Ethical Hacking Tools

Dear Readers,

When performing penetration testing or hacking, we may need to automate our operations because there may be hundreds of conditions and payloads to test, and testing them manually can be time-consuming. In this edition, we decided to focus on the most popular and effective tools available in the Kali Linux system. 

We start with an amazing article Running Kali Linux on an M1 Mac. There are several options to run Kali Linux on an M1 Mac OS device and in this tutorial the author focused on an open-source application called UTM. Once we set up our lab we can start using our tools! 

We have two tutorials about two information-gathering tools: Recon-Ng and Autorecon. If the reconnaissance phase is what you are looking for, those two articles are perfect for you! 

If you prefer something with an offensive approach, you must read the tutorial about GoBuster. This tool is used to brute-force URIs (directories and files) in websites, DNS subdomains (with wildcard support), Virtual Host names on target web servers, and Open Amazon S3 buckets. Sounds great right? 

For OSINT fans we have an introductory article about Holehe. This tool allows you to check if the mail is used on different sites like Twitter, Instagram and will retrieve information on sites with the forgotten password function. 

Introduction to SQLMap tool will show you how to automate the process of detecting and exploiting SQL injection flaws and taking over database servers.

We have two articles about Metasploit. The first one is focused on general information and its usage. In the second one, you will learn how to perform the SYN flood attack with Metasploit. 

But that’s not all! We have an article about Breach and Attack Simulator and Understanding Internet of Things Malware. 

As you can see, this month’s issue is full of tutorials that will help you up your hacking skills! We hope you’ll find something that suits your needs best! We would also like to send gratitude to our contributors, reviewers, and proofreaders, who helped us create this issue!

Stay safe and enjoy!

Hakin9 Editorial Team

---

TABLE OF CONTENTS

---

Running Kali Linux On An M1 Mac

Erik Santana

Mac OS has been my operating system of choice for many years. It is my favorite way of running a virtualized instance of Kali Linux when performing pentesting work. Previously, with Intel Macs, virtualizing X86_64 operating systems was a very easy task. You could run most X86_64 versions of Windows and Linux as a virtual machine (VM) or inside a separate partition. Now, with Apple's latest change in CPU architecture (Apple Silicon), only ARM (Advanced RISC Machines) based operating systems can be virtualized in Mac OS. This limits the way we can run Kali Linux on the new M1 Macs. There are several options to run Kali Linux on an M1 Mac OS device. I will be focusing on an open-source application called UTM. This is a step-by-step guide on how to run Kali Linux on an M1 Mac using UTM.

---

GoBuster - Brute Force Tool For Hackers

Michael Sommer, Thorn Deil

Gobuster is a brute force tool that can be used for different use cases within pentests or bug bounty programs. One of Gobuster's strengths is brute-forcing directories and files on web servers. Another use case is the brute-forcing of subdomains. There is also the possibility to identify s3 buckets and VHOSTs. In the current version of Gobuster, at the time of writing this article, it was version 3.1, the fuzzing mode has been added. In this article, all modes of Gobuster are presented and explained with practical examples. Gobuster is developed in the Go programming language by OJ Reeves and Christian Mehlmauer. The project has about 6200 stars on GitHub and quite a few supporters.

---

Introduction To Recon-Ng Tool

Atlas Stark

There are tools we use in the industry that are extremely effective and wildly popular, however, there are some tools that seem to only be popular among security professionals. I feel that one of those tools is recon-ng from Black Hills Information Security. Recon-ng is a tool I use with my students quite a bit because it has a Metasploit type feel to it and is extremely useful when teaching newcomers how to navigate within a framework, which can be a bit overwhelming in the beginning. I say hats off to the team at BHIS for producing a quality and approachable product. I am sure that by the end of this article you will have discovered a new tool to add to your arsenal of useful tools.

---

AutoRecon: Your Network Reconnaissance Gathering Automation Tool

Greg Thomas

AutoRecon as the name implies, is an automated network service enumeration tool based on Python that, at its heart, automates the process of running Nmap and then takes this one step further by running specific tools against specific services. AutoRecon is open source and free to use. The results are all gathered under a folder on your attack machine. From here you can find all the commands used for each tool, the results, and screenshots, which can be used in reports or to re-run specific commands if needed.  This article is a beginner’s guide on getting started with AutoRecon; there are many options available that won’t be discussed and are left to the reader to try out in their own time.

---

Holehe - Efficiently Finding Registered Accounts From Emails

Jeff Minakata

In this article, we will be taking a look at the program HOLEHE and installing it on our Kali Linux computer. HOLEHE is an easy-to-use Python3 program that will take an email address and allow us to quickly and easily check if that email was used on over 120 different sites. HOLEHE does this by retrieving the information from the forgotten password function.

---

An Introduction To SQLMap

Jomon Thomas Lobo

This tutorial is intended for cyber security beginners with basic knowledge of SQL and Web Application working. This tutorial intends to give a basic understanding of how to perform an SQL Injection attack using SQLMap. As an example, I will provide the step by step process of SQL Injection using a query string.

---

All You Need To Know About Breach and Attack Simulator

Jesus Garcia

The purpose of this article is to explore some aspects of Breach & Attack Simulation (BAS) solutions that are overlooked, or perhaps underexplained, by many of their vendors. To make an accurate decision when purchasing this type of security solution, it is important to know these aspects to ensure that you are getting the most value and security from your validation processes.

---

SYN Flood Attack Launched Through Metasploit

Vinesha Selvarajah

Kali Linux is a well-known operating system used by unethical and ethical hackers out there performing their hacks to the victim or performing pen-testing. And there is a tool that used in Kali Linux to perform the SYN flood attack; the tool is Metasploit framework, which is also a well-known penetration testing framework that is currently used by all professional ethical hackers and also the unethical hackers because it is easier to use and it is a command-line interface, which is more professional compared to the tools that have a graphical user interface. Hackers can easily launch the SYN flood attack if the hackers know the IP address of the victim machine and send all the SYN packets to the victim machine to jam the victim machine.

---

Penetration Testing Using Metasploit Framework

Saju Mohanan

Ethical Hacking enables consumers and companies to investigate the vulnerability in their infrastructure and their networks to take appropriate steps to secure their networks and systems from illegal and malicious attacks. It further protects networks and processes by recognizing common vulnerabilities and enabling them to take appropriate safeguards. In the research paper, we have discussed the Ethical Hacking and Penetration Testing process and practical experiments to brief fresh researchers and students on the deployment and use of the Metasploit framework as a student-centred learning approach. We have performed both server-side and client-side exploitations to understand the process. We have used the Kali Linux Operating System (OS) tool to complete these ethical hacking and penetration testing. In the end, we have proposed mitigation measures and security enhancements to resist hacking attacks.

---

Understanding Internet of Things Malware

Hisham Alasmary

In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet that play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2,423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. For the masked IP addresses, we examine the Classless Inter-Domain Routing (CIDR) networks accumulating to more than 100 million (≈78.2% of total active public IPv4 addresses) endpoints. Our investigation from four different perspectives provides profound insights into the role of endpoints in IoT malware attacks, which deepens our understanding of IoT malware ecosystems and can assist future defenses.