4.2 The Tools Chest (KL)

00:00

Hello and welcome to this Callie fundamentals lesson. I'm very excited to be here with you today, so we've gone through a lot of different things and you may be wondering, when am I going to get to work with the tools? What am I going to get to see these things in action? What am I going to start learning about? The different types of tools within the distribution?

00:19

Great questions tohave. And today is that day

00:22

we're going to go through a high level introduction of the Cali tools, listening where to find that at and where to start. Looking into what each of these things does as it changes through the versions, just keep in mind that some tools may, you know, disappear over time. So always revisit what we're about to do here so that you could be current on the tools that are available to you,

00:42

uh,

00:43

four task stain or any other types of purposes. So let's go ahead and jump right in. I'm gonna pull over a Web browser

00:49

and what we're going to do it. So let's go to tools, not callie dot org's so you'll see here that they have a tools listing,

00:58

so we'll go ahead and click into that. Now. The thing that I love about this site is that they lay the tools out and a very nice orderly fashion. So if you're familiar with pen testing, their security testing, you know, information gathering, vulnerability, analysis, exploitation, maintaining access, things of that nature

01:15

are all going to be a part of doing penetration, testing, security, testing, et cetera.

01:21

Now you may not be ah, pin tester. Maybe you're into forensics. They've got forensics tools. Maybe you need to do stress testing. Maybe you're going to do while is testing or you know something of that nature. So they have a tool in this distribution that could help you to meet those needs

01:36

and do this thing. So we don't want to limit ourselves to just pin testing, because you may be seeking out the distribution for other

01:42

reason. So let's go ahead and jump into a few things that you may want to be aware of here, so they do a good job of again breaking this down by category. But what you can do is let's say that you want to look at let's just start from the top information gathering tools. And let's just say you

02:00

you want know what d n A s. Matt does. So when you click into the link,

02:04

they do a really awesome job of giving you a description. So as you can see here, they've described what the tool does and what it is. And then they give you some examples of what's included in the package, what the tool does, how to use it, and that's consistent across every tool that you see here.

02:21

So if you go over into the vulnerability analysis area here,

02:23

you'll see they have in map. Now you may or may not have heard of in map, but when you click into it,

02:30

it gives you this very verbose description of what end map is, how to use it. What are some things that are included in the package? And so, really, if you've not worked with a lot of security testing tools, or if this is your really you know your baseline, jump into security testing, spend some time on this page learning about the different tools and what they do and

02:49

and what's available, you will always find,

02:51

you know, some industry favorites and things of that nature I love in map and map is one of my go twos when it comes to information gathering, vulnerability, analysis, doing things of that nature I also have used in mike dot dot pone, which is great for trying to do and discover directory traverse ALS and things of that nature. It's an awesome tool.

03:09

So they've really got a lot going on here.

03:12

Wireless attacks. I'm sure you may have heard of air crack in G here.

03:16

And so each of these things is just in itself. You know, a wonderful resource with respect to the tools and learning these things is going to be top notch. And so, you know, one of the things that I also want to point out that you may have heard of is the Medicis played framework.

03:32

If you're going to do any type of pin testing, maybe you know some in depth security testing. This is definitely a tool that you're gonna want to work with. There is a paid version of this tool offered by Rapid seven, but the framework is available to use in Cali.

03:49

Um, so you know you're going to want to learn how to use medicine. Boy,

03:53

if you're going to be a pen tester and do things of that nature, and it has some introductory information here, I know that they offer a course for free on this as well, but definitely want to jump into looking at medicine. Lloyd, if that's something that you plan on doing with respect to penetration, testing

04:11

and then let's just say you're going to work in forensics and do forensic analysis or something of that nature,

04:16

they also have a number of forensic tools here. And so really, the sky is the limit. With respect to what you can do with Callie, you can do a lot of customization with the distribution and things that nature. But really, when it comes to learning tools and pointing out tools, I can teach you things about in map. I can show you things about Not that phone

04:35

in crack Johnny

04:38

John the Ripper, all of those things. But at the end of the day, it's what's going to be beneficial to you. Moving forward. What are you trying to achieve if it's, you know, mobile phone pen testing? If you're into stress testing again, If you're wanting to do forensics if you're just wanting to do vulnerability analysis, but nothing deeper than that,

04:57

really, it's what is going to interest you, what is going to be your passion and drive.

05:00

This is a good starting point after the fundamentals course and kind of digging into this stuff and really starting to figure out you know what's available to you in this distribution.

05:12

So let's go ahead back to our slides here. So in brief today, we really just wanted to talk about those tools. We really wanted to know where there's resource is on where you can start doing more research. I could spend all of the time in the world probably teaching you about each of those tools,

05:30

but again, it's about what's beneficial to you. It's about what you want to take away from this course, what you want to do with the distribution