Mastering Kali Linux for Web Penetration Testing


What you need for this book


  • Hardware list:

The exercises performed in this book and the tools used can be deployed on any modern Windows, Linux, or Mac OS machine capable of running a suitable virtualization platform and a more recent version of the OS. Suggested minimum requirements should allow for at least the following resources to be available to your virtual platforms:

  • 4 virtual CPUs
  • 4-8 GB of RAM
  • 802.3 Gigabit Ethernet, shared with host machine
  • 802.11a/g/n/ac WiFi link, shared with host machine
  1. Software list:

Desktop/Laptop Core OS and Hypervisor:
Virtualization should be provided by one of Kali Linux's supported hypervisors, namely one of the following options. The operating system and hardware will need to support the minimum requirements, with an eye toward dedicating the previous hardware recommendations to the guest virtual machines:

  • For Windows:

VMware Workstation Pro 12 or newer (Player does not support multiple VMs at a time)--http://www.vmware.com/products/workstation.html

VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads

  • For Mac OS:

VMware Fusion 7.X or newer--http://www.vmware.com/products/fusion.html

Parallels 12 for Mac--http://www.parallels.com/products/desktop/

VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads


  • For Linux:

VMWare Workstation 12 or newer (Player does not support multiple VMs at a time)--http://www.vmware.com/products/workstation-for-linux.html

VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads


  • For Barebones Hypervisors:

VMware ESXi/vSphere 5.5 or newer

Microsoft Hyper-V 2016

Redhat KVM/sVirt 5 or newer


  • Applications and virtual machines:

  • Essential:

Kali Linux VM (choose 64-bit VM, Vbox, or Hyper-V image)--https://www.offensivesecurity.com/kali-linux-vmware-virtualbox-image-download/


  • Alternatives:

Kali Linux ISO (64 bit, for Virtual-Box or Parallels)--https://www.kali.org/downloads/

  • Target VMs:

OWASP Broken Web Application: https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

Metasploitable 2--https://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Metasploitable 3--https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3

Bee Box--http://www.itsecgames.com

Damn Vulnerable Web Application (DVWA)--http://www.dvwa.co.uk/OWASP
Mutillidae 2--https://sourceforge.net/projects/mutillidae/files

Windows Eval Mode OS + Browser--https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/








Also, Subscribe to my youtube channel