Kali Linux is a rolling distribution, that means it continuously updates in all areas of the operating system, including the Linux kernel, the desktop environment, all utilities and all applications. So we need to update it frequently to stay updated always.

Not only that, due to update regularly some old packages of applications are kept on our system as a junk. These older files are not so much harmful but they might slow down our system. So we need to clean them on regular basis.

Updating & Upgrading Kali Linux

There are various types of updates we can do like normal update, full upgrade, distribution upgrade.

Updating Kali Linux

Update can be simply done by following command:

sudo apt update -y

The above command will update the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the Kali Linux repositories. As we can see in the following screenshot:

In the above screenshot we can see that we have already updated our system. One thing to remember that this updates the list of available packages and their versions, but it does not install or upgrade any packages. We can actually install them by using upgrade.

Upgrading Kali Linux

Where update updates the list of available packages but didn’t install them, upgrade actually installs newer versions of the packages we have. After updating the lists, the package manager knows about available updates for the software you have installed. That’s why we need to run update before upgrading.

To upgrading Kali Linux we need to run following command on our Kali Linux system:

sudo apt upgrade -y

As we can see in the following screenshot:

In the above screenshot we can see that the upgrade is running. It will take some time depending our internet connection and system performance. Unlike Windows we can cancel it anytime and resume it by applying the same command.

Where sudo apt upgrade -y command installs all and doesn’t remove any packages and skips upgrading old packages if removal is needed, sudo apt full-upgrade -y command removes old packages if needed to perform the upgrade of packages to their latest versions.

sudo apt full-upgrade -y

The output of the above command shown in the following screenshot:

sudo apt full-upgrade can be run after sudo apt update -y command but sudo apt update -y is considered more safe then sudo apt full-upgrade -y command. But anyways don’t panic it doesn’t harm our system badly. To know the very detailed difference in these commands please read this article.

Similar to sudo apt-get upgrade command, the sudo apt-get dist-upgrade also upgrades the packages. In addition to this, it also handles changing dependencies with the latest versions of the package. It intelligently resolves the conflict among package dependencies and tries to upgrade the most significant packages at the expense of less significant ones, if required. Unlike sudo apt-get upgrade command, the sudo apt-get dist-upgrade is proactive and it installs new packages or removes existing ones on its own in order to complete the upgrade.

sudo apt dist-upgrade -y

The above command will upgrade our distribution totally.

Cleaning Kali Linux

We can clean our no-longer needed packages by using following command on our Kali Linux terminal:

sudo apt autoremove -y

In the following screenshot we can see the output of this command.

In the above screenshot we can see that 19 MB of our disk space is cleared and some packages are removed. Use of this command is safe and should not cause problems.

Each program update, package files are downloaded to the package cache. After the update, downloaded files (you can call them installation files) are not deleted, and gradually the package cache grows to large sizes. This was done intentionally with the idea that if after the next update you find that the new package has problems and the old version is no longer available in the online repository, then you can roll back to the old version by installing it from a file saved in the package cache.

For rolling distributions, the cache grows very quickly, and if we are not qualified enough to roll back to the old version using the installation package which is stored in the cache, then for you these hundreds of megabytes or even several gigabytes are a waste of space on our hard drive. Therefore, from time to time we can execute following commands:

sudo apt autoclean -y

sudo apt clean -y

The sudo apt clean -y command cleans the local repository from received package files. It removes everything except the lock file from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/.

Like sudo apt clean -y command, sudo apt autoclean -y cleans downloaded package files from the local repository. The only difference is that it only removes package files that can no longer be downloaded and are largely useless.

This allows us to maintain the cache for a long period without growing too much.

The following command is not directly related to cleaning, but helps maintain our Kali Linux system health.

sudo apt install -f -y

The -f or –fix-broken flag tries to make normal a system by repairing broken dependencies. This option, when used with install/remove, may skip any packages to allow APT to find a likely solution. If packages are listed, this should completely fix the problem.

This is everything to this article, hope now we got a clear idea about “How to update Kali Linux” and “How to clean Kali Linux”.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

In cybersecurity and digital forensics field metadata of files is very important. We can get various information from metadata in files. This metadata may help us to get much more insider information while we are doing forensics testing. Also if we think about our privacy then metadata can harm our privacy in that case we can remove our metadata also.

In this detailed guide we are going to discuss about how we can read and remove metadata of any files using Kali Linux.

To view and remove metadata on Kali Linux (or any other Linux), we need to install mat2 program. Mat2 (Metadata Anonymisation Toolkit 2) is a command-line metadata removal tool, supporting a wide range of commonly used file formats, written in python3. To install it on our system we need to apply following command on our Terminal:

sudo apt install mat2

In the following screenshot we can see that mat2 is installing on our system. It is not so large (under 25MB) package and the installation time will depends on our internet connection speed and system performance.

After the installation is finished we can check the help of mat2 by using following command:

mat2 -h

In the following screenshot we can see the help of mat2.

Now we can read the help options to know all the works of this tool. As we can see there is a -s flag, which can show us harmful metadata detectable by mat2 without removing them. Lets use it.

Mat2 can view and remove metadata from files so we need files to perform it. Here we have an downloaded image which contains metadata. We had saved the image on our Desktop (home/kali/Desktop/IMG_20201007_102037.jpg ).

To view it’s metadata we can use following command:

mat2 -s /home/kali/Desktop/IMG_20201007_102037.jpg

In the following screenshot we can see the metadata of this image with various useful information:

Now if we want to remove these metadata this file we need to enter following command on our terminal:

mat2 <location/of/file>

In the following screenshot we can see that it is done.

Here the old files will remain unchanged, but new files will be created with the string .cleaned in the name and completely cleared metadata. As we can see in the following screenshot.

Now we can check if the there any metadata in the new cleaned file by using following command:

mat2 -s /home/kali/Desktop/IMG_20201007_102037.cleaned.jpg

In the following screenshot we can see that the new file (.cleaned) did not contain any kind of metadata.

Total process of removing metadata

This is how we can remove metadata of any file (not only images), if we need to clear metadata of all files in any particular folder then we can simply enter following command:

mat2 /home/kali/Desktop/*

The above command will remove metadata from all files on our Desktop. If we want to clear metadata of files in other folders then we need put that directory with * . And it will create new .cleaned file for every old files, the .cleaned files will not contain any metadata.

This is all bout how we can clear or remove metadata from any files on our Kali Linux system.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Hiring React.js developers for your tech project can be a tough job because it’s one of the most popular JavaScript frameworks in the world. Facebook, Uber, Airbnb, Netflix, PwC, Amazon, Twitter, Udemy, and nearly 9,000 others worldwide use it for web, desktop, and mobile apps. To hire React programmer, you need to challenge the competition, and as you can imagine, the talent pool isn’t infinite. In this article, we will show you where to hire React js developer for your business.

React js is popular, and it is here to stay

When the latest StackOverflow survey appeared, the statistics were more than clear: React js has conquered the category “Web Frameworks”. React is a high-performance JavaScript framework. Its simple, component-based architecture allows developers to be more productive and code faster. The framework’s minimal API is focused on solving performance issues, enabling lightning-fast rendering speeds with a small overall footprint.

Where to find React js developers for hire

There are many ways to hire React js developers. Some of them are cheaper, others – more efficient. After all, it all depends on the project size and the budget.

Job sites

You can hire React js developers from a job site. When hiring React developers, know that the job seekers who want to work in the office are often eligible to receive better benefits. However, this isn’t always the case when hiring remotely. Remote staff members typically don’t have access to company benefits like healthcare, which is why they’re typically less expensive to hire.

Freelance platforms

Freelance platforms provide a great way to find a large pool of React JS developers at a low cost. Freelancers might not have the same company loyalty as full-time employees, but most will be able to produce results that meet or exceed hiring a full-time employee. Finding a quality freelancer on any of these platforms takes time and effort — make sure you browse all of your options before hiring anyone! When you employ someone, remember they’re working for money — and if they think they’ll get more elsewhere, they’ll leave.

Hire React programmer for an outstaffing agency

Outstaffing agencies are the best of both worlds. They have all the resources of a full-fledge company while cutting down on other expenses that would take a toll on your budget. Their big talent pools, excellent management, and other resources help companies achieve their goals without breaking the bank.

Skills that you should look for when hiring React js developer

• Ability to work on other Javascript libraries — You have various options when hiring React developers, but what you want is someone with experience in the Javascript ecosystem. That way, they won’t need to spend time and energy learning all of the intricacies of your library — they can dive right in and start delivering value.
• In-depth knowledge of React Js framework — One of the must-haves for developers is understanding React js concepts. Using JSX, understanding the component lifecycle, and working with the virtual DOM are necessary skills that every good developer should have. These abilities will get you started quickly on your projects.
• Ability to write good code — React js developers who want to create polished products should be familiar with the Google JavaScript Style Guide so they can follow the correct standard. This will help keep code readable, consistent, and scalable on large projects.

While a React js developer might have the skillset to build a functional prototype, a good React js developer will be able to collect business requirements and turn them into a set of technical specs. Communication skills are important for this, as well as their ability to work in a team. In addition to creativity and the desire to learn, any success in this role will also depend on their problem-solving skills.

In conclusion

It is not an easy task to hire React programmer. Finding a great React js developer takes a lot of time and effort — but you don’t have to work with a remote freelancer or a company, or a person from a different part of the world. A trusted technology partner knows everyone in the development community, so they can help you find your ideal hire.

In our some previous articles we discussed about some penetration testing labs, like PentestLab , DVWA where we can practice and improve our attacking skills. In today’s article we are going to discuss about how to set SQLi lab on Kali Linux to test our SQL Injection skills. Advanced SQL Injection is still a major bug can be found on various sites. That because still learning and growing SQL Injection skills are profitable for cybersecurity experts and bug bounty hunters.

For this lab setup we are going to use SQLi_Edited, this is a upgraded fork of sqli-labs (Dhakkan Labs). Before cloning it from GitHub let we move to our /var/www/html directory, we are going to clone it there to make things easy.

cd /var/www/html

Here we need to clone the repository from GitHub by using following command:

sudo git clone https://github.com/Rinkish/Sqli_Edited_Version

In the following screenshot we can see that this repository is successfully cloned to the directory.

Now we can go inside this directory by using following command:

cd Sqli_Edited_Version

Here we use ls command to see all the files, as we can see in the following screenshot:

Here we can see the directory named “sqlilabs“, Now we move it on the previous directory and rename it for easy to open by applying following command:

sudo mv sqlilabs/ ../sqli

Then we back to our previous directory by using following command:

cd ..

We can see the process in the following screenshot:

Now we need to edit database credential file named “db-creds.inc“, which is located under “sqli/sql-connections/db-creds.inc” and put our user name and password for database. To edit it we are going to use infamous Linux text editor nano.

sudo nano sqli/sql-connections/db-creds.inc

In the following screenshot we can see the default configuration of it, where the database user is root and database password is blank.

Now we modify this as per our Kali Linux system user, here we are using user “kali” and we can also choose a password as we want, as shown in the following screenshot:

Now we save and close it by typing CTRL+X, then Y, then Enter ↲.

Now we need to setup our mySQL database for our Kali Linux system. MySQL comes preloaded with Kali Linux. We need to open up our MariaDB as root user by using following command:

sudo mysql -u root

Then we need to create our user with password, in our case our user will be ‘kali‘ and password will be ‘1234‘. So the command for us will be following:

CREATE USER 'kali'@'localhost' IDENTIFIED BY '1234';

Now our user is created as we can see in the following screenshot:

Now we need to grant all permission to user ‘kali‘ by using following command:

GRANT ALL PRIVILEGES ON *.* TO 'kali'@'localhost';

The screenshot of the above command is following:

Database setup is done, now we can exit from MariaDB by using CTRL+C keys and run following command to start our MySQL services:

sudo service mysql start

Our setup is almost complete now we need to run our apache2 server (comes pre-loaded with Kali). We start our Apache2 web server by using following command:

sudo service apache2 start

Now our web server is running, we can see it by navigating to localhost/sqli URL from our browser. Our SQL Injection lab will open in front of us as we can see in the following screenshot:

Here for the very first time we need to ‘Setup/reset database for labs’. After clicking there our database setup will start as we can see in the following screenshot:

Now a page will open up in our browser which is an indication that we can access different kinds of Sqli challenges, as we can see in the following screenshot:

Here we can solve various types of SQL injection challenges, by solving them our SQL Injection skill will be improved. For an example, to start the basic SQL Injection challenge we need to click on Lesson 1.

This is all for this article. We had learnt how we can set up SQL Injection labs on our Kali Linux system and practice our SQL Injection skills from basics to advance.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Hashcat is an advanced free (License: MIT) multi-threaded password recovery tool and it is world’s fastest password cracker and recovery utility, which supports multiple unique attack modes of attacks for more than 200 highly optimized hashing algorithms. Hashcat currently supports CPUs and GPUs and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

Hashcat comes pre-installed on our Kali Linux system, So we don’t need to install it, but if installation is required we can use sudo apt install hashcat command.

Features of Hashcat

• World’s fastest password cracker.
• World’s first and only in-kernel rule engine.
• Free and open source.
• Multi-OS (Linux, Windows and macOS).
• Multi-Platform (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime).
• Multi-Hash (Cracking multiple hashes at the same time).
• Multi-Devices (Utilizing multiple devices in same system).
• Multi-Device-Types (Utilizing mixed device types in same system).
• Supports password candidate brain functionality.
• Supports distributed cracking networks (using overlay).
• Supports interactive pause / resume.
• Supports sessions.
• Supports restore.
• Supports reading password candidates from file and stdin.
• Supports hex-salt and hex-charset.
• Supports automatic performance tuning.
• Supports automatic keyspace ordering markov-chains.
• Built-in benchmarking system.
• Integrated thermal watchdog.
• 350+ Hash-types implemented with performance in mind.
• … and much more.

Hashcat offers multiple unique attack modes for cracking passwords. Those are following: 

• Brute-Force attack
• Combinator attack
• Dictionary attack
• Fingerprint attack
• Hybrid attack
• Mask attack
• Permutation attack
• Rule-based attack
• Table-Lookup attack
• Toggle-Case attack
• PRINCE attack

Now without wasting any more time lets dive into Hashcat.

Hashcat on Kali Linux

As we told Hashcat comes pre-installed with a Kali Linux and it is multi-threaded so first let we benchmark our system by using following command:

hashcat -b

In the following screenshot we can see the benchmark of our system and get an idea how it can perform while cracking various types of hashes.

Here we can get an idea about the performance of our system. Let’s run this tool to crack some hashes. Here we have collected some hashed on a text file. For educational purposes we just generated these hashed not collected from any website’s database.

Now we can crack these using Hashcat, and store the output in a craced.txt file by applying following command:

hashcat -m 0 -a 0 -o cracked.txt hashes.txt /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Let’s discuss about the above command, in this command we have used -m flag to specify the hash type, -a for attack mode and -o for output file, here we named our output file ‘cracked.txt’, then we give the target hash file to crack named ‘hashes.txt’, at last we specify the wordlist file to be used. In the following screenshot we can see that hashcat finishes the cracking job.

Let’s see our output file (cracked.txt).

In the above screenshot we can see that hashcat cracked the hashes. Here for the new readers, in this attack mode we can crack those password hashes if the plaintext of the hashes is available in the wordlist file. Using bigger wordlist file will increase the chance to crack hashes.

Hashcat & Type of Hashes & Attacks

In the above we saw that we need to specify our attack modes and type of hashes we want to crack. These attack modes and hashes are refereed by numbers. Here we are giving hashcat supported all numbers that referees to the attack modes and the type of hashes (as Sep 2021, update of Hashcat tool may include some new things).

Attack Types of Hashcat

  0 | Straight
  1 | Combination
  3 | Brute-force
  6 | Hybrid Wordlist + Mask
  7 | Hybrid Mask + Wordlist

Hash types in Hashcat

Hashcat supports so much types of hashes if we include all them here then this article will very lengthy. We encourage to use hashcat – h command on our Kali Linux system to get all the numbers corresponding to the hash type (Uff.. It’s really large ?).

Whenever we are trying to crack a hash we have to know the type of the hash. We can use hash-id tool to know the type of hash. Then we need to choose our attack type and wordlist. That’s all it’s not hard.

This is all about Hashcat, and how we can use Hashcat to crack passwords on our Kali Linux. Hashcat (#?) is really a very widely used tool for cracking passwords.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

What is Ngrok ?

Ngrok is a multi-platform application that provides us to forward our local development server to the internet without port forwarding. Ngrok hosts our locally hosted web server in to a subdomain of ngrok.com. That means we can easily show our localhost in the internet without owning domain names/static IP or port forwarding.

Ngrok is a very good tool for the developers to check and show the projects to the clients before launching the project. But as everything it also be misused by the bad guys. They always trying to host their localhost phishing page on Ngrok to capture victims on the internet. So as a cybersecurity expert we need to look up on this Ngrok.

Warning:- Learning is the most beneficial way to protect everyone in the cybersecurity field, so our this article will focus on educational things. Ngrok is like a knife, knife is created for helping people to cut vegetables, but bad guys misuse it. Same for Ngrok also, it is created to help developers but bad guys misuse it. So don’t try to misuse it against anyone. We will not responsible for that.

Download & Configure Ngrok on Kali Linux

To install Ngrok on our Kali Linux system we need to open our browser and navigate to the official Ngrok’s download page. Then we can see the webpage like the following screenshot:

Here we need to click on “Download for Linux”, because we are using Linux. For other OS we can go on the “More Options”. After clicking on download we can see that download is started.

After download the starting it may not take much time with decent internet. The ZIP file will be downloaded on our “Downloads” directory. We need to go to the “Downloads” directory and decompress the compressed file.

We open the terminal and use following command to go to our “Downloads” directory.

cd Downloads

Then we unzip the downloaded ZIP file by using following command:

unzip ngrok-stable*zip

In the following screenshot we can see that our zip compressed file is extracted.

Now our ngrok file is decompressed. Before running it we need to give it executable permission by using following command:

chmod +x ngrok

Now we are all set to run. But wait, we need to setup Ngrok before running. We need to set authentication with Ngrok API token. Where I can get my token? Well for that we need to sign up on Ngrok website. Lets navigate to Ngrok signup page on our browser.

Here we need to fill up our name and email and choose a password. If we want we can use disposable mail address to login and verify our mail address we don’t need to give our own mail address.

After verifying our mail address we can get the API token on the “Your Authentication” area on the sidebar, as we can see in the following screenshot:

In the above screenshot we can see our Ngrok authentication API key and the command to set it up. For security we had hided a part of our API keys. So we run the command with API key to set up the Ngrok.

./ngrok authtoken 1xyqb*****************25PTTHqMpHqB

In the above command again we hided our the same API key with *. In the following screenshot we can see the output of the command:

Now we are all set to run Ngrok. For an example we forward a locally hosted demo website to the internet.

Using Ngrok on Kali Linux

Ngrok’s work is simple it just host our local website to internet. So first we need a local website. Here we have a demo html page on our desktop, and we had opened it on Firefox browser.

But it is just a html page we need to host it locally. For that, we need to run a localhost server on our desktop. We open another terminal and go to the directory where our html page is stored. Then run python localhost server there to host the html page on our localhost by using following command:

sudo python3 -m http.server 80

In the following screenshot we can see that our local web server is started:

Now we can check it by opening our localhost IP on our browser 127.0.0.1. In the following screenshot we can see that page is now accessible by using our local host IP (127.0.0.1).

Now this is accessible from our computer by using localhost IP (127.0.0.1), and from devices on the same network by using our Local IP (IP assigned by router for our Kali Linux system). But it isn’t available for other network, because this web server isn’t hosted on internet.

Now we leave our web host terminal as it is, and back to our previous terminal window (where we setup Ngrok), and run the following command to run Ngrok:

./ngrok http 80

Here we run the Ngrok script on http with port number 80, because our localhost server is running on port 80. (If we can’t use the localhost port 80 then we can use other ports like 8080 or 8888, in that case we need to specify our that port on Ngrok).

After that we can see our Ngrok is started as we can see in the following screenshot:

In the above screenshot we can see our forwarding link. Using that forwarding link (in actual links both http and https) we can see our that page from our browser.

Not only from our browser we can access it from anywhere on the internet by the link provided by Ngrok.

We can see that page on our mobile which is connected to mobile data (not in our WiFi network). This link will be active until we don’t close the Ngrok tunnel, but in real life uses Ngrok can’t run this for a long time in their free plan. It can be a temporary solution.

This is how we can use Ngrok on Kali Linux, this is the solution for hosting our local website or web server on the internet. Here we don’t need a static IP address neither requires port forwarding.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Nmap comes pre-installed with Kali Linux. Not just Kali Linux Nmap comes pre-installed with every security focused operating system. We have already discussed how to use Nmap for active reconnaissance in our previous article “NMAP — The Network Mapper“.

But cybersecurity experts don’t just use Nmap for scanning ports and services running on the target system, Nmap also can be used for vulnerability assessment and much more using NSE (Nmap Scripting Engine).

The Nmap Scripting Engine (NSE) has revolutionized the possibilities of a port scanner by allowing users to write scripts that perform custom tasks using the host information collected by Nmap. As of September 2021, when we are writing this article, Nmap has over 600+ scripts on Nmap version 7.91.

Penetration testers uses Nmap’s most powerful and flexible features, which allows them to to write their own scripts and automate various tasks. NSE (Nmap Scripting Engine) was developed for following reasons:

• Network Discovery:- This is the primary purpose that most of the people utilize Nmap for network port discovery, which we had learned in our “Nmap – The Network Mapper” article.
• Classier version detection of a service:- There are tons of services with multiple version details for the same service, so Nmap makes it more easy to identify the service.
• Backdoor detection:- Some of the Nmap scripts are written to identify the pattern of backdoors. If there are any worms or malicious program infecting the network, it makes the attacker’s job easy to short down and focus on taking over the machine remotely.
• Vulnerability Scanning:- Pen testers also uses Nmap for exploitation in combination with other tools such as Metasploit or write a custom reverse shell code and combine Nmap’s capability with them for exploitation.

Before jumping in to finding vulnerabilities using Nmap we must need to update the database of scripts, so newer scripts will be added on our database. Then we are ready to scan for vulnerabilities with all Nmap scripts. To update the Nmap scripts database we need to apply following command on our terminal window:

sudo nmap --script-updatedb

In the following screenshot we can see that we have an updated Nmap scripts database.

Now we are ready to scan any target for vulnerabilities. Well we can use following command to run all vulnerability scanning scripts against a target.

nmap -sV --script vuln <target>

As we can see in the following screenshot:

When we are talking about Nmap Scripts then we need to know that, not only vulnerability scanning (vuln) there are lots of categories of Nmap scripts those are following:

• auth: This categorized scripts related to user authentication.
• broadcast: This is a very interesting category of scripts that use broadcast petitions to gather information. 
• brute: This category is for scripts that help conduct brute-force password auditing.
• default: This category is for scripts that are executed when a script scan is executed ( -sC ).
• discovery: This category is for scripts related to host and service discovery.
• dos: This category is for scripts related to denial of service attacks.
• exploit: This category is for scripts that exploit security vulnerabilities.
• external: This category is for scripts that depend on a third-party service. 
• fuzzer: This category is for Nmap scripts that are focused on fuzzing.
• intrusive: These scripts might crash system by generate lot of network noise, sysadmins considers it intrusive.
• malware: This category is for scripts related to malware detection.
• safe: This category is for scripts that are considered safe in all situations.
• version: This category is for NSE scripts that are used for advanced versioning.
• vuln: This category is for scripts related to security vulnerabilities.

So we can see that we can do various tasks using Nmap using Nmap Scripting Engine scripts. When we need to run all the scripts against single target we can use following command:

nmap -sV --script all <target>

In the following screenshot we can see that all scripts are using against one target, but here every script will run so it will consume good amount of time.

That is all for this article. We will back again with Nmap. Hope this article helps our fellow Kali Linux users. Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Identifying open ports on a target system is extremely important step to defining the attack surface of a target system. Open ports correspond to the networked services that are running on a system. Programming errors or implementation flaws can make these services susceptible to security and it also may cause compromise entire system. to work out the possible attack vectors, we must first enumerate the open ports on all of the remote systems.

These open ports correspond to services which will be addressed with either UDP or TCP traffic. Both TCP and UDP are transport protocols. Transmission Control Protocol (TCP) is that the more widely used of the 2 and provides connection-oriented communication. User Datagram Protocol (UDP) may be a non connection-oriented protocol that’s sometimes used with services that speed of transmission is more important than data integrity.

The penetration testing method used to determine these services is called port scanning. In our this article we are going to cover some basic theory about the port scanning then we can easily understand the work methodology of any port scanner tools.

UDP Port Scanning

Because TCP may be a more widely used transport layer protocol, services that operate over UDP are frequently forgotten. Despite the natural tendency to overlook UDP services, it’s absolutely critical that these services are enumerated to accumulate an entire understanding of the attack surface of any given target. UDP scanning can often be challenging, tedious, and time consuming. within the next article we’ll cover the way to perform a UDP port scan in Kali Linux. to know how these tools work, it’s important to know the 2 different approaches to UDP scanning which will be used.

In the first method, is to rely exclusively on ICMP port-unreachable responses. this sort of scanning relies on the idea that any UDP ports that aren’t related to a live service will return an ICMP port-unreachable response, and a scarcity of response is interpreted as a sign of a live service. While this approach are often effective in some circumstances, it also can return inaccurate leads to cases where the host isn’t generating port-unreachable responses, or the port-unreachable replies are rate limited or they’re filtered by a firewall.
In the second method, which is addressed within the second and third recipes, is to use service-specific probes to aim to solicit a response, which might indicate that the expected service is running on the targeted port. While this approach are often highly effective, it also can be very time consuming.

TCP Port Scanning

In this article, many different methods to TCP scanning will be covered. These methods include stealth scanning, connect scanning, and zombie scanning. To understand how these scanning techniques work, it is important to understand how TCP connections are established and worded. TCP is a connection-oriented protocol, and data is only transported over TCP after a connection has been established between two systems. The process associated with establishing a TCP connection is often referred to as the three-way handshake. This name alludes to the three steps involved in the connection process. The following diagram shows this process in a graphical form:

From the above picture we can see that a TCP SYN packet is sent from the device that wishes to establish a connection with a port of the device that it desires to connect with. If the service associated with the receiving port grants the connection, it will reply to the requesting system with a TCP packet that has both the SYN and ACK bits activated. The connection is established that time when the requesting system responds with a TCP ACK response. This three-step process (three-way handshake) establishes a TCP session between the two systems. All of the TCP port scanning techniques will perform some varieties of this process to identify live services on remote hosts.

Connect scanning and stealth scanning both are quite easy to know . Connect scanning wont to establish a full TCP connection for each port that’s scanned. that’s to mention , for each port that’s scanned, the complete three-way handshake is completed. If a connection is successfully established, the port is then seems to be open.
In the case of stealth scanning doesn’t establish a full connection. Stealth scanning is additionally referred as SYN scanning or half-open scanning. for every port that’s scanned, one SYN packet is shipped to the destination port, and every one ports that reply with a SYN+ACK packet are assumed to be running live services. Since no final ACK is shipped from the initiating system, the connection is left half-open. this is often mentioned as stealth scanning because logging solutions that only record established connections won’t record any evidence of the scan. the ultimate method of TCP scanning which will be discussed during this chapter may be a technique called zombie scanning. the aim of zombie scanning is to map open ports on a foreign system without producing any evidence that you simply have interacted thereupon system. The principles behind how zombie scanning works are somewhat complex. perform the method of zombie scanning with the subsequent steps:

• Identify a remote system for our zombie host. The system should have the some characteristics, they are following:

1. The system need to be idle and does not communicate actively with other systems over the network.
2. The system need to use an incremental IPID sequence.

• Send a SYN+ACK packet to this zombie host and record the initial IPID value.
• Send a SYN packet with a spoofed source IP address of the zombie system to the scan target system.
• Depending on the status of the port on the scan target, one of the following two things will happen:

1. If the port is open, the scan target will return a SYN+ACK packet to the zombie host, which it believes sent the original SYN request. In this case, the zombie host will respond to this unsolicited SYN+ACK packet with an RST packet and thereby increment its IPID value by one.
2. If the port is closed, the scan target will return an RST response to the zombie host, which it believes sent the original SYN request. This RST packet will solicit no response from the zombie, and the IPID will not be incremented.

• Send another SYN+ACK packet to the zombie host, and evaluate the final IPID value of the returned RST response. If this value has incremented by one, then the port on the scan target is closed, and if the value has incremented by two, then the port on the scan target is open.

The following image shows the interactions that take place when we use a zombie host to scan an open port:

To perform a zombie scan, an initial SYN+ACK request should be sent to the zombie system to work out the present IPID value within the returned RST packet. Then, a spoofed SYN packet is shipped to the scan target with a source IP address of the zombie system. If the port is open, the scan target will send a SYN+ACK response back to the zombie. Since the zombie didn’t actually send the initial SYN request, it’ll interpret the SYN+ACK response as unsolicited and send an RST packet back to the target, thereby incrementing its IPID by one.

Finally, another SYN+ACK packet should be sent to the zombie, which can return an RST packet and increment the IPID another time. An IPID that has incremented by two from the initial response is indicative of the very fact that each one of those events have transpired which the destination port on the scanned system is open. Alternatively, if the port on the scan target is closed, a special series of events will transpire, which can only cause the ultimate RST response IPID value to increment by one.
The following picture is an demo of the sequence of events comes with the zombie scan of a closed port:

If the destination port on the scan target is closed, an RST packet are going to be sent to the zombie system in response to the initially spoofed SYN packet. Since the RST packet solicits no response, the IPID value of the zombie system won’t be incremented. As a result, the ultimate RST packet returned to the scanning system in response to the SYN+ACK packet will have the IPID incremented by just one .

This process are often performed for every port that’s to be scanned, and it are often wont to map open ports on a remote system without leaving any evidence that a scan was performed by the scanning system.

This is how port scanning methods works. In this article we tried to do something different, this is not about any tool but if we are using Kali Linux or we are in cybersecurity field then we should have some technical knowledge. Hope this article also get love. This is all for today.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.