Summary

In this chapter, we examined Kali, a collection of tools widely used by legitimate penetration testers and hackers to assess the security of data systems and networks. We emphasized Kali as a virtual machine, allowing both the host operating system and the VM guest to support testing.

Kali is a repository of tools, and one of the challenges in using it is ensuring that the tools are up-to-date. We reviewed the Debian packet management system, and how updates could be initiated from both the command line and from GUI applications. Most importantly, we learned how to customize Kali to increase the security of our tools and the data that they collect. We are working to achieve the goal of making tools support our process, instead of the other way around!

In the next chapter, we will learn how to effectively use Open Source Intelligence (OSINT) to identify the vulnerable attack surfaces of our target and create customized username:password lists to facilitate social engineering attacks and other exploits.