Install Kali Linux and perform network scan and web pen test using Vega Usage

Introduction
Cyber security consists of all the technologies and practices that keep computer systems and electronic
data safe. And, in a world where more and more of our business and social lives are online, it’s an
enormous and growing field. According to the Cyber Security & Infrastructure Security Agency (CISA),
"Cyber security is the art of protecting networks, devices and data from unauthorized access or criminal
use and the practice of ensuring confidentiality, integrity and availability of information."

Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their
relationships with customers, and even place them in significant legal jeopardy. With new technology,
from self-driving cars to internet-enabled home security systems, the dangers of cybercrime become
even more serious.

What you will learn

After completing this project, you will be able to learn about Kali Linux and also multiple tools and
technique to scan exploit network and web application.

Pre-requisites:
• Basic understanding about Linux command
• Kali Linux OS
• Virtual box to install kali Linux

How to download Kali Linux

https://www.kali.org/docs/introduction/download-official-kali-linux-images/

How to download and install virtual box

https://www.virtualbox.org/wiki/Downloads
https://www.wikihow.com/Install-VirtualBox

Implementation Step
Step1 – Install Kali Linux

Launch virtual box

open the Oracle VirtualBox Application, and from the File, Menu select Import Appliance

File Menu -> Import Appliance

On the following screen “Appliance to Import” Browse to the location of the downloaded OVA file and
click Open

Once you click Open, you will be taken back to the “Appliance to Import” simply click Next
The following screen “Appliance Settings” displays a summary of the systems settings, leaving the
default settings is fine. As shown in the screenshot below, make a note of where the Virtual Machine is
located and then click Import.

VirtualBox will now Import the Kali Linux OVA appliance. This process could take anywhere from 5 to 10
minutes to complete.
Congratulations, Kali Linux has been successfully installed on VirtualBox. You should now see the Kali
Linux VM in the VirtualBox Console. Next, we’ll take a look at Kali Linux and some initial steps to
perform.
Click on the Kali Linux VM within the VirtualBox Dashboard and click Start, this will boot up the Kali Linux
Operating System.

On the login screen, enter “Root” as the username and click Next.
You will now be present with the Kali Linux GUI Desktop. Congratulations you have successfully logged
into Kali Linux.

The Kali Desktop has a few tabs you should initially make a note of and become familiar
with. Applications Tab, Places Tab, and the Kali Linux Dock.
Applications Tab – Provides a Graphical Dropdown List of all the applications and tools pre-installed on
Kali Linux. Reviewing the Applications Tab is a great way to become familiar with the featured enriched
Kali Linux Operating System. Two applications we’ll discuss in this Kali Linux tutorial
are Nmap and Metasploit. The applications are placed into different categories which makes searching
for an application much easier.

Accessing Applications

Step 1) Click on Applications Tab

Step 2) Browse to the particular category you’re interested in exploring

Step 3) Click on the Application you would like to start.

Network Scan Using NMAP

What is Nmap

Network Mapper, better known as Nmap for short is a free, open-source utility used for network
discovery and vulnerability scanning. Security professionals use Nmap to discover devices running in
their environments. Nmap also can reveal the services, and ports each host is serving, exposing a
potential security risk. At the most basic level, consider Nmap, ping on steroids. The more advanced
your technical skills evolve the more usefulness you’ll find from Nmap

Perform a Basic Nmap Scan on Kali Linux

To run a basic Nmap scan in Kali Linux, follow the steps below. With Nmap as depicted above, you have
the ability to scan a single IP, a DNS name, a range of IP addresses, Subnets, and even scan from text
files. For this example, we will scan the localhost IP address.

Step 1) From the Dock menu, click on the second tab which is the Terminal

Step 2) The Terminal window should open, enter the command ifconfig, this command will return the
local IP address of your Kali Linux system. In this example, the local IP address is 10.0.2.15
Step 3) Make a note of the local IP Address

Step 4) In the same terminal window, enter nmap 10.0.2.15, this will scan the first 1000 ports on the
localhost. Considering this is the base install no ports should be open.

Step 5) Review results

nmap 10.28.2.26 – A
 Congratulation you have completed basic scan using NMAP

Section 2
Kali Linux - Website Penetration Testing using Vega Usage

Vega is a free and open source scanner and testing platform to test the security of web applications.
Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed
sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X,
and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection.
Vega can be extended using a powerful API in the language of the web: JavaScript. The official webpage
is https://subgraph.com/vega/

Step 1 − To open Vega go to Applications → 03-Web Application Analysis → Vega

Step 2 − If you don’t see an application in the path, type the following command.
Step 3 − To start a scan, click “+” sign.

Step 4 − Enter the webpage URL that will be scanned. In this case, it is metasploitable machine → click “
Next”.
Step 5 − Check all the boxes of the modules you want to be controlled. Then, click “Next”.
Step 6 − Click “Next” again in the following screenshot.
Step 7 − Click “Finish”.
Step 8 − If the following table pops up, click “Yes”.
The scan will continue as shown in the following screenshot.

Step 9 − After the scan is completed, on the left down panel you can see all the findings, that are
categorized according to the severity. If you click it, you will see all the details of the vulnerabilities on
the right panel such as “Request”, ”Discussion”, ”Impact”, and ”Remediation”.