- Kali Linux Tutorial
- Kali Linux - Home
- Installation & Configuration
- Information Gathering Tools
- Vulnerability Analyses Tools
- Kali Linux - Wireless Attacks
- Website Penetration Testing
- Kali Linux - Exploitation Tools
- Kali Linux - Forensics Tools
- Kali Linux - Social Engineering
- Kali Linux - Stressing Tools
- Kali Linux - Sniffing & Spoofing
- Kali Linux - Password Cracking Tools
- Kali Linux - Maintaining Access
- Kali Linux - Reverse Engineering
- Kali Linux - Reporting Tools
- Kali Linux Useful Resources
- Kali Linux - Quick Guide
- Kali Linux - Useful Resources
- Kali Linux - Discussion
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Kali Linux - Vulnerability Analyses Tools
84 Lectures 6.5 hours
21 Lectures 4 hours
In this chapter, we will learn how to use some of the tools that help us exploit devices or applications in order to gain access.
Kali has some tools that can be used to exploit Cisco router. One such tool is Cisco-torch which is used for mass scanning, fingerprinting, and exploitation.
Let’s open the Terminal console by clicking the left pane.
Then, type “cisco-torch –parameter IP of host” and if there is nothing found to exploit, then the following result will be shown.
To see what are the parameters that can be used, type “cisco-torch ?”
Cisco Auditing Tool
It is a PERL script, which scans Cisco routers for common vulnerabilities. To use it, again open the terminal on the left pane as shown in the previous section and type “CAT –h hostname or IP”.
You can add the port parameter “-p” as shown in the following screenshot, which in this case is 23 to brute-force it.
Cisco Global Exploiter
Cisco Global Exploiter (CGE) is an advanced, simple, and fast security testing tool. With these tools, you can perform several types of attacks as shown in the following screenshot. However, be careful while testing in a live environment as some of them can crash the Cisco devise. For example, option can stop the services.
To use this tool, type “cge.pl IPaddress number of vulnerability”
The following screenshot shows the result of the test performed on Cisco router for the vulnerability number 3 from the list above. The result shows the vulnerability was successfully exploited.
BED is a program designed to check daemons for potential buffer overflows, format strings, et. al.
In this case, we will test the testing machine with IP 192.168.1.102 and the protocol HTTP.
The command will be “bed –s HTTP –t 192.168.1.102” and testing will continue.