==========================
== Gharib Personal Blog ==
==========================
A Techi Personal Blog

Essential Linux Security Tools

kali, kali_linux, security

Essential Linux Security Tools for Kali Linux

Introduction

Linux provides a vast collection of security tools for penetration testing, network analysis, and system hardening. This guide covers essential tools with installation steps and example usage.

🔎 Network Scanning and Enumeration

1️⃣ Nmap - Network Mapper

Nmap is a powerful tool for discovering hosts and services on a network.

Installation:

sudo apt update && sudo apt install nmap -y

Basic Usage:

  • Scan a single host: 
    nmap <target-ip>
  • Scan a subnet: 
    nmap 192.168.1.0/24
  • Detect OS and services: 
    nmap -A <target-ip>

📡 Packet Analysis

2️⃣ Wireshark - Network Traffic Analysis

Wireshark captures and inspects network traffic in real time.

Installation:

sudo apt install wireshark -y

Run Wireshark:

wireshark

Capture packets via CLI:

sudo tshark -i eth0

🎯 Exploitation Frameworks

3️⃣ Metasploit - Penetration Testing Framework

Metasploit is a tool for discovering, exploiting, and validating vulnerabilities.

Installation:

sudo apt install metasploit-framework -y

Basic Usage:

msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <target-ip>
exploit

🔑 Password Cracking

4️⃣ Hashcat - GPU-Accelerated Password Cracking

Hashcat is a high-speed password recovery tool.

Installation:

sudo apt install hashcat -y

Crack a hash:

hashcat -m 0 -a 0 hashes.txt rockyou.txt

5️⃣ John the Ripper - Password Recovery

John the Ripper is another tool for brute-force password attacks.

Installation:

sudo apt install john -y

Crack a password hash:

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

🛡 System Hardening

6️⃣ Lynis - Security Auditing

Lynis performs system audits to detect security weaknesses.

Installation:

sudo apt install lynis -y

Run a system audit:

sudo lynis audit system

7️⃣ Fail2Ban - Brute Force Protection

Fail2Ban monitors logs and bans IPs after multiple failed login attempts.

Installation:

sudo apt install fail2ban -y

Enable and start Fail2Ban:

sudo systemctl enable --now fail2ban

🔥 Firewall and Intrusion Detection

8️⃣ UFW - Uncomplicated Firewall

UFW is a simple tool for managing iptables firewall rules.

Installation:

sudo apt install ufw -y

Basic Firewall Rules:

  • Enable UFW: 
    sudo ufw enable
  • Allow SSH: 
    sudo ufw allow ssh
  • Check firewall status: 
    sudo ufw status

9️⃣ Suricata - Network Intrusion Detection System (IDS)

Suricata is an advanced intrusion detection system.

Installation:

sudo apt install suricata -y

Start Suricata:

sudo systemctl enable --now suricata

🕵️ Rootkit Detection

🔟 Chkrootkit - Rootkit Scanner

Chkrootkit scans the system for known rootkits.

Installation:

sudo apt install chkrootkit -y

Run a scan:

sudo chkrootkit

1️⃣1️⃣ Rkhunter - Rootkit Hunter

Rkhunter detects rootkits, backdoors, and local exploits.

Installation:

sudo apt install rkhunter -y

Scan for rootkits:

sudo rkhunter --check

Conclusion

These tools help enhance Linux security, detect vulnerabilities, and prevent attacks. Regularly updating and using these tools can significantly improve your system’s defense against cyber threats.

🚀 Stay secure and keep learning!