpha_v09.tar.gz

# mv fimap_alpha_v09 ~/tools/

flood_advertise6 - See THC-IPV6

flood_dhcpc6 - See THC-IPV6

flood_mld26 - See THC-IPV6

flood_mld6 - See THC-IPV6

flood_mldrouter6 - See THC-IPV6

flood_router6 - See THC-IPV6

flood_solicitate6 - See THC-IPV6 

 

fping – http://fping.org/

# cd ~/source

# wget http://fping.org/dist/fping-3.4.tar.gz

# tar zxvf fping-3.4.tar.gz

# cd fping-3.4/

# ./configure

# make

# make install

fragmentation6 - See THC-IPV6

fuzz_ip6 - See THC-IPV6

G

goohost - http://www.aldeid.com/wiki/Goohost

# cd ~/tools/

# wget http://dl.dropbox.com/u/10761700/goohost.sh

# chmod +x goohost.sh

grabber – http://rgaucher.info/beta/grabber/

H

hamster - http://www.erratasec.com

# cd ~/source

# mkdir –p ~/tools/sidejack

# wget http://www.erratasec.com/erratasec.zip

# unzip erratasec.zip

# cd hamster/build/gcc4/

# make

# cp /root/source/hamster/bin/ * /root/tools/sidejack/

hping3 - http://www.hping.org/hping3.html

#apt-get install hping3 tcl8.4

HWK - http://nullsecurity.net/

# cd ~/source

# wget http://nullsecurity.net/tools/wireless/hwk_0.3.2.tar.gz

# tar xzf hwk_0.3.2.tar.gz

# cd hwk_0.3.2

# make

# make install

hydra (THC-Hydra) - http://www.thc.org/thc-hydra/

Thanks to DeckerXL who posted this comment here (http://wiredbytes.com/node/23#comment-61) 

I was able to get the Oracle password checks compiled into Hydra. 

Various software libraries need to be installed in order to successfully compile Hydra 
with all of the features that we need.  Obtain the latest Hydra source 

marketplace which requires you to be a customer with an account.
from http://freeworld.thc.org.  Note, the SAP SDK needs to be downloaded from the SAP 

# apt-get install libmysqlclient-dev libpcre3-dev libsvn-dev libssh-dev libncp-dev 

libidn11-dev postgresql-client libpq-dev libaio-dev

For Oracle support you need to download the Oracle Instant Client 

(Google “oracle instant client download”).  The three files you will need to 

download are the basiclite, sqlplus, and devel rpm packages.  You will need an 

account with Oracle to obtain the files.  Signing up is free.  Once the files are 

downloaded we will need to convert the rpm packages to deb and install (all in one command).



# apt-get install alien

# cd ~/source

# alien -i oracle-instantclient11.2-basiclite-*.rpm

# alien -i oracle-instantclient11.2-devel-*.rpm

# alien -i oracle-instantclient11.2-sqlplus-*.rpm

Create the following file (oracle

.conf) in ls.so.con.d and add the following (that's where it put my libs for version 11.2 

- substitute your version there) /usr/lib/oracle/11.2/client64/lib
# ldconfig
# cd ~/source

# tar zxvf hydra-7.3.tar.gz
# wget http://www.thc.org/releases/hydra-7.3.tar.gz
# cd hydra-7.3

# ./configure --with-oracle=/usr/include/oracle/11.2/client64 --with-oraclelib=/usr/lib/
oracle/11.2/client64/lib

Edit the Makefile and manaully edit  the Oracle include dir to the XIPATHS var on line 6.  

# make install
Add this to the end:  -I/usr/include/oracle/11.2/client64


# make

I

implementation6 - See THC-IPV6

 

iodine - http://code.kryo.se/iodine/

# cd ~/source

# wget http://code.kryo.se/iodine/iodine-0.6.0-rc1.tar.gz

# tar zxvf iodine-0.6.0-rc1.tar.gz

# cd iodine-0.6.0-rc1/

# make

# make install

ipcalc - http://jodies.de/ipcalc-archive/

# cd ~/source

# wget http://jodies.de/ipcalc-archive/ipcalc-0.41.tar.gz

# tar zxvf ipcalc-0.41.tar.gz

# mv ipcalc-0.41 ~/tools/

J

john – http://www.openwall.com/john/

# cd ~/source

# wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz

# tar zxf openssl-1.0.1c.tar.gz

# cd openssl-1.0.1c

# ./config --openssldir=/usr/local

# make

# make install

# cd ~/source

# wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz

# tar zxvf john-1.7.9-jumbo-7.tar.gz

# cd john-1.7.9-jumbo-7/src

# make generic

# make install

K

kill_router6 - See THC-IPV6 

 

kismet – http://www.kismetwireless.net

# apt-get install libpcap0.8-dev libncurses5-dev libnl-dev libpcre3-dev

# cd ~/source

# wget https://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz

# tar zxf kismet-2011-03-R2.tar.gz

# cd kismet-2011-03-R2

# ./configure

# make

# make install

# wget -cd -N -P /usr/share/wireshark http://anonsvn.wireshark.org/wireshark/trunk/manuf

L

lbd (Load Balance Detector)

# cd ~/source/

# wget http://packetstorm.wowhacker.com/UNIX/audit/lbd-0.1.sh.txt

# mv lbd-0.1.sh.txt ~/tools/lbd.sh

# chmod +x ~/tools/lbd.sh

M

MDK3

# wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/mdk3-v6.tar.bz2

# tar xvjf mdk3-v6.tar.bz2

# cd mdk3-v6

# make && make install

metagoofil - http://code.google.com/p/metagoofil/

# cd ~/source

# wget http://metagoofil.googlecode.com/files/metagoofil-2.1_BH2011_Arsenal.tar.gz

# tar zxvf metagoofil-2.1_BH2011_Arsenal.tar.gz

# mv metagoofil-blackhat/ ~/tools/metagoofil/

Metasploit (subversion edition) - http://www.metasploit.com/

# apt-get install subversion

# apt-get install ruby libreadline5 libruby1.8 ruby1.8 ruby1.8-dev rubygems1.8

# apt-get install postgresql libpq-dev libpq5 postgresql-8.4 postgresql-client-8.4 

postgresql-client-common postgresql-common ssl-cert

# su postgres -c psql

postgres=# ALTER USER postgres WITH PASSWORD 'your password';

postgres=# \q

# passwd -d postgres

# su postgres -c passwd

<type the password for postgres account>

# gem install pg

# svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/msf

# /opt/msf/msfconsole

msf > db_connect postgres:”postgreSQL_password”@127.0.0.1/metasploit (“metasploit” being 

the name of the  database)


I created the file /root/.msf4/msfconsole.rc with the following so I don't have to type 

the db_* commands each time.

db_connect postgres:”postgreSQL_password”@127.0.0.1/metasploit

Metasploit (pwn plug edition) – https://github.com/pwnieexpress/metasploit-framework*

# apt-get install git

# cd /opt

# git clown https://github.com/pwnieexpress/metasploit-framework.git

miranda - http://code.google.com/p/miranda-upnp/

# cd ~/source

# wget http://miranda-upnp.googlecode.com/files/miranda-1.2.tar.gz

# tar zxvf miranda-1.2.tar.gz

# mv miranda-1.2/ ~/tools/

miredo - http://www.remlab.net/miredo/

# apt-get install libjudydebian1

# cd ~/source

# wget http://www.remlab.net/files/miredo/debian/miredo_1.2.5-1_i386.deb

# dpkg -i miredo_1.2.5-1_i386.deb

N

netcat & netcat6

#apt-get install netcat netcat6

ndpexhaust6 - See THC-IPV6 

 

netdiscover – http://sourceforge.net/projects/netdiscover/

# links h

ttp://sourceforge.net/projects/netdiscover/files/netdiscover/0.3-beta6/

netdiscover-0.3-beta6-osx_mod.tar.bz2/download

# tar jxvf netdiscover-0.3-beta6-osx_mod.tar.bz2

# cd netdiscover-0.3-beta6-osx_mod/

# ./configure

# make

# make install

nikto - http://www.cirt.net/nikto2

# cd ~/source

# wget http://www.cirt.net/nikto/nikto-2.1.5.tar.gz

# tar zxvf nikto-2.1.5.tar.gz

# mv nikto-2.1.5/ ~/tools/

nmap - http://nmap.org/

# cd ~/source

# wget http://nmap.org/dist/nmap-6.01.tgz

# tar zxvf nmap-6.01.tgz

# cd nmap-6.01/

# ./configure

# make

# make install

O

OAT (Oracle Audit Tools) - http://www.cqure.net/wp/tools/database/test/

$ cd ~/tools

$ wget http://www.cqure.net/tools/oat-binary-1.3.1.zip

$ unzip oat-binary-1.3.1.zip

$ cd oat

$ rm -rf *.bat

$ chmod 775 *.sh

$ wget http://vulnerabilityassessment.co.uk/classes12.zip

For each script file you need to edit the file and set JDBC=classes12.zip

onesixtyone – http://www.phreedom.org/software/onesixtyone/

# cd ~/source

# wget http://www.phreedom.org/software/onesixtyone/releases/onesixtyone-0.3.2.tar.gz

# tar zxvf onesixtyone-0.3.2.tar.gz

# cd onesixtyone-0.3.2/

# make

# cp onesixtyone /usr/local/bin

# cp dict.txt /usr/local/share  

openssl – http://www.openssl.org

# cd ~/source

# wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz

# tar zxf openssl-1.0.1c.tar.gz

# cd openssl-1.0.1c

# ./config --openssldir=/usr/local

# make

# make install

openvpn - http://openvpn.net/

# apt-get install openvpn liblzo2-2 libpkcs11-helper1 openssl-blacklist openvpn-blacklist 

resolvconf

P

parasite6 - See THC-IPV6 

 

plecost - http://code.google.com/p/plecost/

# apt-get install python-beautifulsoup

# cd ~/source

# wget http://plecost.googlecode.com/files/plecost-0.2.2-9-beta.tar.gz

# tar xvf plecost-0.2.2-9-beta.tar.gz

# mv plecost-0.2.2-9-beta ~/tools/plecost/

proxychains - http://proxychains.sourceforge.net/

# apt-get install proxychains libproxychains3

proxytunnel - http://proxytunnel.sourceforge.net*

# cd ~/source

# wget http://downloads.sourceforge.net/proxytunnel/proxytunnel-1.9.0.tgz

# tar zxvf proxytunnel-1.9.0.tgz

# cd proxytunnel-1.9.0/

# make

# make install

R

randicmp6 - See THC-IPV6 

 

reaver - http://code.google.com/p/reaver-wps/

# cd ~/source

# wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz

# tar xzf reaver-1.4.tar.gz

# cd reaver-1.4/src

# ./configure

# make

# make install

redir6 - See THC-IPV6

rsmurf6 - See THC-IPV6

S

scapy - http://www.secdev.org/projects/scapy

# apt-get install python-gnuplot python-pyx python-crypto

# cd ~/source

# wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz

# tar zxvf scapy-latest.tar.gz

# cd scapy-2.1.0/

# python setup.py install

sslstrip - http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

# cd ~/source

# wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

# tar zxvf sslstrip-0.9.tar.gz

# cd sslstrip-0.9/

# python setup.py install

sendpees6 - See THC-IPV6

sendpeesmp6 - See THC-IPV6 

 

SET (Social Engineer’s Toolkit) – https://www.trustedsec.com/downloads/social-engineer-toolkit/

# cd ~/source

# wget http://downloads.sourceforge.net/project/pexpect/pexpect/Release%202.3/

  pexpect-2.3.tar.gz

# tar zxf pexpect-2.3.tar.gz

# cd pexpect-2.3

# python setup.py install

# cd ~/source

# wget http://www.crummy.com/software/BeautifulSoup/download/3.x/BeautifulSoup-3.2.0.tar.gz

# tar zxf BeautifulSoup-3.2.0.tar.gz

# cd BeautifulSoup-3.2.0

# python setup.py install

# svn co http://svn.trustedsec.com/social_engineering_toolkit /opt/set/

sickfuzz - http://sickness.tor.hu/?p=334

We are going to make setup easy.  The setup.py script that comes with sickfuzz is 

configured for the Backtrack environment.

# cd ~/source

# wget http://www.immunitysec.com/downloads/SPIKE2.9.tgz

# tar zxvf SPIKE2.9.tgz

# mkdir -p /pentest/fuzzers/spike/

# cp -R src /pentest/fuzzers/spike/

# cd ~/source

# wget http://sickfuzz.googlecode.com/files/sickfuzz_v1.0.zip

# unzip sickfuzz_v1.0.zip

# mv sickfuzz /pentest/fuzzers/

# cd /pentest/fuzzers/sickfuzz/

# python setup.py

sipcrack – website no longer exists

# cd ~/source

# wget http://tools.l0t3k.net/SIPutils/SIPcrack-0.3pre.tar.gz

# tar zxvf SIPcrack-0.3pre.tar.gz

# cd SIPcrack-0.3pre/

# make

# make install

sipsak - http://sipsak.org/

# cd ~/source

# wget http://download.berlios.de/sipsak/sipsak-0.9.6-1.tar.gz

# tar zxvf sipsak-0.9.6-1.tar.gz

# cd sipsak-0.9.6/

# ./configure

# make

# make install

sipvicious - http://code.google.com/p/sipvicious/

# cd ~/source

# wget http://sipvicious.googlecode.com/files/sipvicious-0.2.7.tar.gz

# tar zxvf sipvicious-0.2.7.tar.gz

# mv sipvicious-0.2.7 ~/tools/sipvicious/

skipfish - http://code.google.com/p/skipfish/

# apt-get install libidn11-dev

# cd ~/source

# wget http://skipfish.googlecode.com/files/skipfish-2.09b.tgz

# tar zxvf skipfish-2.09b.tgz

# cd skipfish-2.09b/

# make

# cd ..

# mv skipfish-2.09b ~/tools/skipfish

smtp-user-enum - http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum

# apt-get install libnet-snmp-perl

# cd ~/tools/

# wget http://pentestmonkey.net/tools/smtp-user-enum/smtp-user-enum-1.2.tar.gz

# tar zxvf smtp-user-enum-1.2.tar.gz

smurf6 - See THC-IPV6 

 

snmpcheck

# apt-get install libnet-snmp-perl

# cd ~/tools

# wget http://packetstorm.wowhacker.com/UNIX/scanners/snmpcheck-1.6.txt

# mv snmpcheck-1.6.txt snmpcheck.pl

# chmod +x snmpcheck.pl

snmpenum

# apt-get install libnet-snmp-perl

# mkdir ~/tools

# cd ~/tools

# wget http://www.jedge.com/utilities/snmpenum.tar.gz

# tar zxvf snmpenum.tar.gz

socat - http://www.dest-unreach.org/socat/

# cd ~/source

# wget http://www.dest-unreach.org/socat/download/socat-2.0.0-b5.tar.gz

# tar zxvf socat-2.0.0-b5.tar.gz

# cd socat-2.0.0-b5/

# ./configure

# make

# make install

SQLAT (SQL Auditing Tools) - http://www.cqure.net/wp/tools/database/sql-auditing-tools/

# cd ~/source

# wget http://www.jedge.com/utilities/freetds-0.62.4.tar.gz

# tar zxvf freetds-0.62.4.tar.gz

# cd freetds-0.62.4/

# ./configure

# make && make install

# cd ~/source

# wget http://www.cqure.net/tools/sqlat-src-1.1.0.tar.gz

# tar zxvf sqlat-src-1.1.0.tar.gz

# cd sqlat-1.1.0/

# ./configure

# make && make install

sqlbrute - https://github.com/GDSSecurity

# apt-get install git

# cd ~/tools

# git clone https://github.com/GDSSecurity/SQLBrute.git

sqlmap - http://sqlmap.org/

# cd ~/tools

# git clone https://github.com/sqlmapproject/sqlmap.git

sqlninja – http://sqlninja.sourceforge.net/

# perl –MCPAN –e ‘install NetPacket’

# apt-get install libpcap0.8 libpcap0.8-dev

# perl –MCPAN –e ‘install Net::Pcap’

# perl –MCPAN –e ‘install Net::DNS’

# perl –MCPAN –e ‘install Net::RawIP’

# perl –MCPAN –e ‘install IO::Socket::SSL’

# cd ~/source

# wget http://sourceforge.net/projects/sqlninja/files/sqlninja/sqlninja-0.2.6-r1.tgz

# tar zxvf sqlninja-0.2.6-r1.tgz

# mv sqlninja-0.2.6-r1/ ~/tools/sqlninja

ssldump - http://www.rtfm.com/ssldump/

# apt-get install ssldump

sslscan - http://sourceforge.net/projects/sslscan/

# cd ~/source

# wget http://sourceforge.net/projects/sslscan/files/latest/download -O sslscan.tar.gz

# tar zxvf sslscan.tar.gz

# cd sslscan-1.8.2/

# make

# make install

sslsniff - http://www.thoughtcrime.org/software/sslsniff/

# apt-get install sslsniff

sslstrip - http://www.thoughtcrime.org/software/sslstrip/

# apt-get install python-twisted

# cd ~/source

# wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

# tar zxvf sslstrip-0.9.tar.gz

# cd sslstrip-0.9/

# python setup.py install

T

tcptraceroute

# apt-get install tcptraceroute

thcping6 - See THC-IPV6 

 

theharvester - http://code.google.com/p/theharvester/

# cd ~/source

# wget http://theharvester.googlecode.com/files/theHarvester-2.2.tar

# tar xvf theHarvester-2.2.tar

# mv theHarvester ~/tools/

tinyproxy - https://banu.com/tinyproxy/

# apt-get install tinyproxy

toobig6 - See THC-IPV6

trace6 - See THC-IPV6

THC-Hydra – See hydra 

 

THC-IPV6 - http://www.thc.org/

# apt-get install libpcap0.8-dev libssl-dev 

# cd ~/source

# wget http://www.thc.org/releases/thc-ipv6-2.0.tar.gz

# tar zxvf thc-ipv6-2.0.tar.gz

# cd thc-ipv6-2.0/

# make

# make install

U

ua-tester - http://code.google.com/p/ua-tester/

# cd ~/tools

# wget http://ua-tester.googlecode.com/files/UAtester_1.06.py

# chmod +x UAtester_1.06.py

udptunnel - http://code.google.com/p/udptunnel/

# cd ~/source

# wget http://udptunnel.googlecode.com/files/udptunnel-r19.tar.gz

# tar zxvf udptunnel-r19.tar.gz

# cd udptunnel/

# make

# cp udptunnel ~/tools/

# chmod +x ~/tools/udptunnel

V

voiper - http://voiper.sourceforge.net/

# cd ~/source

# wget http://sourceforge.net/projects/voiper/files/latest/download?source=files -O 

voiper-0.07.tar.gz

# tar zxvf voiper-0.07.tar.gz

# mv trunk ~/tools/voiper

W

waffit - http://code.google.com/p/waffit/

# apt-get install subversion

# cd ~/source

# svn checkout http://waffit.googlecode.com/svn/trunk/ waffit

# mv waffit/ ~/tools

wapiti - http://wapiti.sourceforge.net/

#  cd ~/source

# wget http://sourceforge.net/projects/wapiti/files/latest/download -O wapiti.zip

# unzip wapiti.zip

# mv wapiti-2.2.0/ ~/tools/wapiti/

Weevely - http://epinna.github.com/Weevely/

# cd ~/source

# wget https://github.com/downloads/epinna/Weevely/weevely-0.7.1.tar.gz

# tar zxvf weevely-0.7.1.tar.gz

# mv weevely ~/tools/

wifitap - http://sid.rstack.org/static/articles/w/i/f/Wifitap_EN_9613.html*

# cd ~/source

# wget http://sid.rstack.org/code/wifitap.tgz

# tar zxvf wifitap.tgz

# mv wifitap ~/tools/

wifite - http://code.google.com/p/wifite/

# apt-get install iw

# cd ~/source

# wget http://wifite.googlecode.com/files/wifite-2.0r85.tar.gz

# cp wifite.py ~/tools/

wifizoo - http://community.corest.com/~hochoa/wifizoo/index.html

# cd ~/source

# wget http://community.corest.com/~hochoa/wifizoo/wifizoo_v1.3.tgz

# tar zxvf wifizoo_v1.3.tgz

# mv wifizoo_v1.3 ~/tools/wifizoo/

X

xprobe2

# apt-get install xprobe

Read more ...

How to scan a website for bugs

Now, we are going to see, how to scan website for the bugs and vulnerability using Kali's uniscan tool. And as we all know that Kali is specially designed for the security researchers so there are many tools pre installed in the Kali Linux like sqlmap, uniscan and all.

Follow the simple steps to find the vulnerability in any website !

Now just open the terminal and write the bellow code in the terminal and hit okay!

cd /pentest/web/uniscan && ./uniscan.pl

Now you can see the bellow snapshot there are few options are given. 

Now we are going to use the bellow command and make sure you have the website link :)

./uniscan.pl -u http://www.website.com/ –bqdw

And your website’s URL should be end with the forward slash  and now just hit enter and then the process will start :) 

Now as you can see we got the IP address and the server of the website :) and wait we will get many more information :)

Directory Check: Directory check will check the directories of the website and it will list the directories of the website as shown in the bellow snapshot.
File check : Now as the name says it will check the files which are hosted in the website. 

Now crawler is started it will grab all the email address and externals hosts and all the information
 
Emails :

External Host:

Web backdoors:

File upload forums : 

Now let me tell you that using this tool we can scan the websites for many more vulnerability like sql-i, XSS, remote code execution and many more and you can make few bucks by participating in the bug bounty program.


 
Now you can see in the above snapshot the list of the bugs it will find :)


Now as shown in the above we the website is vulnerable to the blind sqli. Mission accomplished. we have found the bug.

Now if you want to get the list of the sites hosted on the same server then simply add this command, just replace the ip address with the server’s ip address. and the list of the websites will be stored in the same directory with the name “sites.txt”

./uniscan.pl -i "ip:127.0.0.1"

and then if you want to scan the list of the website then simply run this command

./uniscan.pl -f sites.txt –bqwd

Now you have done !

Read more ...

DNS Enumeration with Kali Linux

When it comes to web server’s penetration-testing, a DNS server is always on the top of the list because DNS server is the core gateway of an internal enterprise to the mighty internet. Information gathering, as we all know is an important part of Penetration, so gathering information about the DNS is just as important as the DNS server. Even if an attacker can enumerate a DNS server it can prove very lethal to the Organization whose information is stored on the server. In this tutorial we will be looking at several tools and their usage by which we can enumerate a DNS server in several ways.
For this we will open Terminal in BT/KALI and type cd /pentest/enumeration/dns

Then type ls The list of DNS enumeration tools will appear and we will take a look at the use of all tools.First we will use dnsenum tool.It is very easy to use this tool, just type the command in the format perl dnsenum.plIt will generate results as shown in below picture.It provided us with the list of entire IPs used by the website including the mail servers.Now the trick to extract information that we need for further phases of Pen-testing e.g if you want to test the mail server you can telnet it and exploit it by foot-printing (will be explained in upcoming tutorials). The next tool that we will use is dnswalk.It is also a very good tool for enumerating and provides with filtered information of the target.You can access it by cd dns command in dns folder. Only the difference in the input is In Dnswalk the target ends with a “.”We got the results here, as we have mentioned earlier dnswalk only provides basic information like SOA server and warnings. It is a partial enumeration testing tool.Next tool we will be digging is called dnsrecon, You can find this in the dns folder, It is a tool written python scripting.Now as you can see below that we have performed multiple operations with dnsrecon which will be explained further. You can retrieve SRV records of the target also query SOA etc.For retrieving SRV records you have to type the command ./dnsrecon.py –t srv –d target name.Now here is how the result of the srv records look like:And here’s how we query the SOA, NS and MX of the servers using the command ./dnsrecon.py –t std –d And here how the result will look like:By DNS enumeration you can gather a lot of information about the target and it can prove to be very helpful in a penetration test.

Read more ...