Python scanning
Kali’s smorgasbord of tooling can be overwhelming at first, but we can leverage Python to simplify things.
Having installed Kali, let’s get straight to business and do some hacking with Python. Never mind if this is entirely new to you, or if you’re already a seasoned coder. We’re going to use GitHub user scavngr’s RapidScan tool (https://github.com/skavngr/rapidscan) to do some introductory ethical hacking.
RapidScan is a good place to start because it automates scanning with hundreds (OK, high tens) of the tools included in Kali Linux. In the repo description’s own words, this makes “binge tool scanning” much easier.
Before we go any further, we’ll stress what should be obvious: don’t be a script kiddie. Don’t go running this, or any other tools from Kali, to seek out vulnerabilities on machines that aren’t your own, or that you don’t have explicit permission to penetrationtest. This might get you in a lot of trouble. Especially if you target Linuxformat.com. You’re not going to find something exploitable on Microsoft, Google and so on domains. And while we show you how to use hacking tools, we omit to show you what is just as important for black and grey-hat hackers: how to cover your tracks.
That responsible disclaimer out of the way, let’s get
RapidScan installed. Boot up Kali and log in (username and password are both kali ). Then open a terminal window using the shortcut on the top bar. You should update Kali first using the first two commands from the Nvidia box on the previous page, otherwise you’ll have problems later. Now let’s install the thing with:
$ git clone https://github.com/skavngr/rapidscan.git
Instead of jumping in and scanning remote hosts, start locally. Use RapidScan to scan the host machine:
$ cd ~/rapidscan
$ python rapidscan.py localhost
It takes a few seconds to run, then displays a short summary. Don’t be alarmed if you see that some vulnerabilities were detected; these are often false positives. Instead, check the log file with:
$ cat rs.vul.localhost.2024-03-01
The last part of the filename is the date, so use tab-completion if you’re too lazy to copy it from the command output. You’ll see, for example, that DMitry, a passive email scanner, uses Google to search for public email addresses on the @localhost domain. Your local machine is probably not running any email server, let alone one with accounts detected from Big G. There’s also a debug log at rs.dbg.localhost.2024-03-01, for instance. As most users don’t (knowingly) run any services on their own machines, it’s unlikely RapidScan
will turn up anything of interest. So, your next step is to scan your router (which almost certainly is running a web server), which involves executing something like:
$ python rapidscan.py 192.168.0.1