Penetration testing

Kali Linux: Top 5 tools for information gathering

Graeme Messina
July 12, 2021 by
Graeme Messina

What is information gathering?

An information-gathering mission in cybersecurity is the act of collecting information about a potential target. This could be done for penetration testing, network security monitoring or other cybersecurity tasks.

Cybercriminals employ many of the same techniques when gathering information about potential targets. This is why it is important to familiarize yourself with the tools that are used in this step, so you can identify and stop any unauthorized information gathering on your network.

Information gathering is necessary when performing any type of cybersecurity task because it gives the user more knowledge about target systems and networks in order to make an informed decision on how they want to proceed with their attack vector.

Information gathering is a crucial skill that you must learn if you want to be a cybersecurity consultant. Information gathering consists of obtaining and analyzing information about your target and any lapses in their defenses.

To complete an information-gathering exercise, you need to strategically plan what kind of information you want to collect about a target system.

Kali Linux is a powerful operating system that contains many tools for various tasks related to information gathering. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

What kind of information can we gather with Kali?

The kind of information you gather depends on the type of target, their defenses and your goal. You should also consider how much time is available to complete the mission. Below are some things that can be gathered:

  • DNS records (what domains do they have? What subdomains exist?)
  • IDS/IPS events (intrusion detection systems and intrusion prevention systems)
  • Network scanning (scanning for ports, MAC addresses and banner grabbing of a target's systems)
  • Operating systems (can detect operating systems and serve exploits if it is vulnerable)
  • Routing (network configurations that can be found)
  • Ports (sometimes these are opened and can provide information about the server's software or services it provides)
  • Users (find out who is logged in on a target system or what their account privileges are)
  • Systems information. Items such as SMB open network shares and running processes for user accounts with non-privileged access
  • SSL (are the systems or websites protected with secure sockets layer certificates)
  • VPN (are there VPNs running on the network and are they authorized?)
  • Voice over IP (Modern telephony uses this protocol to make voice calls. Are these protocols on their own VLAN? Can these packets be intercepted?
  • SNMP (are there any devices with SNMP running on them? Are they accessible?
  • Email addresses (can email addresses be intercepted for further cybercrimes such as phishing or ransomware payloads?)

What information gathering operations can I perform with Kali?

Below are three of the most powerful operations you can perform with Kali Linux.

1. Kali Linux DNS

Kali Linux DNS allows you to spoof a website by redirecting a link to your destination such as a web server. This allows you to set up a fake login page to harvest user information such as a username and password. You could also have a malicious payload inside of your fake web page that will detonate on a user click or a download, which has the potential to grant you further access and the opportunity to pivot to additional targets.

2. IDS/IPS (intrusion detection system/intrusion prevention system)

As the names suggest, IDS tools detect network breaches, while IPS tools prevent them. These tools protect your network and identify a system’s vulnerabilities and stop them in their tracks. They can also prevent an intrusion by blocking irregular and suspicious traffic.

3. Network scanning

This is the process of finding all systems on a network by using services like port scanners, service fingerprinting or ARP spoofing (manipulating how data gets delivered from one computer to another).

What tools can I use with Kali?

1. Nmap

With Nmap, security professionals can find live hosts on a network and perform port scanning. This app is helpful for many reasons such as identifying open ports which are vulnerable to attack by hackers, or finding the operating system in use so that vulnerabilities may be exploited.

2. Metasploit

The Metasploit framework is a powerful tool for cybersecurity professionals while conducting information-gathering tasks. What makes it unique is the fact that it is very easy to use. It can be used by both ethical hackers and cybercriminals to identify vulnerabilities on networks and servers.

3. Maltego

Maltego is a tool that gives you the ability to use graph-based data mining, network analysis and visualization tools. It can be used with information-gathering tasks such as building IP ranges, mapping out domains or finding connected devices on your network.

4. Wireshark 

Wireshark is one of the most well-known and often used packet sniffing tools available today. It is used by cybersecurity professionals, network administrators and hackers to collect information from networks. Network packets contain a wealth of information, and Wireshark captures this data for later analysis. Learning how to use Wireshark is essential if you wish to conduct information gathering on a network.

5. Netcat

Netcat is a tool that can be used to create simple connections between hosts. Netcat can also be used in conjunction with the TCP and UDP protocols for things like port scanning or creating backdoor channels. It can read and write data if the appropriate ports are configured. If you want to be a penetration tester or work in cybersecurity then learning how to use Netcat will be highly beneficial.

What else can I do with Kali Linux?

Kali Linux is also quite capable of performing memory forensics with the Volatility suite of tools it ships with. These tools allow you to take a memory image and dissect its contents, revealing details about what software was running and what files were accessed on the system at the time that the image was captured.

If you need to perform some forensic hard drive operations on a target computer, Kali will allow you to boot off of a CD or thumb drive and access forensics mode as a boot option. This mode of operation does not touch any contents of the hard drive and does not automount the drives.

This means that if you are working on a vital piece of evidence then there will be a reduced chance of Kali writing data to the disk drive of the target. It is never advisable to work on an original piece of evidence, so making a forensic copy of the data is always a best practice and Kali makes that easy to do.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Learn more about Kali's tools and uses

Kali Linux is a powerful operating system that contains many tools for various tasks related to information gathering.  

We have covered some of the most useful tools and also some additional data about the kinds of information you will need to capture during an information gathering-exercise. Kali is an excellent starting point if you are just learning about cybersecurity.

 

Sources:

Kali Linux forensics mode, Kali

Volatility package description, Kali Tools

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.