We all know that cracking passwords are very important in cybersecurity field. Then ever we thinks for password cracking we either need to do dictionary attack or brute-force. But, if the password didn’t in our password list dictionary attack will not work and brute-force takes too much time to crack a password (sometimes even more than a decade).

Trying to solve this problem of brute-force password generator a tool is there by the makers of HashCat (well known password cracking tool). This tool named as MaskProcessor. Now what MaskProcessor do? It is a high-performance word generator with a per-position configurable charset, which tries all combinations from a given keyspace just like in Brute-Force attack, but more specific. Then how it is different from brute-force attack?

MaskProcessor is Faster Than Brute-Force

The reason for doing this and not to stick to the traditional Brute-Force is that we want to reduce the password candidate keyspace to a more efficient one.

Here is a single example. We want to crack the password: Julia1984

In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13,537,086,546,263,552) combinations. Lets suppose we crack with a rate of 100M/s, this requires more than 4 years to complete.

In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 522626262610101010 (237,627,520,000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.

We can see the difference that how MaskProcessor can reduce our efforts. It just guessing the pattern of password and make a very shorter list for a quick job. There are some disadvantages are there also.

Disadvantage of MaskProcessor Compared to Brute-Force

There is none. We can argue that the above example is very specific but this does not matter. Even in mask attack we can configure our mask to use exactly the same keyspace as the Brute-Force attack does. The thing is just that this cannot work vice versa.

What are the Masks

For each position of the generated password candidates we need to configure a placeholder. If a password we want to crack has the length 8, our mask must consist of 8 placeholders.

1. A mask is a simple string that configures the keyspace of the password candidate engine using placeholders.
2. A placeholder can be either a custom charset variable, a built-in charset variable or a static letter.
3. A variable is indicated by the ? letter followed by one of the built-in charset (l, u, d, s, a) or one of the custom charset variable names (1, 2, 3, 4).
4. A static letter is not indicated by a letter. An exception is if we want the static letter ? itself, which must be written as ??.

Built-in character encoding

In MaskProcessor there are some built-in charsets. They are following:

• ?l = abcdefghijklmnopqrstuvwxyz
• ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
• ?d = 0123456789
• ?a = ?l?u?d?s
• ?b = 0x00 – 0xff

Not only these as we told in above that we can set custom charset in MaskProcessor.

Custom Charsets

There are four command-line-parameters to configure four custom charsets.

• –custom-charset1=CS
• –custom-charset2=CS
• –custom-charset3=CS
• –custom-charset4=CS

These command-line-parameters have four analogue shortcuts called -1, -2, -3 and -4. You can specify the chars directly on the command line.

Password Length Increment

A Mask attack is always specific to a password length. For example, if we use the mask ”?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. That’s why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the –increment flag.

• ?l
• ?l?l
• ?l?l?l
• ?l?l?l?l
• ?l?l?l?l?l
• ?l?l?l?l?l?l
• ?l?l?l?l?l?l?l
• ?l?l?l?l?l?l?l?l

Installing MaskProcessor on Kali Linux

We can install a minimum version of MaskProcessor on our Kali Linux by using sudo apt install maskprocessor command. But there are some issue with this Kali Linux repository version. Like we had installed it but it is also saying ‘command not found’, as we can see in the following screenshot.

MaskProcessor is installed but “command not found”

In this case we are going to uninstall this by using sudo apt remove maskprocessor command, and install it from scratch.

First we download it from it’s GitHub repository by using following command:

git clone https://github.com/hashcat/maskprocessor

Now MaskProcessor will be cloned on our system as we can see in the following screenshot:

Now we need to navigate into the maskprocessor/src directory by using following command:

cd maskprocessor/src

Here we build the program files by using the make command:

make

In the following screenshot we can see the output of the used command:

Now we move the mp64.bin file to /usr/bin directory and name it maskprocessor that it can be used as default tools. We can easily do it by using following command:

sudo mv ./mp64.bin /usr/bin/maskprocessor

Now our installation is complete. We can use MaskProcessor on our Kali Linux system. We can now use maskprocessor command to run it on our terminal.

Using MaskProcessor on Kali Linux

As we do always lets check MaskProcessor’s help options by applying following command on our terminal window:

maskprocessor -h

In the following screenshot we can see what we can do using MaskProcessor:

Now we learn how we can generate a specific wordlist in MaskProcessor. Here we need to know about the default charset as we told about in previous section, again mentioning here.

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s =  !”#$%&'()*+,-./:;<=>?@[]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 – 0xff

All characters, except for those that stand for the set (?l, ?u, ?d, etc.), are included in the password unchanged. If we want to compose a dictionary that contains six-digit passwords we need to use maskprocessor ?d?d?d?d?d?d command but we also save the directory using -o flag. So our command will be as following:

maskprocessor ?d?d?d?d?d?d -o directory.txt

This will create a password directory named “directory.txt” which can break a six-digit password by brute-forcing attack.

Not only this. Almost every password-list creator tool can do this but MaskProcessor can do something better. Now we come into this point.

What if we know someone using a password which starts with voro followed by 4 numbers and then two capital letters. In this case we can easily create a password-list using MaskProcessor. We need to use following command:

maskprocessor voro?d?d?d?d?u?u -o passlist.txt

In the above command we have used voro then four ?d for four digits then two ?u for two capital letters, and bang it will create our required very special password list, as we can see in the following screenshot:

Bang!! Here is our special password list for cracking the specific password.

Now we can use MaskProcessor for creating special type of password lists. We can easily use MaskProcessor on our Kali Linux system.

HashCat vs MaskProcessor

Although, in general, MaskProcessor & Hashcat both are interchangeable to generate passwords, we need to remember that the -a 3 option must be specified to select the brute-force/mask attack mode (since Hashcat supports various attack modes, not only mask). We also need to use the –stdout option, which means to show the password candidates (without cracking the hash).

Hashcat (Mask attack) doesn’t allow us to set the maximum number of identical repeated characters, the maximum number of occurrences of one character, start or end at a specific position. But such a result can be obtained using a Rule-based attack.

Running Hashcat on Linux systems can be problematic due to the need to have proprietary drivers.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

6 trillion dollars – What can be done with such a massive amount? Eradicate Covid-19? Control global warming?

This is the amount necessary to control cybercrime damages for businesses around the world. It is hard to believe an unorganized group of hackers doing petty crime can cost the world such a huge amount.

More dangerous than any virus in history, simple forms of cyber attacks like ransomware, malware and phishing attacks can bring a process to a standstill completely, causing an enormous loss for business organizations. It is important to know the current trends in cybersecurity to keep your business safe and invest cleverly to avoid losses.

Trend #1: Major Shortage of Experts

There is a huge demand for talented cybersecurity experts who can safeguard a company from various hacker attacks. In fact, it is one of the top 5 skills which will soar in demand for the next decade. Companies are ready to pay exceptionally high if a cybersecurity expert is capable of avoiding immediate losses, fixing ransomware issues and providing optimum protection against cyberattacks.

Resuming work after a cyberattack or threat is not an easy task requiring a clear scan of the network to ensure it is safe, patching up the loopholes in the software, updating the system, etc. Cybersecurity experts protect the system, create awareness among the employees and repair the system in case of cyber attacks as a part of the recovery plan. It is wise to invest in a team of cyber experts in 2022 as the demand for people with such talent will skyrocket in the upcoming years.

Additionally, some people with poor knowledge and questionable intentions will take advantage of this demand and will pose as experts. It’s advisable to do proper research before hiring cybersecurity experts to see if they really know what they are doing. As company data is not something to take chances with, use background checking companies, conduct proper interviews and use Nuwber to see if the information the experts provide about themselves is really true.

Trend # 2: Employee Training and Awareness

In addition to hiring cyber security experts, allow them to teach the trends and rules to be followed to other employees. Data security is a matter of collective implementation by all the employees. Even the carelessness of one single person can totally compromise the entire security of the company.

The efforts taken by cyber security experts to protect valuable company data will be fruitful only with the cooperation of all the other employees. Good training, knowledge about handling different scenarios and awareness regarding different types of cybercrimes are necessary for the employees to understand the depth of the issue.

The cyber security team can create this awareness with their knowledge and provide enough practice and workshops for the employees in staying safe. Regular practice in using multi-factor authentication, VPNs and password managers prevents over 60% chances of business data leakage.

Many businesses have realized there is no “if there is an attack” in 2022 and are preparing their employees genuinely to stay shielded from the attacks with the help of their cyber security team and training experts.

Trend # 3:  Role-Based Access Control Software

RBAC allows workers to access or view only the absolutely essential files with multi-level authentication. There are multi-level restrictions and many degrees of access and only the most trusted and important employees are allowed to access the core data. Saving, copying or sharing business-related data is highly restricted while using RBAC.

Employees are able to access data only based on their designation and under strict monitoring. RBAC is considered the most budget-friendly and secure way for small and medium-level businesses to keep their data safe in 2022. 

Trend # 4: Custom Security Software

It is important for modern businesses to understand the nature of the threats that await them in their industry. If it is a manufacturing unit, they might need to pay extra attention to automation services. If it is an IT industry, they need to take measures to implement on-premise level security for remote working employees too.

Every business should invest in creating custom security software to meet its unique needs. Popularly known as Commercial off-the-shelf (COTS) software, several companies are expected to invest in such a type of software in 2022. The major advantage of COTS is they are able to analyze and fill in every loophole for your own business, providing fool-proof support.

Hiring an expert team to create such software and train employees to keep it running might take some time and effort. But, it is worth every penny and minute invested as it highly nullifies the chances of cyberattacks.

Trend # 5: Mitigation Measures

Mitigation is a serious issue and requires good investment and clear planning from the company side. The most common mitigation measures taken by business organizations are maintaining an automatic data backup and recovery system and having a contingency plan, re-assigning priority jobs to maintain the process running.

The mitigation measures should aim at maintaining uninterrupted service for the customers and resuming the affected process as quickly as possible. Huge businesses often have contingency teams who take overwork or route it to other teams quickly. Small and medium-level businesses who cannot afford major investment often rely on secure data backup and recovery.

Conclusion

There are five major cybersecurity trends in 2022. There is a huge need for cybersecurity experts and companies to invest in technologies like role-based access and custom security software. Businesses of all sizes, small, medium and huge are targeted by hackers and every company should be taking steps to train its employees about cyber security.

They should strive hard to create awareness about the dangers of a data breach or leakage and cyberattacks. Last but not the least, every company should be investing money to trace the hackers causing the issue, and in contingency plans that help them to recover from cyber-attacks quickly. All these five trends are here to stay for a while and are expected to define the face of the internet in the next decade.

For being cybersecurity researcher we need to practice with buggy web servers, NO not actual servers, we are talking about some intentionally buggy web servers for practicing security testing. We host various vulnerable web applications like Damn Vulnerable Web Application (DVWA), BWAPP (Buggy Web App), OWASP Mutillidae etc on our system. Do we know about the potential risks on this?

These type of buggy web applications have various vulnerabilities, some of them allow shell uploading (backdoors) and SQL injection. Such scripts can lead to complete compromise of our the web server as well as the entire computer. We can say that we had hosted it on localhost, that also can harm our system by the attackers. Attacker just need to access our local network (read WiFi) to break into it and damage us. Even they can do it remotely if we had forwarded our system ports.

How to Protect Testing Web Servers on Kali Linux

Malicious Port Closing

First of all we need to check our port forwarding options in our router settings. We should check that we don’t have any port forwarded. Port forwarding allows us to enter in our network remotely, but there is a flaw that if we can enter then anyone else also can. That is why we should not disclose our public IP address.

What if we need to access our network from outside (in our case, we always use our home PC files from our office). In that case the best option to protect our web server shown in following chapter.

IP Filtering

We can filter which IP address is allowed to open our web server. If we apply it then other IP address can’t access our web server. to do this we need to configure our .htaccess file. By default .htaccess file is disabled. We need to enable it from Apache2 configuration. Lets open Apache2 configuration file by using following command:

sudo nano /etc/apache2/apache2.conf

In the following screenshot we can see that where we need to change:

In the <Directory /var/www/> section we need to change the AllowOverride value from None to All. We did the change in the following screenshot:

Then we save and close the file by pressing CTRL+X, then Y, then Enter⤶ key.

Now we need to restart our web server for the changes to take effect:

sudo service apache2 restart

The default directory for Linux web server is /var/www/html. Now here we can edit our .htaccess file by applying following command:

sudo nano /var/www/html/.htaccess

Here our .htaccess file will open we need to just type Require local here, as shown in the following screenshot:

Then we save and close it. Now if we did it then what happens? The name “local” only give access to the same computer. Please note only connections from the same computer (localhost) are allowed and any other remote connections are prohibited, even from the local network. This will be safest option for us.

If we do this and then we try to open this webpage from other devices on our local network it shows like following screenshot:

Access denied for other localhost devices

In this way we can safe our localhost websites form other attackers. It is so simple and easy, yet powerful.

If we want we can allow a single IP or network ranges can access this webpage, instead of accessing from same computer only. We need to do following changes on .htaccess file to do so.

Require ip 10.1.2.3
# OR
Require ip 10.1
# OR
Require ip 10.1.0.0/16
# OR
Require ip 10.1.0.0/255.255.0.0
# OR
Require ip ::1

It is allowed multiple use of Require ip directive.

Some Vulnerable Web Server for Practice

• bWAPP
• DVWA
• WebGoat
• Mutillidae II
• Juicy Shop
• Vulnerable WordPress

This is how we can keep safe our localhost website from bad attackers on our Kali Linux system and enjoy our penetration testing practicing all the day.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

While solving a cyber crime law enforcement agencies and cybersecurity professionals encountered with lots of IP address, usually law enforcement agencies contacts to the telecommunication companies or ISP (Internet Service Provider) to get all the IPDR (Internet Protocol Detailed Record). In IPDR there are too many records about the source IP and destination IP, we can analysis them to get the idea about the traffic. Now which IP is from which Host? Determining this consumes a lot of time.

In today’s article we are going to discuss about a tool which can easily do this job and save our time and effort. This tool’s name is HostHunter. This Python3 OSINT tool comes in Kali Linux repository in latest Kali Linux update (2021.3).

HostHunter efficiently discover and extract host names providing a large set of target IP addresses. HostHunter utilises simple OSINT (Ope-Source Intelligence) techniques to map IP addresses with virtual host names.

Features of HostHunter

• Extracts information from SSL/TLS certificates.
• Supports Free HackerTarget API requests.
• Takes Screenshots of the target applications.
• Validates the targets IPv4 address.
• Supports .txt and .csv output file formats.
• Gathers information from HTTP headers.
• Verifies Internet access.
• Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports.
• Supports Nessus target format output.

Installing HostHunter on Kali Linux

Now we can directly it it if we are using latest 2021.3 version of Kali Linux. We can also install it on our older version of Kali Linux by updating our repository. We need to use following command to install it:

sudo apt install hosthunter

Then our system will prompt for root password and storage permission. Then HostHunter will be installed on our system, as we can see in the following screenshot:

Using HostHunter on Kali Linux

First of all, as always we run HostHunter’s help menu to see all it’s options by using following command on our terminal:

hosthunter -h

In the following screenshot we can see the options of HostHunter to use it.

We can see in the above screenshot that we need to use -t flag to check host name of a single IP address. Here We have an IP address to check, then we need to use the following command:

hosthunter -t 157.240.199.35

In the following screenshot we can see the result:

From the above screenshot we can see that this IP address is belongs to Facebook and Facebook Messenger, basically Facebook.

We can do resolve host name of multiple IP’s, Here we have an list of multiple IP to just show an example:

IP address list for an example

Now we run this on HostHunter to resolve the host names of the above IP address and save our output on a csv file by using following command:

hosthunter demoIP.list -f csv -o hosthunter

In the above command we just used the file name to scan, because our working directory and the list file directory are same. If the list of IP was any other location in our system, then we need enter the full path of that file to scan it. We also used -f flag to specify the output file format and -o flag to specify the output file name. Then we run the command, following screenshot shows the output of the above command:

After completing the scan (it will be very fast), HostHunter will save output data on our specified new file (we also named it hosthunter ☺), as we can see in the following screenshot:

Here we got a nessus file which we can use with Nessus, and we got our CSV output file. Now we can open our CSV file of spreadsheet applications like OpenOffice CalC for a better view, otherwise we can use anything (cat, nano mousepad) to view the output file.

This the the way, we can can easily got the host name of various IP address without analyzing them one by one. HostHunter is really an awesome tool in Kali Linux for cybersecurity experts.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Subdomain discovery is very essential for information gathering during penetration testing on web applications. There are lots of tools available for it. We need to use them and find our subdomains because it is possible to find subdomains with some valuable information or some bugs which may lead our penetration testing or bug hunting process.

In today’s article we are going to discuss about how we can find subdomains using sublist3r on our Kali Linux system. Sublist3r is a Python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug bounty hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.

Subbrute is integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce technology with an improved password list.

Install & Use Sublist3r on Kali Linux

Enough discussion, let’s install Sublist3r on our Kali Linux system. Sublist3r comes with Kali Linux repository and we can easily install it by applying following command:

sudo apt install sublist3r

This command will install sublist3r on our system, as we can see in the following screenshot:

After the task is finished, we can use sublist3r on our system. First of all let’s check it’s help options by using following command:

sublist3r -h

In the following screenshot we can see the options of sublist3r tool.

Simply we can put a target domain to find it’s subdomains by using -d flag. Lets check for subdomains of Google by using following command:

sublist3r -d google.com

In the following screenshot we can see that sublist3r discovered subdomains of Google.com.

In the above screenshot we can see that we got almost 38k unique subdomains for google.com.

If we want to save all the subdomains in a text file then we can use -o flag. Then our command will be like following:

sublist3r -d google.com -o Googlesubdomains.txt

By using above command we can save the subdomains list on a txt file with any name.

We also can search for subdomains of specific domain and show only subdomains which have open ports. We can specify our required open ports by using -p flag.

For an example if we want to check subdomains on facebook.com domain which have port 80 and 443 is opened and save the output on a file named fbsubdomains.txt then we need to use following command:

sublist3r -d facebook.com -p 80,443 -o fbsubdomains.txt

We can see in the following screenshot that we have discovered the subdomains of facebook.com which have port 80 and port 443 opened and we saved the output on a text file.

This is how we can perform subdomain enumeration using Sublist3r on our Kali Linux system. This is very useful for cybersecurity experts, during the recon process.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

During the digital forensics works we had faced with various type of files. From our personal experience we can say it’s not easy. There are numerous file types. If we got a file from suspected devices without any file extension then it is very hard to make an idea about the file type. There are some utilities on Linux like file can done the job, but that may not be the perfect and less information.

In this detailed guide we are going to discuss about “Detect It Easy” aka “DIE“. Detect It Easy or DIE is a cross-platform file type detection program. Apart from Linux (read Kali Linux in our case), it is also available for Windows and Mac OS.

DIE exists in three versions. Basic version (“DIE”), Lite version (“DIEL”) and terminal version (“DIEC”). All the three use the same signatures, which are located in the folder “db”. If you open this folder, nested sub-folders will be found (“Binary”, “PE” and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:

1. MSDOS executable files MS-DOS.
2. PE executable files Windows.
3. ELF executable files Linux.
4. MACH executable files Mac OS.
5. Binary all other files.

Install Detect It Easy on Kali Linux

Installing “Detect It Easy” on Kali Linux is also very easy. First of all we need to install some dependencies to run this by using following command:

sudo apt install qtbase5-dev qtscript5-dev qttools5-dev-tools git build-essential qtchooser

The dependencies will be installed shortly, as we can see in the following screenshot:

Now we need to download “Detect It Easy” from GitHub by using following command:

git clone --recursive https://github.com/horsicq/DIE-engine

This will take some time depending on our internet speed and system performance. As we can see in the following screenshot:

Now we need to navigate to our recently downloaded/cloned directory by simply using following command:

cd DIE-engine

Now we need to run build script by using following command:

bash -x build_dpkg.sh

We can see that the build script is running in the following screenshot:

It might take some time depending on our system performance. We need a coffee break ?, let it finish.

After it finishes we need to install the deb package on our Kali Linux system. To do that we need to run the following command:

sudo dpkg -i release/die_*.deb

In the following screenshot we can see that the installation process is done. It will not take longer time like building script.

Now our installation is finished. Now we move forward to using “Detect It Easy” on our system and try to identify some file types.

Using Detect It Easy on Kali Linux

First we need some files, specially no extension named files that will help us to know the file types. Otherwise, we know that .exe is a Windows application and .py is a python program. Here we have file a file named “Video” on our Desktop, which didn’t have any file extension.

Some of us can assume that it might be a video file, Lets see what “Detect It Easy” detects.

We can use command line or graphical user interface both, that doesn’t matter our work should be done. We use following command to know the file type of ‘Video’ named file on our Desktop.

diec Video

Because we are already in Desktop directory we don’t need to set our file path, we just use name. But in the case our working directory is different from file location we need to use path of file. In the following screenshot we can see the output, by the way the diec command used for DIE command line utility.

Form the above screenshot we can easily understand that this ‘Video’ is not a video file, it is a Microsoft installer file (exe file for Windows).

In other hand, we can use GUI version of “Detect It Easy” by simply using following command on our terminal:

die

Now the Graphical User Interface of “Detect It Easy” will open in our front as we can see in the following screenshot:

DIE Graphical Interface

Here we can select a file from our computer and select “Scan” to Scan it.

It is very fast and easy to use. We can see various things here. MIME, Hash, Strings etc for detailed analysis.

Note: Detect It Easy is mainly created for analyzing executable files, so its functions are more related to program files, for example, determining the architecture. But there is also support for other binaries.

This is how we can install “Detect It Easy” on our system, and know any kind of file types (specially program files) using our Kali Linux system.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Anonymous chatting has its own set of perks. Firstly, you chat in complete anonymity- without history, without stereotypes, etc. Secondly, it is very liberating when the person you chat with has no idea about what you do or who you are.

This is why cam to cam chats are suddenly getting popular around the world. They have almost become like a fad. Owing to the trend, more and more sites are emerging to provide seamless chatting services. But, how do you choose the best one?

12 Best Anonymous Chat Sites

Online video chatting always has a set of concerns: is the chat going to be safe? Will there be any leakage of information, etc. So, to battle all these pre-conceived notions about online chats, below are the best anonymous chat apps to talk with strangers:

1. Bazoocam

Bazoocam is a nicely interfaced online video chatting platform. It functions in a fairly seamless way. With functions and features similar to ChatSites, Bazoocam too ensures an amazing chatting experience.

However, how does one ensure that the challenges faced under other cam chat sites will not be faced with Bazoocam? The below questions and answers on the issue will suffice:

How is Bazoocam different from other chat sites?

Bazoocam is different and somehow even superior to other chat sites. It has been designed with impeccable functions. The sheer structure of Bazoocam oozes convenience. You will be able to chat in one of the most comfortable interfaces. It does not matter whether you have done this before or not, you will still be comfortable with Bazoocam.

Can you chat anonymously on Bazoocam?

You can only chat anonymously on Bazoocam. The platform has its own set of protocols that only seek only very necessary information from its users. This means that the users are never asked for their personal details.

You can be relieved that the information you provide to Bazoocam will be completely discreet. You only provide very basic details that are sufficient enough for you to start chatting on the platform.

How much does one need to wait to be matched?

There is literally no wait time with Bazoocam. You can chat your time away with people day in and day out. As Bazoocam enjoys a lot of popularity, it has a plethora of users at all hours. Therefore, there will always be people willing and ready to chat.

So, you will always find a suitable match for yourself on the platform. You can further refine your search by opting for filtering your results. You can filter people based on their age, sex, location, etc. The more accurate your requirements are, the better you will be able to chat with people.

How much does Bazoocam cost?

The good news here is that Bazoocam is free. It does not cost at all to use the platform. It is extremely efficient as a webcam chatting platform, that too which is free. It has no hidden costs or subscription fees. You can be assured that you do not need to provide your payment details.

2. Chatrandom

Chatrandom is a very good online cam chatting alternative. It is a good way to find remote companionship. You choose who you want to chat with and whom you don’t want to chat with. With the feature of skipping people, you can just skip things you don’t want to engage with.

3. Chatki

The popularity of Chatki is also increasing because of its discreet features and functions. As the user base of the platform is proliferating each passing day, you will always manage to find companies on the platform. It is perfect and efficient.

4. Emerald Chat

Emerald Chat makes chatting fun and entertaining by adding some fun and entertaining elements. For instance, it offers its users with an avatar and username. The avatar and username will substitute for your real identity on the platform. You can engage in some fun role playing.

5. Chatroulette

Chatroulette is also a very popular online cam chatting site. It provides its users with the ease of chatting with someone based 1000 of miles away. Owing to its cosmopolitan user base, you will also be able to find some fun and entertaining people on the platform.

6. Camsurf

Camsurf is known to be one of the most user-friendly platforms. It has some incredible matching features. It will connect you with people who have the same tastes and interests as you. Further, with masking and masquerading features, it increases its lovability.

7. Flingster

As the name suggests, Flingster allows its users to have flings with people remotely. It is a fun and flirtatious platform wherein you can choose whom you want to chat with. There is no paucity of people on Flingster and you will always find the next person better than the previous.

8. Shagle

Shagle can get really addictive as a web based chatting service. It has been around for a while and has earned a lot of patronage from users around the world. It is fun, entertaining and immaculately designed. Even if you are a first timer, you will be able to use Shagle conveniently.

9. Dirtyroulette

Adults have different sets of needs and Dirtyroulette addresses them efficiently. This is a rather fun and uninhibited platform. You can be honest in your expectations with strangers. No one gets offended as everyone knows about their core purpose of being on the platform.

10. Coomeet

Coomeet lets its users meet with people from around the globe. It makes the world a really small place. Everytime is a busy time on Coomeet as people are honestly hooked to it. It is also very efficient in its interface.

11. Tinychat

Tinychat is a video chatting platform that provides you with multiple live feeds at the same time. This means that you could be chatting with many people at once. All this and more and none of the live feeds will ever get freezed.

12. Camzap

Camzap helps you in establishing some deep connections and bonds, that too with strangers. It is a really user-friendly platform. It has been around for long enough to have a lot of patronage. So, any time of the day you head to it, there will be people to chat with.

Conclusion

If you are looking for the perfect cam to cam chat site, it doesn’t get better or more extensive than the above sites. As compared to ChatSites, the kind of interface and engagement you get on these sites is far better than what you get anywhere else.

Kali Linux is a rolling distribution, that means it continuously updates in all areas of the operating system, including the Linux kernel, the desktop environment, all utilities and all applications. So we need to update it frequently to stay updated always.

Not only that, due to update regularly some old packages of applications are kept on our system as a junk. These older files are not so much harmful but they might slow down our system. So we need to clean them on regular basis.

Updating & Upgrading Kali Linux

There are various types of updates we can do like normal update, full upgrade, distribution upgrade.

Updating Kali Linux

Update can be simply done by following command:

sudo apt update -y

The above command will update the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the Kali Linux repositories. As we can see in the following screenshot:

In the above screenshot we can see that we have already updated our system. One thing to remember that this updates the list of available packages and their versions, but it does not install or upgrade any packages. We can actually install them by using upgrade.

Upgrading Kali Linux

Where update updates the list of available packages but didn’t install them, upgrade actually installs newer versions of the packages we have. After updating the lists, the package manager knows about available updates for the software you have installed. That’s why we need to run update before upgrading.

To upgrading Kali Linux we need to run following command on our Kali Linux system:

sudo apt upgrade -y

As we can see in the following screenshot:

In the above screenshot we can see that the upgrade is running. It will take some time depending our internet connection and system performance. Unlike Windows we can cancel it anytime and resume it by applying the same command.

Where sudo apt upgrade -y command installs all and doesn’t remove any packages and skips upgrading old packages if removal is needed, sudo apt full-upgrade -y command removes old packages if needed to perform the upgrade of packages to their latest versions.

sudo apt full-upgrade -y

The output of the above command shown in the following screenshot:

sudo apt full-upgrade can be run after sudo apt update -y command but sudo apt update -y is considered more safe then sudo apt full-upgrade -y command. But anyways don’t panic it doesn’t harm our system badly. To know the very detailed difference in these commands please read this article.

Similar to sudo apt-get upgrade command, the sudo apt-get dist-upgrade also upgrades the packages. In addition to this, it also handles changing dependencies with the latest versions of the package. It intelligently resolves the conflict among package dependencies and tries to upgrade the most significant packages at the expense of less significant ones, if required. Unlike sudo apt-get upgrade command, the sudo apt-get dist-upgrade is proactive and it installs new packages or removes existing ones on its own in order to complete the upgrade.

sudo apt dist-upgrade -y

The above command will upgrade our distribution totally.

Cleaning Kali Linux

We can clean our no-longer needed packages by using following command on our Kali Linux terminal:

sudo apt autoremove -y

In the following screenshot we can see the output of this command.

In the above screenshot we can see that 19 MB of our disk space is cleared and some packages are removed. Use of this command is safe and should not cause problems.

Each program update, package files are downloaded to the package cache. After the update, downloaded files (you can call them installation files) are not deleted, and gradually the package cache grows to large sizes. This was done intentionally with the idea that if after the next update you find that the new package has problems and the old version is no longer available in the online repository, then you can roll back to the old version by installing it from a file saved in the package cache.

For rolling distributions, the cache grows very quickly, and if we are not qualified enough to roll back to the old version using the installation package which is stored in the cache, then for you these hundreds of megabytes or even several gigabytes are a waste of space on our hard drive. Therefore, from time to time we can execute following commands:

sudo apt autoclean -y

sudo apt clean -y

The sudo apt clean -y command cleans the local repository from received package files. It removes everything except the lock file from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/.

Like sudo apt clean -y command, sudo apt autoclean -y cleans downloaded package files from the local repository. The only difference is that it only removes package files that can no longer be downloaded and are largely useless.

This allows us to maintain the cache for a long period without growing too much.

The following command is not directly related to cleaning, but helps maintain our Kali Linux system health.

sudo apt install -f -y

The -f or –fix-broken flag tries to make normal a system by repairing broken dependencies. This option, when used with install/remove, may skip any packages to allow APT to find a likely solution. If packages are listed, this should completely fix the problem.

This is everything to this article, hope now we got a clear idea about “How to update Kali Linux” and “How to clean Kali Linux”.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

In cybersecurity and digital forensics field metadata of files is very important. We can get various information from metadata in files. This metadata may help us to get much more insider information while we are doing forensics testing. Also if we think about our privacy then metadata can harm our privacy in that case we can remove our metadata also.

In this detailed guide we are going to discuss about how we can read and remove metadata of any files using Kali Linux.

To view and remove metadata on Kali Linux (or any other Linux), we need to install mat2 program. Mat2 (Metadata Anonymisation Toolkit 2) is a command-line metadata removal tool, supporting a wide range of commonly used file formats, written in python3. To install it on our system we need to apply following command on our Terminal:

sudo apt install mat2

In the following screenshot we can see that mat2 is installing on our system. It is not so large (under 25MB) package and the installation time will depends on our internet connection speed and system performance.

After the installation is finished we can check the help of mat2 by using following command:

mat2 -h

In the following screenshot we can see the help of mat2.

Now we can read the help options to know all the works of this tool. As we can see there is a -s flag, which can show us harmful metadata detectable by mat2 without removing them. Lets use it.

Mat2 can view and remove metadata from files so we need files to perform it. Here we have an downloaded image which contains metadata. We had saved the image on our Desktop (home/kali/Desktop/IMG_20201007_102037.jpg ).

To view it’s metadata we can use following command:

mat2 -s /home/kali/Desktop/IMG_20201007_102037.jpg

In the following screenshot we can see the metadata of this image with various useful information:

Now if we want to remove these metadata this file we need to enter following command on our terminal:

mat2 <location/of/file>

In the following screenshot we can see that it is done.

Here the old files will remain unchanged, but new files will be created with the string .cleaned in the name and completely cleared metadata. As we can see in the following screenshot.

Now we can check if the there any metadata in the new cleaned file by using following command:

mat2 -s /home/kali/Desktop/IMG_20201007_102037.cleaned.jpg

In the following screenshot we can see that the new file (.cleaned) did not contain any kind of metadata.

Total process of removing metadata

This is how we can remove metadata of any file (not only images), if we need to clear metadata of all files in any particular folder then we can simply enter following command:

mat2 /home/kali/Desktop/*

The above command will remove metadata from all files on our Desktop. If we want to clear metadata of files in other folders then we need put that directory with * . And it will create new .cleaned file for every old files, the .cleaned files will not contain any metadata.

This is all bout how we can clear or remove metadata from any files on our Kali Linux system.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.