evaluation of penetration testing tools of kali linux · evaluate the various penetration testing...

28 Gurdeep Singh, Jaswinder Singh

International Journal of Innovations & Advancement in Computer Science

IJIACS

ISSN 2347 – 8616

Volume 5, Issue 9

September 2016

Evaluation of Penetration Testing Tools of KALI LINUX

Gurdeep Singh Jaswinder Singh

M.Tech Student (Asst. Professor)

Dept. of Computer Engineering Dept. of Computer Engineering

Punjabi University,Patiala Punjabi University,Patiala

Abstract:

The objective of writing this research paper is to

evaluate the various penetration testing tools in KALI

LINUX used for website hacking purposes. By

examining these tools, we figure out which tools are

needed to detect the codes which cause harm to

websites.

Websites are used daily by a large part of the world’s

population to carry sensitive data from a person to an

entity with online-based presence. In websites

containing materials that are shown after

authentication only, forms transfer data containing user

credentials to server-side scripts. Users store their

credit card details in their online accounts and use

forms to buy items online, so it is crucial to keep the

integrity, confidentiality and availability of this data

intact.

Website hacking is an attack on a website that changes

the visual appearance as well as content of the site or a

webpage. These are typically the work of system

crackers, who break into a web server and replace the

hosted website with one of his own.

KALI LINUX tools worked upon are:

1) Zenmap:

Zenmap is a Port Scanner used for scanning the

open, closed and filtered ports of the target.

When Zenmap scans for the ports, it uses 3 way

tcp handshake in which firstly SYN signal is sent

to Tcp port which has some service attached to it,

for example HTTP(Port 80), SMTP(Port

25),SSH(Port 22), POP3(Port 110) etc.

Then, the server sees the SYN signal and responds

with the SYN ACK signal and Client answers it by

ACK signal. This completes the processing.

Ports scanning is basically of 3 types of ports:

1. Filtered ports: These are the ports which are

secured by the firewall itself and there is not

service running on these ports. These ports not

responded at any time to the nmap.

2. Closed Ports: Although no service is running

on these ports but firewall allows to go through it

to check the ports which means firewall doesn’t

works for these ports.

3. Open ports: Basically these are the ports

whose services are publicly accessible to anyone.

Anybody can see what services are running by

using port scanners.

Some examples of Zenmap scans performed on

websites are:

1) Tested site 1:

The screenshot shows that on this site 2 ports are

open which are:



IJIACS

ISSN 2347 – 8616

Volume 5, Issue 9

September 2016

2) Tested site 2 :

2 ports are open on this website which are:

2) Sparta (Vulnerability Scanner): Sparta is a GUI application which is used

for the penetration testing. It does scanning and

analysis of results give deeper information of

networks.

It has various features:

1. Can import nmap results directly from XML

files.

2. You can configure any type of services

according to your need in Sparta.

3. It can also define some automated tasks like

what services to run on which ports.

4. Passwords can be found by using its feature

named Hydra and are stored in internal wordlists.

5. It has also the ability to remember or mark the

networks which you have recently worked upon.

6. It has also the facility to take screenshots at

any time during the process.

Badstore.net (Sample vulnerable website for

penetration testing)

Firstly it scans the open ports and services

assigned to that ports.

Secondly we perform password attack on this site

using Hydra and 1 valid password found.

In Sparta, nikto vulnerability scanner is used to

scan the vulnerabilities in the website.



IJIACS

ISSN 2347 – 8616

Volume 5, Issue 9

September 2016

3) Burpsuite:

Burpsuite is a platform to test the security of

web apps. It helps a lot in security testing of web

applications through its vast user-driven interface.

Functioning of Burpsuite:

Because burpsuite is used aside with the web

browser. Actually, burpsuite acts as a HTTP proxy

server, from where all the http traffic passes from

the browser must pass through the burpsuite. For

this first step is to configure the browser settings

according to the burp needs.

Burpsuite attack on hackthissite.org

4) Sqlmap:

It is a tool used for sql injection technique to hack

websites database, in which sql statements are

added to exploit the website server. It is free based

penetration testing tool which has a very powerful

detection engine to fetch data and access the file

system to run commands.

Checking a demo website using google dorks for

sql injection:

5) Crunch:

It is a password guessing tool which gives us the

list of approximate passwords depending upon

how much size we give it for processing.

For example: Crunch min max

Where min is a variable which means what is the

minimum length of password we are guessing for.

Max is a variable which means what is the

maximum length of password.



IJIACS

ISSN 2347 – 8616

Volume 5, Issue 9

September 2016

6) Cewl:

Cewl is a tool that is used for crawling the website

and to gain most of the information about web

pages into the depth defined by the user. Basically,

it is designed to obtain the related words to a

particular area which may be match for passwords

of the website.

Basically two switches are mostly used in this tool:

-d (depth) and –m (Min word length)

The depth swtich determines how many pages in

depth will the Cewl crawls through the website

and –m determines the minimum word length that

is required according to the need.

Syntax is :

Cewl –w customwordlist.txt –d 5 –m 7 <website’s

name>

Example of this tool is :

Now We have the list of word stored from this site

in a text file as :

7) Nikto: Nikto is a vulnerability scanner tool which scans

various types of vulnerabilities in the websites and

on the network. It is a tool which is used as

reconnaissance for hacking websites.

The only weakness in this tool is that it is not

stealthy, i.e the websites which have security

measures can easily detect that you are scanning

them.

Synatax of nikto :

nikto –h <IP or hostname>

As in the screenshot, nikto tool is used to find out

the vulnerabilities of badstore.net website. So the

output of tool tells that in the website X-XSS-

Protection header is not defined. And also

describes the existed vulnerabilities in the website.

Like anti-clickjacking, etc.

8) Httrack: Httrack is a tool which is used to hack a

user by defacing the whole website by copying all

the contents of that website onto your hard drive.

This is a tool which completely downloads the

full website contents which when runs gives the

full picture of the original website.

Syntax:

Httrack<original site name> -O <Hard drive

location name where to stored>



IJIACS

ISSN 2347 – 8616

Volume 5, Issue 9

September 2016

After it completely downloads a website, now it is

ready to attack the victims.

Conclusion

Web applications are becoming popular and have

wide spread interaction medium in our daily lives.

But at same point many vulnerabilities explore

sensitive data. The different web application

vulnerabilities based on the security properties that

web application should be preserved. However

vulnerability assessment tools are automated one

which saves time and money and also defend the

web applications from modern threats. At the last

the new advanced security attacks are always

emerging, requires the security professional to

have positive security solution without putting

huge number of web applications at risk.

After studying various survey papers, finally it is

decided that there are so many vulnerabilities

reside on the web servers as well as web browsers.

Many tools are available online to find out these

type of vulnerabilities.

The research done on penetration testing tools

gives the evaluation that network

developer/administrator can find out what type of

vulnerabilities reside in the network. So that they

can be secured from the unauthorized access or

attacks by attackers.

References

1) Katkar Anjali S, Kulkarni Raj B, “Web

vulnerability detection and security mechanism”.

ISSN: 2231-2307, Volume 2, Issue 4, September

2012

2) Gopal R Chaudhari, Prof. Madhav V. Vaidya.

“A Survey on security and vulnerabilities of web

application”.ISSN: 0975-9646, Vol-5(2),

2014,1856-1860

3) Mr. K.Naveen.Durai, K.Priyadharsini. “A survey

on security properties and web application

scanner”, ISSN:2320-088X, Vol-3,

Issue.10,October 2014,pg.517-527

4) SwarnaprabhaPatil, Prof. Nitin Aggarwal. “Web

security attacks and injection-A survey”,

ISSN:2278-7763,Vol-4, Issue.2,February-2015

5) KartikeyAggarwal,Dr. Sanjay Kumar Dubey.

“Netwrok security: Attacks and Defence”, Volume-

1, Issue 3,August 2014

6) Ailin Zeng. “Discussion and research of computer

network security”,ISSN:0975-7384, Vol-6(7),

pg.780-783,2014

7) Jie Shan. “Analysis and research of computer

network security”, ISSN:0975-7384,Vol-

6(7),pg.874-877,2014

evaluation of penetration testing tools of kali linux · evaluate the various penetration testing...

Documents