Discover system vulnerabilities and exploits

Anti-Theft Device

Windows in the House

Some Linux admins might know the insecure feeling of having Windows systems in their setups. Some even set up a separate WiFi network for these systems and then isolate it from other systems. Kali Linux turns out to be useful in this case, too, because the distribution includes several tools that scan Windows computers for vulnerabilities. In this way, you at least have an overview of what is going on in your network.

The Windows Subsystem for Linux lets you run Kali Linux on Windows. Accordingly, the distribution can be found in the Windows Store, ready for one-click installation.

Targeted Attacks on Services

In addition to the general-purpose tools for everything related to WiFi, Kali Linux is also equipped with a variety of tools for attacking specific software or hardware components. Cisco routers can be checked with cisco-auditing-tool. BeEF (browser exploitation framework) inspects the browsers present on a system, and the Linux Exploit Suggester digs through a system to find vulnerable standard components with known vulnerabilities.

Another subcategory of attack tools deals with website vulnerabilities. The cross-site scripter (XSSer) tool is classic, but Kali also has tools that detect remote installations of WordPress, Joomla, and various other content management systems (CMSs) and point to possible vulnerabilities.

Kali even identifies individual modules as problematic that are not officially part of a CMS, because it has many tools that also examine plugins and modules from third-party vendors. This category of tools is basically one of Kali Linux's most important weapons.

Quite a few users fail to maintain their WordPress environments, even though fixes are published regularly for extremely dangerous bugs. An attacker could convert a WordPress installation to a Bitcoin miner, for example, which would have a negative effect on customers of the site and quickly become an acute threat to the reputation of the respective provider.

Thanks to Kali Linux, you can regularly check sites you host with WPScan and ask a customer to install an update – before an attacker has time to exploit a vulnerability (Figure 5).

Figure 5: Check WordPress installations with WPScan for unpatched security issues and notify customers when needed. Kali can even investigate third-party modules.

Stress Tests

Security problems manifest themselves not only as obvious programming errors. Sometimes a great deal of load exposure is required to reveal a weak spot. Not infrequently, the goal of attacks on a network is not to compromise another server, but to make it unusable for the network community (i.e., denial of service, DoS).

Kali Linux comes with tools that let you run load tests against your own infrastructure by generating hundreds of thousands of HTTP requests against active web servers. This method is an effective way to check the capacity of databases or load balancers.

FunkLoad is a good example: You can run load tests against web applications on a recurring basis and according to a fixed set of parameters. As a result, FunkLoad also supports regression testing, because if an application reacts significantly more slowly after an update than it did before the update, you are obviously experiencing some serious performance hits.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=