Slingshot Orbit of Technology

Kali Linux is commonly used inside of VMware Workstation, VMware Fusion, and/or VMware Player – allowing for to stretch the window freely, copy files from the host OS to the guest (Kali) and from the guest to the host. But in order for these features to work, you have to install VMware Tools. This can sometimes be a hard project for beginners.

Open up Terminal and run the command, apt-get update to make sure Kali Linux is up-to-date. After checking its databases, Kali will ask you if you want to install updates, when it does, hit Enter for yes. Do NOT close the Terminal while it’s updating, as this might ruin Kali.

When it’s done updating and you are presented with the root@kali prefix again, type: apt-get install linux-headers-$(uname –r) and hit Enter. You will be prompted if you want to install the latest headers, hit Enter for yes. Wait for it to complete before closing the command window. This step will avoid the “Kernel headers error” when installing VMware tools.

Click Install VMware Tools…/Reinstall VMware Tools… on the submenu and copy the tools file to the “root” folder. Type cd /media/cdrom and hit Enter. Type ls in the same Terminal, and hit Enter. Type cp then copy and paste the name of the VMware tools .tar.gz folder. Then add /root/ to the end. (see example below)

cp VMwareTools-9.6.2-16388356.tar.gz /root/
cd /root/
tar –xf VMwareTools-9.6.2-16388356.tar.gz
cd vmware-tools-distrib
./vmware-install.pl

NetworkMiner is a Windows program but can be run on Linux using Mono. Here’s how to get NetworkMiner up in running on Kali Linux:

apt-get install libmono-winforms2.0-cil
wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer
cd /tmp
unzip ./networkminer -d /opt
cd /opt/NetworkMiner_1-6-1
chmod +x NetworkMiner.exe
chmod -R go+w AssembledFiles/
chmod -R go+w Captures/
mono /opt/NetworkMiner_1-6-1/NetworkMiner.exe

via: http://www.netresec.com/?page=Blog&month=2011-12&post=No-more-Wine—NetworkMiner-in-Linux-with-Mono

Install the prerequisite python libraries, give it a URL, and watch it spider the entire site looking in every nook and cranny for XSS vulnerabilities.

apt-get install python-pip
git clone https://github.com/DanMcInerney/xsscrapy
cd xsscrapy
pip install -r requirements.txt
scrapy crawl xsscrapy -a url="http://example.com"
pip install ipython

To login then scrape:

scrapy crawl xsscrapy -a url="http://example.com/login" -a user=my_username -a pw=my_password

All vulnerabilities it finds will be places in formatted-vulns.txt. Example output when it finds a vulnerable user agent header:

source: http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/

A new Kali Linux Tools website has been implemented, with well documented Kali Linux Tool Listing contains package descriptions, tool homepage links and usage examples.

Kali Linux contains a large amount of tools from various different niches of the security and forensics fields. This site aims to list them all and provide a quick reference to these tools.