Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.

Best USB WiFi Adapter For Kali Linux 2023 [Updated September]

Best USB WiFi Adapter For Kali Linux 2023 [Updated September]

CyberSecurity Updates, Kali Linux / By


Best WiFi Adapter for Kali Linux

The all new Kali Linux 2021.1 was rolling out and we can simply use it as our primary operating system because of the non-root user. The main benefit of using Kali Linux as primary OS is we got the hardware support. Yes, we can do our all penetration testing jobs with this Kali Linux 2021, but to play with wireless networks or WiFi we need some special USB WiFi adapters in Kali.
Best WiFi Adapter for Kali Linux

Here we have listed some best USB Wireless adapters Kali Linux in 2021. These WiFi adapters are 100% compatible with Kali Linux and supports monitor mode and packet injection, which will help a lot in WiFi penetration testing.

Best WiFi Adapter for Kali Linux

Sl
No.
WiFi
Adapter
Chipset
Best
for
Buy
1
AR9271
Good Old Friend
2
RT
3070
Best
in it’s Price Range
3
RT
3070
Compact
and Portable
4
RT
5572
Stylish
for the Beginners
5
RTL8812AU
Smart
Look & Advanced
6
RTL8814AU
Powerful & Premium
7
RT5372
Chip, Single Band

Alfa AWUS036NH

We are using this USB WiFi adapter from the BackTrack days (before releasing Kali Linux) and still we consider it as one of the best. For it’s long range signals we can do our penetration testing jobs from a long distance.

Alfa AWUS036NHA Kali Linux WiFi Adapter 2020

Alfa AWUS036NH is plug and play and compatible with any brand 802.11g or 802.11n router using 2.4 GHz wavelength and supports multi-stream & MIMO (multiple input multiple output) with high speed transfer TX data rate up to 150 MBPS. It also comes with a clip which can be used to attach this adapter on a laptop lid.

  1. Chipset: Atheros AR 9271.
  2. Compatible with any brand 802.11b, 802.11g or 802.11n router using 2.4 Ghz wave-length.
  3. Includes a 5 dBi omni directional antenna as well as a 7 dbi panel antenna.
  4. Supports security protocols: 64/128-bit WEP, WPA, WPA2, TKIP, AES.
  5. Compatible with Kali Linux RPi with monitor mode and packet injection.
  6. High transmitter power of 28 dBm – for long-rang and high gain WiFi.
https://www.amazon.com/Alfa-AWUS036NH-802-11g-Wireless-Long-Range/dp/B003YIFHJY/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036NHA&qid=1594882122&sr=8-6&linkCode=ll1&tag=adaptercart-20&linkId=2f09cf7cc9b84fcd2be61c590af1d25c&language=en_US

Alfa AWUS036NHA

Alfa again. Alfa provides the best WiFi adapters for Kali Linux. This adapter is the older version of Alfa AWUS036NH with Ralink RT3070 chipset. AWUS036NHA is the IEEE 802.11b/g/n Wireless USB adapter with 150 Mbps speed This is also compatible with IEEE 802.11b/g wireless devices at 54 Mbps.

Alfa AWUS036NH Kali Linux WiFi Adapter 2020

This plug and play WiFi adapter supports monitor mode and packet injection in any Linux distribution and Kali Linux. Alfa AWUS036NHA comes with a 4 inch 5 dBi screw-on swivel rubber antenna that can be removed and upgrade up to 9 dBi.

  1. Chipset: Ralink RT 3070.
  2. Comes with a 5 dBi omni directional antenna as well as a 7 dBi panel antenna.
  3. Supports security protocols: 64/128-bit wep, wpa, wpa2, tkip, aes
  4. Compatible with Kali Linux (Also in Raspberry Pi) with monitor mode and packet injection.
https://www.amazon.com/Alfa-AWUS036NH-802-11g-Wireless-Long-Range/dp/B003YIFHJY/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036NH&qid=1594870855&s=amazon-devices&sr=8-1&linkCode=ll1&tag=adaptercart-20&linkId=4c49c0097d6157190cf04122e27714ed&language=en_US

Alfa AWUS036NEH

This Alfa WiFi Adapter is compact and tiny, but it has a good range. It supports plug and play so connect it with Kali Linux machine and start playing with WiFi security. The antenna is detachable and makes it very portable. We have used this to build our portable hacking machine with Raspberry Pi and Kali Linux.

Alfa AWUS036NEH Kali Linux WiFi Adpater 2020

Alfa AWUS036NEH is the ultimate solution for going out and red teaming attacks. The long high gain WiFi antenna will give us enough range to capture even low signal wireless networks. This adapter is slim and doesn’t require a USB cable to use.

  1. Chipset: Ralink RT 3070.
  2. Supports monitor mode and packet injection on Kali Linux and Parrot Security on RPi.
  3. Compact and portable.
https://www.amazon.com/AWUS036NEH-Range-WIRELESS-802-11b-USBAdapter/dp/B0035OCVO6/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036NEH&qid=1594870918&sr=8-3&linkCode=ll1&tag=adaptercart-20&linkId=c6578f6fb090f86f9ee8917afba3199a&language=en_US

Panda PAU09 N600

Besides Alfa, Panda is also a good brand for WiFi adapters with monitor mode. Panda PAU09 is a good WiFi adapter to buy in 2020. This dual-band plug & play adapter is able to attack both 2.4 GHz as well as 5 GHz 802.11 ac/b/g/n WiFi networks.

Panda PAU09 WiFi adapter for monitor mode

This adapter comes with a USB docker and dual antennas, which looks really cool. It is also detachable into smaller parts. This adapter is reliable even on USB 3 and works great and fully supports both monitor mode and injection which is rare on a dual band wireless card out of the box.

  1. Chipset: Ralink RT5572.
  2. Supports monitor mode and packet injection on Kali Linux, Parrot Security even in RPi.
  3. 2 x 5dBi antenna.
  4. It comes with a USB stand with a 5 feet cable.
  5. Little bit of heating issue (not so much).
https://www.amazon.com/Panda-Wireless-PAU09-Adapter-Antennas/dp/B01LY35HGO/ref=as_li_ss_tl?dchild=1&keywords=Panda+PAU09&qid=1594870963&sr=8-1-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUEzRUUwQjNVSkNGMEFIJmVuY3J5cHRlZElkPUEwODkwNzI3MkZHWUFNUTBRMlRTQSZlbmNyeXB0ZWRBZElkPUEwNzkxNzgzMTBaUEdDS05IUzdDTSZ3aWRnZXROYW1lPXNwX2F0ZiZhY3Rpb249Y2xpY2tSZWRpcmVjdCZkb05vdExvZ0NsaWNrPXRydWU=&linkCode=ll1&tag=adaptercart-20&linkId=d9d43db491c7cf14863cc99c1b8b7797&language=en_US

Alfa AWUS036ACH / AC1200

In Kali Linux 2017.1 update Kali Linux was released a significant update – support for RTL8812AU wireless chipset. Now Alfa AWUS036ACH is a BEAST. This is a premium WiFi adapter used by hackers and penetration testers. It comes with dual antennas and dual band technology (2.4 GHz 300 Mbps/5 GHz 867 Mbps) supports 802.11ac and a, b, g, n.

Alfa AWUS036ACH WiFi adapter for Kali Linux

These antennas are removable and if we require higher range, then we can connect an antenna with greater dbi value and use it as a long range WiFi link which makes this one of the best WiFi adapters. Also this adapter has an awesome look.

If budget is not an issue then this adapter is highly recommended.

  1. Chipset: RealTek RTL8812AU.
  2. Dual-band: 2.4 GHz and 5 GHz.
  3. Supports both monitor mode & packet injection on dual band.
  4. Premium quality with high price tag.
https://www.amazon.com/Alfa-Long-Range-Dual-Band-Wireless-External/dp/B00VEEBOPG/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036ACH&qid=1594871102&sr=8-3&linkCode=ll1&tag=adaptercart-20&linkId=928256b6b245a63277f865d406f44c02&language=en_US

Alfa AWUS1900 / AC1900

Now this is the beast, then why is it at last? It is last because of its high price range. But the price is totally worth it for this USB WiFi adapter. If the previous adapter was a beast then it is a monster. Alfa AWUS1900 has high-gain quad antenna that covers a really long range (500 ft in an open area).

This is a dual band WiFi adapter with high speed capability 2.4GHz [up to 600Mbps] & 5GHz [up to 1300Mbps]. It also has a USB 3.0 interface.

Alfa AWUS036ACH The best wifi adapter for hacking in Kali Linux

Monitor mode and packet injection supported with both bands and it will be very useful for serious penetration testers. We also can attach this on our laptop display with it’s screen clip provided with the box.


What we got in the box?

  • 1 x AWUS1900 Wi-Fi Adapter
  • 4 x Dual-band antennas
  • 1 x USB 3.0 cable
  • 1 x Screen clip
  • 1 x Installation DVD-Rom (doesn’t require on Kali Linux. Plug&Play)
  • A consistent solution for network congestion!
  1. Chipset: RealTek RTL8814AU.
  2. Dual-band: 2.4 GHz and 5 GHz.
  3. Supports both monitor mode & packet injection on dual band.
  4. Premium quality with high price tag.
  5. Very long range.
https://www.amazon.com/Alfa-AC1900-WiFi-Adapter-Long-Range/dp/B01MZD7Z76/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036ACH&qid=1594871169&sr=8-4&linkCode=ll1&tag=adaptercart-20&linkId=d62c81825eace1b0f09d0762e84881c4&language=en_US


Panda PAU 06

Yes, This low cost Panda PAU 06 WiFi adapter supports Monitor Mode and Packet Injections. But we really don’t suggest to buy this adapter if budget is not an issue.
panda pau 06 wifi adapter for Kali Linux
The main reason is this WiFi adapter doesn’t supports dual-band frequency (only supports 2.4GHz), it doesn’t supports 5GHz frequency.
This WiFi adapter comes with Ralink RT5372 chipset inside it. 802.11n standards supports 300MB per second maximum speed.
This adapter takes less power from computer, but other adapters doesn’t took too much power from system (this point is negligible).
panda pau 06 order on amazon

Extras

There are some more WiFi adapters that we did not cover because we didn’t test them on our hands. These WiFi adapters were owned by us and some of our friends so we got a chance to test these products. We didn’t listed some WiFi adapters like following:

Be Careful to choose from these, because we don’t know that they surely support monitor mode & packet injection or not. As per our own experience Alfa cards are the best in the case of WiFi Hacking.

How to Choose Best Wireless Adapter for Kali Linux 2020

Before
going through WiFi adapter brands let’s talk something about what kind
of WiFi adapter is best for Kali Linux. There are some requirements to
be a WiFi penetration testing wireless adapter.

  • Should support Monitor mode.


  • The ability to inject packets and capture packets simultaneously.

Here are the list of WiFi motherboards supports Monitor mode and Packet injection.

  • Atheros AR9271 (only supports 2.4 GHz).
  • Ralink RT3070.
  • Ralink RT3572.
  • Ralink RT5370N
  • Ralink RT5372.
  • Ralink RT5572.
  • RealTek 8187L.
  • RealTek RTL8812AU (RTL8812BU & Realtek8811AU doesn’t support monitor mode).
  • RealTek RTL8814AU

So
we need to choose WiFi Adapter for Kali Linux carefully. For an
Example, on the Internet lots of old and misleading articles that
describe TP Link N150 TL-WN722N is good for WiFi security testing. But it is not true. Actually it was.

TP Link N150 TL-WN722N newer models don't support Monitor Mode
TP Link N150 TL-WN722N newer models doesn’t work

The
TP Link N150 TL-WN722N’s previous versions support monitor mode. The
version 1 comes with Atheros AR9002U chipset and supports monitor mode.
Version 2 has the Realtek RTL8188EUS chipset and doesn’t support monitor
mode or packet injection. TP Link N150 TL-WN722N version 1 is not
available in the market right now. So clear these things and don’t get
trapped.

Which WiFi adapter is the best? Vote Please

 
pollcode.com free polls

WiFi Hacking in Kali Linux

Kali Linux is the most widely used penetration testing operating system of all time. It comes with lots of tools pre-installed for cyber security experts and ethical hackers. We can perform web application penetration testing, network attack as well as wireless auditing or WiFi hacking. We have already posted some lots of tutorials on our website and some good WiFi auditing tutorials like AirCrack-Ng.

Why Do We Use External USB WiFi Adapters in Kali Linux?

A WiFi adapter is a device that can be connected to our system and allows us to communicate with other devices over a wireless network. It is the WiFi chipset that allows our mobile phone laptop or other devices which allows us to connect to our WiFi network and access the internet or nearby devices.

But most of the Laptops and mobile phones come with inbuilt WiFi chipset so why do we need to connect an external WiFi adapter on our system ? Well the simple answer is our in-built WiFi hardware is not much capable to perform security testing in WiFi networks.Usually inbuilt WiFi adapters are low budget and not made for WiFi hacking, they don’t support monitor mode or packet injection.

If we are running Kali Linux on Virtual Machine then also the inbuilt WiFi Adapter doesn’t work for us. Not even in bridge mode. In that case we also need an external WiFi adapter to play with WiFi networks. A good external WiFi adapter is a must have tool for everyone who has interest in the cyber security field.

 
WSL2 installation of Kali Linux will not support any kind (Inbuilt or External) of Wi-Fi adapters.

Kali Linux Supported WiFi Adapters

Technically almost every WiFi adapter supports Kali Linux, but those are useless on WiFi hacking if they don’t support monitor mode and packet injection. Suppose, we buy a cheap WiFi adapter under $15 and use it to connect WiFi on Kali Linux. That will work for connecting to wireless networks but we can’t play with networks.

It doesn’t make sense, when we are using Kali Linux then we are penetration testers so a basic WiFi adapter can’t fulfill our requirements. That’s why we should have a special WiFi adapter that supports monitor mode and packet injection. So in this tutorial Kali Linux supported means not only supported it means the chipset has ability to support monitor mode and packet injection.

What is Monitor Mode

Network adapters, whether it is wired or wireless, are designed to only capture and process packets that are sent to them. When we want to sniff a wired connection and pick up all packets going over the wire, we put our wired network card in “promiscuous” mode.

In wireless technology, the equivalent is monitor mode. This enables us to see and manipulate all wireless traffic passing through the air around us. Without this ability, we are limited to using our WiFi adapter to only connect to wireless Access Points (APs) that accept and authenticate us. That is not what we are willing to settle for.
In the Aircrack-ng suite, we need to be able to use airodump-ng to collect or sniff data packets.

What is Packet Injection

Most WiFi attacks require that we are able to inject packets into the AP while, at the same time, capturing packets going over the air. Only a few WiFi adapters are capable of doing this.

WiFi adapter manufacturers are not looking to add extra features to their standard wireless adapters to suit penetration testers needs. Most wireless adapters built into your laptop are designed so that people can connect to WiFi and browse the web and send mails. We need something much more powerful and versatile than that.

If we can’t inject packets into the Access Point (in Aircrack-ng, this is the function of Aireplay-ng), then it really limits what we do.

If we are using Kali Linux and want to be a security tester or ethical hacker then a special WiFi adapter is a must have tool in our backpack. As per our own experience listed Alfa cards in this list are best USB wireless adapter for Kali Linux, going with them may be costly but they are really worth it. For more assistance comment below we reply each and every comment.

We are also in Twitter join us there. Our Telegram group also can help to choose the best WiFi adapter for hacking and Kali Linux.
Baji Mobile App – download and installation instructions for Android and iOS

Baji Mobile App – download and installation instructions for Android and iOS

CyberSecurity Updates, Kali Linux / By

A few words about the feature-rich Baji app

laptop opens a web page header image
Baji was founded in 2016. At the same time, the technical team developed a feature-rich mobile app that allows players to access the platform anytime and anywhere in India. The app is designed for Android gadgets and can be downloaded for free from Baji official website. For iOS devices, a native app is under development, but users can access the platform’s services via the web app or the mobile version of the website.
As the app is fully in line with the functionality of the official site, you will have all the tools you need to play casino games and bet on sports. With smartphones, you will also be able to take advantage of bonuses, deposit and withdraw winnings via the most reliable payment systems, contact the support team and, most importantly, play without restrictions anywhere in India. Thanks to minimal system requirements, you can download the Baji app even on outdated models of gadgets. Moreover, you will be able to use it in India as legally as the main platform, as Baji has a Curacao licence.

Accept Indian Players

Yes

Accept INR

Yes

Year of Foundation

2016

License

Curacao

App version

1.2.1

APK File size

31,6 MB

Memory space

120 MB

Supported operating systems

Android 4.4+, iOS 11.0 or later

Downloading Cost

Free

Internet Connection

3G, 4G, Wi-Fi

Payment methods

Visa, Mastercard, ecoPayz, Bank Transfer, Skrill, PaySafecard, Neteller, UPI, Net Banking, PayTM, etc.

Types of casino entertainment

Slots, LIVE Casino (Roulette, Baccarat, Blackjack, Poker), Dice Games, Lottery, Game Shows, Bingo, etc.

Customer Service

Live Chat, Email, Social Networks

Explore the features of the Baji India mobile app

Since the app replicates the functionality of the official site, Indian users will get all the features they need for an interesting casino game and sports betting experience. For example, when using the app, you will have access to the following features:
  • Deposit and withdrawal of funds;
  • Contacting the 24-hour support service;
  • Account registration;
  • Games with live dealers;
  • Line and Live betting on over 30 sports;
  • Live match broadcasts;
  • Use of bonuses and promotions;
  • Account verification for increased data security;
  • Ability to access via Face ID/Touch ID;
  • Customisation of light or dark design theme;
  • Receive push notifications of upcoming events as well as new bonuses and promotions, and much more.
All these features will make the Baji app your best assistant in making real money from betting and gambling, wherever you are.

How to download the Baji app in apk format for Android

Anyone from India can own the Baji app on Android. All you need to do is download the app from the operator’s official website. To make sure you don’t have any difficulties, we will give you step-by-step instructions:
  1. Access the bookmaker’s platform by opening the official website through any browser on your Android device;
  2. Go through the main menu to the mobile applications section, where there is a link to download Baji Apk for Android;
  3. Click on the “Download Now” button and wait for the Apk to finish downloading to your device.
However, these steps are still not enough for the app to work properly. You need to install the APK file manually. In the section below, we will tell you how to do it.

A few simple steps to install APK on your Android smartphone

Once you download the Baji Apk, the file will appear in the downloads folder on your device. Now you need to install it. But before you start the installation, change the settings of your gadget under “Security” to allow installation of files from unknown sources. This action is necessary because the Android system doesn’t allow you to install files from the internet, considering them suspicious. Don’t worry, Baji Apk will not harm your device. So:
  1. Open the Downloads folder on your Android gadget;
  2. Click on the APK file downloaded from the official Baji website;
  3. Select the “Install” option and wait for the process to complete.
Once the app is fully installed, an icon will appear in the main menu of your smartphone. Clicking on it will give you instant access to one of the best mobile betting platforms – Baji!

Baji services on iOS devices

At the moment, betting operator Baji doesn’t have a native app for iOS handheld devices. However, this doesn’t stop Indian users from accessing the bookmaker’s service from their iOS smartphones. There are two ways – the web app and the mobile version of the website. Let’s talk about these two options.

Web App

Essentially, the web app is the mobile version of the site, however, to access the platform as quickly as possible, you can display the Baji website shortcut on the home screen of your iOS smartphone. This is done as follows:
Open the Baji mobile site in the Safari browser;
In the browser menu, click the “Share” button and then select the “Add to home screen” option;
Confirm this action and then give a name to the shortcut, such as Baji.
As a result of these steps, the Baji website will appear as a shortcut on the desktop of your Apple smartphone. Similar to the native app, clicking on the shortcut will take you straight to the main page of the bookmaker’s website and allow you to navigate between sections.

Mobile version

The mobile version will also provide you with all the products and options you need in order to bet and play casino games for real money. All you need to use it is a stable internet connection.
Using the mobile version of the site also has its advantages, among which are:
Access to the bookmaker’s platform from any device;
Adaptation to the screen size of any gadget;
  • No system requirements;
  • The site has an SSL certificate, which protects data from leakage;
  • Does not take up space in the memory of the gadget.
To access the bookmaker’s mobile site, just open the Baji website in any browser on your iOS gadget. Remember that through the mobile site you can also access all services such as sports betting, casino games, live casino, customer support, personal account, etc.

Baji Betting App

All sports and cyber sports disciplines in the Baji sportsbook, are also available in the mobile app. You will be able to bet on matches across more than 30 sports. Open the Baji app, and visit the sportsbook to see all the events you can bet on LINE and LIVE. Here, for example, are the most popular ones:

Cricket

Knowing how much Indian punters love cricket, Baji offers the following events in this sporting discipline: Indian Premier League (IPL), ICC Cricket World Cup, Lanka Premier League (LPL), The Hundred and Caribbean Premier League (CPL), ICC Championship Trophy, Ashes Series, Asia Cup, ODI, T20 World Cup, etc.

Football

Football is the most popular sport in the betting world. The following events are currently available for football betting: UEFA Super Cup, UEFA Champions League, Bundesliga, England Premier League, etc.

Baseball

Another sport that is quite popular among Indian bettors. You will be able to bet on baseball events such as MLB, Italian Baseball League, 1st Bundesliga, NPB, California League, etc.

Tennis

Despite being less popular among Indian players than cricket, the Baji app features an incredible number of tennis events. For example, Wimbledon, US Open, Australian Open, French Open, WTP Finals, ATP Finals, BNP Paribas Open, Laver Cup, etc.

eSports

Cybersports is becoming increasingly popular in India. The Baji app allows players to bet on a variety of cyber sports including Dota 2, CS: GO, League of Legends, Overwatch, Valorant, Rocket League, Rainbow 6, Mobile Legends, Starcraft 2, Age of Empires and more.

Variation of casino games

In addition to sports betting, users of the Baji app can visit the casino section and play hundreds of exciting games developed by licensed providers. On the app, you can enjoy games such as:

Slots

Hundreds of slot machines in the most popular genres are waiting for your participation. All of them have a certain theme, rules and musical accompaniment. Fruit slots, 3D, books, classics, jackpots, video slots, card slots and many other categories.

Table Games

If you are a true card and roulette player, you will find many varieties of baccarat, poker, blackjack, and roulette in this section.

Live Dealer Games

Visit the Live Casino section to find the highest quality and most exciting live dealer games. Poker, Roulette, Baccarat, Blackjack, Andar Bahar, Teen Patti, Sic Bo Craps, and a host of other live entertainment is available to play anywhere in India via the mobile app.

Game Shows

If you want to have fun, visit the Game Shows section where you will find many games like Crazy Time, Dream Catcher, Boom City, Sweet Bonanza, etc. The winner will be decided by a random number generator and the gameplay will be accompanied by real presenters via video streaming.

Basics of Bash Scripting on Kali Linux

CyberSecurity Updates, Kali Linux / By

When we are talking about Linux and Terminal, we can’t left Bash scripting. Bash scripting will be very helpful to become a cybersecurity expert, we can automate payloads and other tasks. On our this article we are gonna talk about ‘Bash Scripting‘ and how to write accurate scripts on Linux.

Bash Scripting on Kali Linux

The GNU Bourne-Again Shell (Bash) is a powerful tool and scripting engine. We can do automate many tasks on command-line. In our this guide we are learning Bash scripting and know some practical use case. Here we assume that we know about the Linux files, which discussed on previous article.

Introduction to Bash Scripting

A Bash script is a plain-text file that contains a series of commands that are executed as if they had been typed on terminal window. In general, Bash scripts have an optional extension of .sh for identification (but it can be run without extension name), begin wit #!/bin/bash and must have executable permission set before the script can be executed. Let’s write a simple “Hello World” Bash script on a new file using any text editor, named it hello-world.sh and write the following contains inside it:

#!/bin/bash

# Hello World on Bash Script.

echo “Hello World!”

Then save and close it. In the above script we used some components which we need to explain:

  • Line 1: #! is known as shebang, and it is ignored by the Bash interpreter. The second part, /bin/bash, is absolute path to the interpreter, which is used to run the script. For this we can identify that, this a “Bash script”. There are various types of shell scripts like “zsh” and “C Shell script” etc.
  • Line 2: # is used to add a comment. Hashed (#) tests will be ignored by interpreter. This comments will help us to take special notes for the scripts.
  • Line 3: echo “Hello World!” uses the echo Linux command utility to print a given string to the terminal, which in this case is “Hello World!”.

Now we need to make this script executable by running following command:

chmod +x hello-world.sh

In the following screenshot we can see the output of the above command:

granting permission on bash script

Now we can run the script by using following command:

bash hello-world.sh

We can see that our script shows output of “Hello World!” on our terminal as we can see in the following screenshot:

hello world output on bash

The chmod command, with +x flag is used to make the bash script executable and bash along with scriptname.sh we can run it. We can ./scriptname.sh to run the script. This was our first Bash script. Let’s explore Bash in a bit more detail.

Variables

Variables are used for temporarily store data. We c an declare a variable to assign a value inside it, or read a variable, which will “”expand” or “resolve” it to its store value.

We can declare variable values in various ways. The easiest method is to set the value directly with a simple name=value declaration. We should remember that there are no spaces between or after the “=” sign.

On our terminal we can run following command:

name=Kali

Then we again run another command:

surname=Linux

Variable declaring is pointless unless we can use/reference it. To do this, we precede the variable with $ character. Whenever Bash see this ($) syntax in a command, it replaces the variable name with it’s value before executing the command. For an example we can echo both this variable by using following command:

echo $name $surname

In the following screenshot we can the output shows the values of the variables:

using varriables in bash

Variables names might be uppercase, lowercase or a mixture of both. Bash is case sensitive, so we must be consistent when declaring and expending variables. The good practice to use descriptive variable names, which make our script much easier for others to understand and maintain.

Bash interprets certain characters in specific ways. For example, the following declaration demonstrates an improper multi-value variable declaration:

hello=Hello World

In the following screenshot, we can see the output.

not an example of variable

This was not necessarily what we expected. To fix this type of error we can use single quote (‘) or double quote (“) to enclose our text. Here we need to know that Bash treats single quotes and double quotes differently. When Bash meets the single quotes, Bash interprets every enclosed character literally. When enclosed in double quotes, all characters are viewed literally expect “$” and “” meaning variables will be expended in an initial substitution pass on the enclosed text.

In the case of above scenario we the following will help to clarify:

hello='Hello World'

Now we can print this variable using echo, shown in following screenshot:

right use of variables

In the above example, we had used the single quote (‘) to use the variable. But when we use the hello variable with something other then we need to use double quote (“), we can see following for better understanding:

hello2="Hi, $hello"

Now we can see the print (echo) of new $hello2 variable on the following screenshot:

varibales using double quote

We can also set the value of the variable to the result of a command or script. This is also known as command substitution, which allows us to take the output of  a command (what would normally be printed to the screen) and have it saved as the value of a variable.

To do this, place the variable name in parentheses “()“, preceded by a “$” character:

user=$(whoami)
echo $user

Here we assigned the output of the whoami command the user variable. We then displayed it’s value by echo. In the following screenshot we can see the output of the above command:

take a variable as another variable in bash

An alternative syntax for command substitution using backtick (`), as we can see in the following commands:

user2=`whoami`
echo $user2

This backtick method is older and typically discouraged as there are differences in how the two methods of command substitution behave. It is also important to note that command substitution happens in a subshell and changes to variables in the subshell will not alter variables from the master process.

Arguments

Not all Bash scripts require arguments. However, it is extremely important to understand how they are interpreted by bash and how to use them. We have already executed Linux commands with arguments. For example, when we run command ls -l /var/log, both -l and /var/log are arguments to the ls command.

Bash scripts are not different, we can supply command-line arguments and use them in our scripts. For an example we can see following screenshot:

supplying arguments to bash script

In the above screenshot, we have created a simple Bash script, set executable permissions on it, and then ran it with two arguments. The $1 and $2 variables represents the first and second arguments passed to the script. Let’s explore a few special Bash variables:

Variable Name Description
$0 The name of the Bash script
$1 – $9 The first 9 arguments to the Bash script
$# Number of arguments passed to the Bash script
$@ All arguments passed to the Bash script
$? The exit status of the most recently run process
$$ The process id of the current script
$USER The username of the user running the script
$HOSTNME The hostname of the machine
$RANDOM A random number
$LINENO The current line number in the script

Some of these special variable can be useful when debugging a script. For example, we might be able to obtain the exit status of a command to determine whether it was successfully executed or not.

Reading User Input

Command-line arguments are a form of user input, but we can also capture interactive user input during a script is running with the read command. We are going to use read to capture user input and assign it to a variable, as we did in the following screenshot:

read user input on Bash Script

We can alter the behavior of the read command with various command line options. Two of the most commonly flags include -p, which allows us to specify a prompt, and -s, which makes the user input silent/invisible (might be helpful for credentials). We can see an example in the following screenshot:

read user input silently on bash

If, Else, Elif

If, Else, Elif are considered as most common conditional statements, which allow us to show different actions based on different conditions.

The if statement is quite simple. This checks to see if a condition is true, but it requires a very specific syntax. We need to be careful to attention to this syntax, especially the use of required spaces.

if statement on bash

In the above screenshot if “some statement” is true the script will “do some action“, these action can be any command between then and fi. Lets look at an actual example.

if statement showing example

On the above example, we used an if statement to check the age inputted by a user. If the user’s age was less than (-lt) 12, the script would output a warning message.

Here the square brackets ([ &]) in the if statement above are originally reference to the test command. This simply means we can use all of the operators that are allowed by the test command. Some of the widely used operators include:

  • -n VAR – True if the length of VAR is greater than zero.
  • -z VAR – True if the VAR is empty.
  • STRING1 = STRING2 – True if STRING1 and STRING2 are equal.
  • STRING1 != STRING2 – True if STRING1 and STRING2 are not equal.
  • INTEGER1 -eq INTEGER2 – True if INTEGER1 and INTEGER2 are equal.
  • INTEGER1 -gt INTEGER2 – True if INTEGER1 is greater than INTEGER2.
  • INTEGER1 -lt INTEGER2 – True if INTEGER1 is less than INTEGER2.
  • INTEGER1 -ge INTEGER2 – True if INTEGER1 is equal or greater than INTEGER2.
  • INTEGER1 -le INTEGER2 – True if INTEGER1 is equal or less than INTEGER2.
  • -h FILE – True if the FILE exists and is a symbolic link.
  • -r FILE – True if the FILE exists and is readable.
  • -w FILE – True if the FILE exists and is writable.
  • -x FILE – True if the FILE exists and is executable.
  • -d FILE – True if the FILE exists and is a directory.
  • -e FILE – True if the FILE exists and is a file, regardless of type (node, directory, socket, etc.).
  • -f FILE – True if the FILE exists and is a regular file (not a directory or device).

We had applied these things to the above if statement example and we remove the square brackets using test string. But we think that the square bracket makes the code more readable.

We also can perform a particular set of actions if a statement is true and other statement is false. To do this, we can use the else statement, which has the following syntax:

else statement in bash

Now for an example we expand our previous age example including our else statement, as shown in the following screenshot:

using of else statement in bash example

We can easily notice that the else statement was executed when the inputted age was not less than 12.

We can add more arguments to the statements with the help of elif statement. The example will be following:

elif statement on bash

Let’s extend our age example with elif statement in the following screenshot:

using of elif statement on bash

On the above example we can see that the code is little bit complex compared to if and else. Here when the user inputs the age grater than 60 elif statement will be executed and output the “Salute …” message.

These are the basic uses of bash. Here we learn some simple bash scripts. There are lots of more topic to cover but we don’t want to make the article longer. If you want next part please Tweet us.

In today’s article we learned Basics of Bash scripting on our Kali Linux. Not only Kali Linux this tutorial will work on any Debian based Linux distro like Ubuntu, Linux Mint etc.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Install VirtualBox in Kali Linux

Install VirtualBox in Kali Linux

CyberSecurity Updates, Kali Linux / By

Usually we use Virtual Machines on Windows and use Kali Linux there. But there are lots of Kali fans using Kali Linux directly (as a primary OS) on their PC. Here we sometime need to install virtual machine of other OS or vulnerable virtual machine.

Install VirtualBox in Kali Linux

We have already discussed a way where we had used KVM (Kernel Virtual Manager) in our Metasploitable2 and Windows installation in Linux. Al tough KVM has lots of functions but majority of people will chose VirtualBox because they are used to with VirtualBox.

Oracle VM VirtualBox is a free and open-source hosted hypervisor for x86 virtualization in this tutorial we describe how easily we can install VirtualBox in our Kali Linux system and use it.

First of all we need to go to the Linux download section of VirtualBox by clicking on this link. A new window will open like following screenshot:

VirtualBox download

In the above screenshot we can see that VirtualBox is not directly available for Kali. But the Ubuntu’s VirtualBox will work in Kali Linux and almost other Debian based distributions.

Now we download the VirtualBox for latest Ubuntu version. It is a .deb file with almost 85 MB of size.

After download the deb installer file on the Downloads folder we open the the terminal there and to install it we apply following command:

sudo dpkg -i virtualbox*.deb

Then it will start installing VirtualBox on our Kali Linux system.

VirtualBox started installing

After a little bit of time (depending on our computer’s performance) it will complete.

Now we can search the VirtualBox on the Application menu.

Searching for VirtualBox in Application menu

Now we click on this to open it. It will open in the following screenshot:

VirtualBox Installed in Kali Linux

Now we can use it to configure any other OS under Kali Linux. This is how we can install VirtualBox in our Kali Linux machine and the installation process of other OS in it will be the same as we do it on Windows.

Using Kali Linux as primary OS ? Our daily life with Kali Linux might be interesting.

Liked our tutorial? Don’t miss out! Connect with us on Twitter and GitHub for instant
updates on our latest articles. Ready to dive into the world of Kali
Linux and Cybersecurity? Become a part of our thriving community by
joining our lively Telegram Group. We’re on a mission to foster a strong
community dedicated to Linux and Cybersecurity enthusiasts. Have
questions or thoughts? Drop a comment – we’re here to assist! Our
comment section is your space to engage, and we make sure to read and
respond to each one.

Best 15 Gadgets For Ethical Hackers on Amazon 2023

Best 15 Gadgets For Ethical Hackers on Amazon 2023

CyberSecurity Updates, Kali Linux / By

Our in this platform we usually talk about various applications and their uses to check loopholes on systems. But penetration testers not only uses software applications, they also need some hardware to perform the tasks. In this detailed article we are going to cover hardware devices & gadgets used by an ethical hacker. Let’s start with a warning.

Warning:- This article is written for educational purpose only. To make it more ethical, we just only talk about the hardware devices publicly available in Amazon. Using these devices on our own for educational purpose isn’t crime, but using these devices against others without proper permission is illegal. So use these devices responsibly, we and Amazon will not be responsible for talking and selling these kind of product.

Hardwares and gadgets used by hackers

Lets start with a computer, most of cybersecurity experts prefer laptops, not desktops because laptops are portable. We had wrote an entire article about best laptops for Kali Linux, Moving forward ethical hackers uses some other hardware devices that is our main topic for today.

1. Raspberry Pi 4

Raspberry Pi dominating the market of single board computers (SBC). This device used by almost every security personals.

Raspberry pi

This is very useful we can install entire Kali Linux on this credit card sized computer. Raspberry Pi also can be used in many other projects. Cybersecurity experts use it on various way. We can see in Mr. Robot Season 1 Episode 5, how Elliot hacked the climate control network to destroy magnetic tapes.

There are unlimited uses of raspberry pi for an ethical hacker. This device is a must have for everyone on infosec and programming field.

buy Raspberry Pi on amazon

2. Raspberry Pi Zero W

This is a small handheld computer, ideal for carrying the best penetration testing software tools, and to handle all the external hardware hacking tools. The most known Cybersecurity distro for it is P0wnP1 A.L.O.A. and Kali Linux. P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W. The successor of P4wnP1 is called P4wnP1 A.L.O.A. We recommend the USB type-A pongo-pin adapter shown in the above picture.

We also can use it a headless system (without monitor). This device connected with a power bank in our bag and we can control it from our mobile device on our hand(using VNC).

buy from amazon

3. USB Rubber Ducky

usb rubber ducky

USB Rubber ducky is created and developed by Hak5. Nearly every computing devices accepts human input from keyboards, hence the ubiquitous HID specification – or Human Interface Device. Keyboards announce themselves to computers as HID devices and are in turn automatically recognized and accepted.

The USB Rubber Ducky delivers powerful payloads in seconds by taking advantage of the target computers inherent trust all while deceiving humans by posing as an ordinary USB drive.

In simple words, if we plug it on a computer, the computer think it is a keyboard and it will inject (type, save and execute) our preset payload on the computer. There are lots of payload available for this device. Also we can easily write our own code.

This is one of the bast way to compromise a system having physical access.

buy from amazon

4. WiFi Pineapple

The Wi-Fi pineapple is the original Wi-Fi attack tool developed by Hak5. There are three different models available from Hak5. They all are good, here we choose Mark VII model for it’s value for money.

Wifi pineeapple

This will automate the auditing of WiFi networks and saves the results. We can control it with awesome web based interface. This is really a very good product for security testing o wireless networks.

buy from amazon

5. HackRF One

HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies. We can read and manipulate radio frequencies using this device.

hackrf one

HackRF One is an open-source hardware platform that can be used as a USB peripheral or programmed for stand- alone operation. This SDR offers one important improvement compared to other cheap alternatives. But the Radio Frequency (RF) quality isn’t good as expected.

buy from amazon

6. Ubertooth One

Ubertooth One is the most famous Bluetooth hacking tool we can find on the market. It is an open source 2.4 GHz wireless development platform suitable for Bluetooth hacking. Commercial Bluetooth monitoring equipment can easily be priced at over $10,000 , so the Ubertooth was designed to be an affordable alternative platform for monitoring and development of new BT, BLE and similar wireless technologies.

ubertooth

Ubertooth One is designed primarily as an advanced Bluetooth receiver, offering capabilities beyond that of traditional adapters, which allow for it to be used as a BT signal sniffing and monitoring platform. Although the device hardware will accommodate signal broadcasting, the firmware currently only supports receiving and minimal advertising channel transmission features.

buy from amazon

7. WiFi Deauther Watch

As the name said it’s a deauther, it de-authenticate the WiFi users and they got disconnected. It’s not a jammer. It uses ESP8266 WiFi development board to do so. Here it’s watch version is looks super cool gadget for every hacker.

wifi deauther

While a jammer just creates noise on a specific frequency range (i.e. 2.4 GHz), a deauthentication attack is only possible due to a vulnerability in the Wi-Fi (802.11) standard. The deauther does not interfere with any frequencies, it is just sending a few Wi-Fi packets that let certain devices disconnect. That enables us to specifically select every target. A jammer just blocks everything within a radius and is therefore highly illegal to use.

buy from amazon

8. USB Killer

Computers doesn’t check the current flowing through USB, because it uses computers own power and can’t transmit more voltage. But what if we took an advantage of this to burn our (using on others is totally illegal) entire system.

USB Killer

When plugged into a device, the USB Killer rapidly charges its capacitors from the USB power lines. When the device is charged, -200VDC is discharged over the data lines of the host device. This charge/discharge cycle is repeated many times per second, until the USB Killer is removed. As the result target device becomes burned and unrepairable.

Its compact size and flash-drive style housing makes it an important device in every pen-tester’s toolkit. It can be used multiple times as we want.

buy from amazon

9. Bad USB

This is a super alternative of USB Rubber Ducky. This device contains customized HW based on Atmega32u4 and ESP-12S. This device allows keystrokes to be sent via Wi-Fi to a target machine. The target recognizes the Ducky as both a standard HID keyboard and a serial port, allows interactive commands and scripts to be executed on the target remotely.

bad usb with wifi

Attacker can easily carry it as a thumb drive and plug into any PC to inject payload, running own command on it, it also can be controlled over WiFi. It looks like innocent USB thumb drive, which is a great advantage. But this is doesn’t have faster speed like USB Rubber Ducky.

buy from amazon

10. Hardware Keylogger

A hardware keylogger can be inserted between USB keyboard and computer. It captures all the keystrokes made from the keyboard, must have thing for every cybersecurity expert.

hardware keylogger

This is a basic hardware keylogger. It has 16 MB storage. Which is sufficient to capture keystrokes for a year generally. Later we can remove it and plug on our computer to read the keystrokes. Some keyloggers comes with WiFi controlling and SMS controlling functionality. No software can detect it’s there.

buy from amazon

11. Adafruit Bluefruit LE Sniffer

Adafruit
luefruit LE Friend is programmed with a special firmware image
thatturns it into an easy to use Bluetooth Low Energy sniffer. We can
passively capture data exchanges between two Bluetooth Low Energy (BLE)
devices, pushing the data into Wireshark,
the open source network analysis tool, where you can visualize things
on a packet level, with useful descriptors to help us make sense of the
values without having to crack open the 2000 page Bluetooth 4.0 Core
Specification every time.

ble sniffer

Note:
We can only use this device to listen on Bluetooth Low Energy devices!
It will not work on Bluetooth (classic) devices. Firmware V2 is an
improved firmware from Nordic now has better Wireshark-streaming sniffer
software that works with all OS for live-streamed BLE sniffing. The
sniffer firmware cannot be used with the Nordic DFU bootloader firmware,
which means that if we want to reprogram this device you must use a J-Link (and a SWD programmer board). We cannot over-the-air (OTA) reprogram it.

buy from amazon

12. Micro-controllers

There are lots of micro-controllers used by ethical hackers. Some of them are must have in a ethical hackers backpack.

NodeMCU ESP8266

nodemcu esp8266

ESP8266 is a $6 WiFi development board and it can be used in various way, we can make WiFi deauther by our own. It also can be used to create phishing pages over WiFi.

buy from amazon

Arduino Pro Micro

This tiny micro-controller is one of the best choice for ethical hackers. We can make our own DIY USB Rubber Ducky.

Arduio pro micro

Arduino Pro Micro is really good thing at a very low price. But if we want to change the script then we need to reset and upload new script on it from our computer.

buy from amazon

13. RTL-SDR

RTL-SDR is a very cheap software defined radio that uses a DVB-T TV tuner dongle based on the RTL2832U chip-set.

rtl sdr devices

It can be used to intercept radio frequencies. We can use it for listening others conversations. It is also able to intercept GSM mobile calls and SMS. It is very useful for cybersecurity experts.

buy from amazon

14. Proxmark3 NFC RFID Card Reader

Owning
a Promark3 means owing the most powerful and most complete device
RFID/NFC (LF & HF) testing in the frequencies of 125KHz / 134KHz /
13.56MHz.

promark 3

This
devices can make read the data of RFID and NFC cards and then make a
copy of it. We can write the new copies on blank cards provided with
this package. We we need more we can buy more blank cards on Amazon.

Therefore,
investing some more bucks in upgrading it, it’s not a bad idea. To
improve its range we need the extended range antennas for LF and HF.

Another
new and nice upgrade for it, is the Blue Shark Bluetooth 2.0 upgrade,
that permits controlling the proxmark3 wirelessly plus adding an
external battery to create an autonomous proxmark3 that can be connected
and controlled from your computer or smartphone. The Walrus NFC
application has been updated to permit control by Bluetooth. It also
fixes the high temperature concerns adding a metal cooler.

buy from amazon

WiFi Adapters (Monitor Mode & Packet Injection)

wifi adapter for kali linux

WiFi adapter specially which supports monitor mode and packet injection is essential for WiFi penetration testing. So most of the hackers uses it. We had noticed that Alfa makes awesome adapters for cyber-security personals. We already discussed it on our Best WiFi adapter for Kali Linux article. Please check out that article before buying an WiFi adapter.

Wifi adapter price on amazon

Something Extra

This is the gadgets for hackers we can directly buy from Amazon and help us on our ethical hacking journey. There are some more gadgets used by hackers but talking about them will be not ethical here. Most of them manufactured from china and available on some online stores. There are some cool stores like Hak5, but in this article we discussed about some gadgets which are openly available on Amazon.

Warning:- Using the above devices is not illegal. They are selling publicly on Amazon. But using these devices to harm anyone is totally illegal. We listed them for educational purpose and to learn how to safe ourselves from these kind of devices. If anyone uses this devices to harm anyone then we are not responsible for that, Amazon also not responsible. So use this devices responsibly, always remember:

Spiderman is also Anonymous

That’s for today. Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Ncrack — Crack Network Credentials in Minutes

Ncrack — Crack Network Credentials in Minutes

CyberSecurity Updates, Kali Linux / By

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack comes pre-installed with Kali Linux.

NCrack Kali Linux

During penetration testing sometimes we got sometimes we got some port opened on some web application. Ports are open for using services. Services like SSH, FTP, HTTP, SMTP etc. We usually use nmap to scan a network.

nmap scan result

We can see in the above nmap scan result, this network’s SSH and FTP ports are opened (port 21 and 22). If we can login through SSH then we got the terminal of the system and if we login through FTP then we got the file manager of the system.

We can try various tools to crack them like Hydra. But in this article we are going to learn about Ncrack.

Firstly we run following command to check the helps of Ncrack. Ncrack uses brute force attacks to crack network credentials. We have found lots of network admins using default or easy password, we can crack them using Ncrack in minutes.

ncrack --help

We can see a very big list of options in the help section as we can see in the following screenshot:

ncrack help options

Without going much deeper let’s check an basic example of Ncrack brute force attack.

To use Ncrack against a service we can use following command:

ncrack -U path/of/usernamelist -P path/of/passwordlist <ip address or domain name>:port -v

So, if we want to attack on our localhost target using real username and password list, then our command will be following:

ncrack -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt 192.168.43.205:21 -v

Here we have used infamous SecLists, which comes preinstalled with Kali Linux. The output we can see in the following screenshot:

Ncrack cracked the username and password

In the above screenshot we can see that Ncrack successfully cracked the credentials. The credentials are username:admin, password:password. Not only our target, there are lots of users around the world still using default or easy passwords.

Ncrack also comes with a default (small) username and password list to attack. To use it we can use following command:

ncrack 192.168.225.51:21 -v

This command will use the default password list comes with Ncrack. It has some default username and password lists. The screenshot is following:

ncrack ftp default password list

If we need to run Ncrack’s brute force attack against ssh (port 22) then we can use following command:

ncrack whatsapp5.com:22 -v

We can find other Ncrack commands using ncrack –help command.

This is the way we can find low security usernames and passwords of FTP, SSH,  web server or web application. 

In this article we learn how we can use Ncrack on Kali Linux.

Disclaimer:- Use of Ncrack against a network without proper permission is illegal & serious crime. We can test our own system for low security password. If anyone do any illegal activity then we are not responsible for that.

Liked our article? Then make sure to follow our Twitter and GitHub we post new article updates there. To connect directly with us please join our Telegram group.

For any problem or question please comment down in the comment section.

The Fusion of Technology and Trading: Empowering Individuals in the Digital Age

The Fusion of Technology and Trading: Empowering Individuals in the Digital Age

CyberSecurity Updates, Kali Linux / By

Due to the rapid pace of technological advancement, the trading industry has undergone a remarkable transformation in recent years. The rise of digital platforms and innovative tools has revolutionized the way individuals engage with financial markets, empowering them like never before. In this blog post, we will delve into the exciting realm where technology and trading intersect, exploring how it has democratized access, enhanced decision-making, and fostered a more inclusive and efficient trading environment.

Accessibility: Breaking Down Barriers

One of the most significant advantages of technology in trading is the newfound accessibility it offers. In the past, trading was largely confined to financial institutions and seasoned professionals. However, the emergence of user-friendly platforms and mobile applications has opened up the world of trading to a wider audience. If you are interested in trading, you can click here – my personal experiences with Vantage Markets and more details about the specifics of trading. Nowadays, anyone with an internet connection and a smartphone or computer can engage in activities, creating opportunities for individuals from all walks of life to participate in financial markets.

Data and Analysis: Informed Decision-Making

In the digital age, traders are no longer reliant solely on gut instincts and limited information. Technology has brought forth a wealth of data and advanced analytical tools that enable traders to make more informed decisions. Real-time market data, historical trends, and powerful algorithms allow traders to analyze market conditions, identify patterns, and assess risk with greater precision. By harnessing technology, traders can develop more robust strategies, adapt to changing market dynamics, and make data-driven decisions that were once exclusive to institutional investors.

Automation and Efficiency: Streamlining Trading Processes

Gone are the days of tedious manual trading processes. Automation has become a game-changer in the landscape, empowering individuals to execute trades quickly and efficiently. With the advent of algorithmic trading, individuals can leverage pre-defined rules and parameters to automate their strategies. This not only saves time but also reduces the margin for human error.

Moreover, automated systems can continuously monitor markets and execute trades based on predefined criteria, even in the absence of direct human intervention. This level of efficiency and precision has revolutionized the way trading is conducted, allowing individuals to capitalize on market opportunities without being tethered to their screens.

Education and Empowerment: Knowledge at Your Fingertips

Technology has democratized access to knowledge and educational resources, empowering traders to enhance their skills and make better-informed decisions. Online forums, webinars, and educational platforms provide individuals with a wealth of information on strategies, risk management, and market analysis. Furthermore, the integration of artificial intelligence and machine learning algorithms into tools allows individuals to gain insights and learn from sophisticated models and algorithms. This democratization of knowledge has the potential to level the playing field, enabling individuals to develop their expertise and succeed in the trading arena.

Security and Transparency: Safeguarding the Future

In an era where cybersecurity threats loom large, technology has also played a crucial role in enhancing security and transparency in trading. Advanced encryption techniques, multifactor authentication, and secure digital wallets ensure that individuals’ financial assets and personal information are well protected.

Canarytokens — Danger For Attackers

Canarytokens — Danger For Attackers

CyberSecurity Updates, Kali Linux / By
Canarytokens are one type of customisable unique links that someone click or access this links we can get many information of target like the IP, location, browser, target is using tor or not and many more information.


The main use of canarytokens is track malicious activity on our own network, application, web server and start an alert.

Now these days cyber crimes are increasing day by day and new vulnerabilities and bugs in software is founding every single day. This is very challenging job to save our application or website from cyber criminals, here canarytokens can help. Obviously this can’t save us, but it can alert us on suspicious activities on our system.

canarytokens
Image Copyright : stationx.net

Previously we have covered about Honeypots. Honeypots are used to trap the attackers. Canarytokens are also one type of honeypots, with the help of canarytokens we can set trigger on our system networks website, application. Whenever someone trying to do anything wrong canarytokens can send send notifications to us.

Let’s start some practical of canarytokens. First we see how we can find someones information with canarytokens. To start this we open this link on browser https://canarytokens.org/generate

The screenshot is following :

canarytokens

After clicking “Select your token” we got following screen:

canarytokens create

Here we can see we can generate canarytokens for different type of works like :

  • Web-bug / URL token (Alert when URL is visited)
  • DNS token (Alert when a hostname is required)
  • Unique email address token (Alert when an email is send to a unique address)
  • Custom Image Web bug token (Alert when an image you uploaded is visited)
  • Microsoft Word Document token (Get alerted when a document is opened is Microsoft Word)
  • Acrobat Reader PDF Document token (Get alerted when a PDF document is opened in Acrobat Reader)
  • Windows Folder token (Be notified when a windows folder is browsed in Windows explorer)
  • Custom exe / binary token (Get notified when an EXE or DDL is executed)
  • Cloned website token (Get an alert when your website is cloned)
  • SQL Server token (Get notified when MS SQL server databases is accessed)
  • QR Code token (Generate QR Code for physical token)
  • SVN token (Alert when someone checks out an SVN repository)
  • AWS keys token (Alert when AWS key is used)
  • Fast Redirect token (Alert when url is visited. User is redirected)
  • Slow Redirect token (Alert when url is visited. User is redirected, grab more information)

Here we choose web-bug or url token, then we need to type our e-mail address for alert notification. Then we need to put a note that when the alert comes we can identify from which tokens alert comes. This note is totally depends on us that what note we typed here.

Now we click on “Create my Canarytoken”, see the screenshot:

url token

After clicking on create canarytokens we can see our canarytokens for web-bug is ready. See in the following screenshot:

Now we can copy and send this link to victim. Here is some idea about how to send this link.

  • We can send this on email with a juicy subject.
  • We can embedded this link with some documents.
  • We also can set this link on any web page image with <img src=””> , we need to make sure that the image must be attractive so victim will click on it.
  • We can use social engineering to track someone by sending this link.

When our target clicks on this link we will get various information. I have clicked on my own link and for checking the information we are going “Manage this token” as shown in the following screenshot:

manage canarytoken

Check the next screenshot that we have successfully triggered our token, and we can now check the history.

triggered canarytoken

Now we got many information on target here we got

  • Targets IP.
  • Location of ISP.
  • Target is using tor or not.
  • User agent information.
  • Browser have enabled java script or not.
  • Platform and Operating System.

Check the following screenshot:

canarytokes found location

We also get same information on our provided email address.

So, we have successfully created and triggered our url canarytoken. Even we choose Microsoft word document , then we got Microsoft word file to download. After Downloading we can give the file a juicy name and send this word file by email or any other way or we can save it in some sensitive folder in our system or server. When target opens this word file we got all the information.

Same we can choose windows folder token, here we got a zip file and we need to extract the folder and rename with a spicy name, whenever someone opens our this folder in windows explorer canary token will triggered and we got all the information. So this is the way to use Canarytokens.

If it happens with us means someone send us canarytokens link then how save our identity and privacy.

If someone sen the direct link like

canarytoken link

Here clearly seen that it is a canarytoken link but when someone use url shortner to short the link then before clicking the link we can expand the link with the help of some online services like :

And there is a tool on Github that detects canarytoken link on Microsoft office document. We can clone this tool by applying following command:

git clone https://github.com/techchipnet/CanaryTokensDetector

 The screenshot is following :

 Then we go to the cloned folder and we also need to copy the Microsoft Word document into the same directory.
And give the file execute permission using the following command:

chmod +x canarytokendetector.sh

Then we can run the script by using following command :

./canarytokendetector.sh

 The screenshot is following :

And then we type the name of the Microsoft Word file and hit Enter.

We can clearly see in the above screenshot the our this file is contains Canarytoken link.

Do you enjoy reading our articles? Be sure to follow us on Twitter and GitHub for regular updates on new articles. If you want to join our KaliLinuxIn family and be part of a community focused on Linux and Cybersecurity, feel free to join our Telegram Group.

We value building a strong community and are always here to help. Feel free to leave your comments in the comment section, as we read and reply to each one. We appreciate your engagement and look forward to connecting with you.

SSLyze — Find Mis-Configuration on SSL

SSLyze — Find Mis-Configuration on SSL

CyberSecurity Updates, Kali Linux / By

Information gathering is a very crucial part of cybersecurity. If our target is a web server then we need to know a lot of things about it. We use various tools to do this jobs easily.

SSLyze is a fast and powerful python tool that can be used to analyze the SSL configuration of a server by connecting to it. SSLyze comes pre-installed with Kali Linux.

SSLyze on Kali Linux

It allows us to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues (bad certificate, weak cipher suites, Heartbleed, ROBOT, TLS 1.3 support, etc).

SSLyze can either be used as command line tool or as a Python library.

Key-Features of SSLyze

  • Multi-processed and multi-threaded scanning (it’s really fast).
  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility.
  • Fully documented Python API, in order to run scans and process the results directly from Python.
  • Support for TLS 1.3 and early data (0-RTT) testing.
  • Scans are automatically dispatched among multiple workers, making them very fast.
  • Performance testing: session resumption and TLS tickets support.
  • Security testing: weak cipher suites, supported curves, ROBOT, Heartbleed and more.
  • Server certificate validation and revocation checking through OCSP stapling.
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres and FTP.
  • Scan results can be written to a JSON file for further processing.

 Let’s get started without wasting time. We know it comes with Kali Linux pre-installed but if not installed in some installation we can install it by using following command:

sudo apt-get install sslyze

By applying above command we can install/upgrade SSLyze on our Kali Linux system. Then we can check the help of this tool by using following command:

sslyze -h

The screenshot of the command is following:

sslyze help menu

Now we can read all the options we can use. This is easy to understand we just need to read carefully the help menu and use right flag for what we are trying to get from the server.

In our this article we are going to run a regular scan on a website, by using following command:

sslyze --regular www.google.com

Here we have choose a well known website for just an example. We can choose any website or server in the world. We also can put IP address here.

We got the results in the following screenshot:

sslyze regular scan

We can scroll down to see the total result of the scan.

Even not a regular scan we can use many flags to know what we want. We can all the flags (options) on the help menu.

For another example if we need to check for OpenSSL HeratBleed on the server we can use following command:

sslyze --heartbleed www.google.com

We know that targeted host Google is not vulnerable to OpenSSL HeartBleed vulnerability. But other domains may be vulnerable.

This is how we can test web server’s using SSLyze on our Kali Linux system. This is very helpful for organizations and testers identify mis-configurations affecting their SSL servers.

Found this article interesting? Then make sure to follow our free e-mail subscription to get notified whenever our new article is released. We also post updates on our GitHub and Twitter.

For any kind of problem we are always here to help. We reply each and every comments so please make sure to comment down below. We always reply.

Wifite — Easy & Automated Wireless Auditing

CyberSecurity Updates, Kali Linux / By

Wifite is not maintained, it’s Wifite2. It is complete rewrite of previous popular tool wifite2 by derv82, thanks to kimcoder to maintain this repository well. It’s designed to automate the process of a wireless auditing. To run properly it needs Aircrack suit, Reaver, Pyrit and some more to be installed. Wifite and the additional tools to run it comes pre-installed with Kali Linux (if not then we can simply apply sudo apt install wifite -y command to install it).

Wifite Kali Linux easy wifi cracking tool

Features of Wifite

With the help of wifite we can audit WEP, WPA, WPS encrypted network by by multiple attacks. Before using this powerful tool we gonna check it’s features:

  1. Wifite can shorts targets by signal strength that means we can crack the good signal or the closest access points first.
  2. It can automatically de-authenticate clients of hidden networks and then reveal their SSID’s.
  3. anonymous” features, wifite can generate a random MAC address before attacking and after attack it comes back to original MAC. We have did this manually in our Changing MAC Address tutorial.
  4. We can skip an attack by Ctrl+C and it will start the next attack.
  5. Wifite saves all cracked  passwords in text file.

Using Wifite on Kali Linux

We need t open our terminal window and run following command to start Wifite’s help options:

wifite -h

In the following screenshot we can see the output of the above command:

wifite help options

Here we need to keep in mind that we must plug on our monitor mode and packet injection supported Wi-Fi adapter with our system, to audit wireless systems using Wifite. We can start using it by simply using following command:

sudo wifite

We can see the output in the following screenshot:

wifite start page

Here we need to select our wireless interface (In our case it is #2, it is our external WiFi adapter), so we press 2 and hit Enter ↲. In the following screenshot we can see that Wifite turns on Monitor mode and scanning for targets:

Wifite scanning for targets

Here we can stop the scanning process if we got our target Wireless network by pressing CTRL+C. (Here we got a our home WiFi nothing more).

In the following screenshot we can see that we need to select our target network or we can say all and press Enter ↲ for auditing all wireless networks found.

Auditing our home wifi

Then Wifite will start auditing the wireless network(s), It will start from capturing handshakes, then automatically try to crack the handshake file using a default wordlist (/usr/share/dict/wordlist-portable.txt). As we can see in the following screenshot:

wifite trying to crack wireless network password

Now this default wordlist is not enough to crack our password (after-all we are working on cybersecurity). If we want to use another wordlist then we can try following command to run wifite:

sudo wifite --dict /location/of/wordlist.txt

In the following screenshot we can see that wifite is going to use our mentioned wordlist for cracking handshake file.

using custom wordlist on wifite

If we want to use pixie dust attack using wifite then we should use command sudo wifite –bully (Use bully program for WPS PIN & Pixie-Dust attacks) or sudo wifite –reaver (Use reaver program for WPS PIN & Pixie-Dust attacks). To attack access points with over 50 dB of power (-pow 50) using the WPS attack (-wps), and command will be sudo wifite -pow 50 -wps.

We can see all other options on the help menu (wifite -h), and learn how we can use wifite tool.

Warning: This article is written for educational and security awareness purpose. Damaging others is not ethical and may be consider as offensive crime. We don’t support any unethical works. All the tests in this article is done at our own lab by attacking our own devices.

Wifite is an automated WiFi cracking tool on Kali Linux, we just need to run wifite, select our targets, and Wifite will automatically start trying to capture or crack the password or other attacks.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Open Whatsapp chat
Whatsapp Us
Chat with us for faster replies.