By now you probably noticed that the last topics were centered more around Linux than the usual. That’s because I am studying for my LFCS certification, and creating posts as I go through the material. This time, we’re going to look at using virtualization on a Linux physical host. Since my only physical Linux at the moment is Kali, this is what I’m going to use for today’s post.

Today we will go over an alternate way of setting up shares on CentOS 7. In an earlier post we saw how we can share stuff with Samba, which is the preferred way, especially if you have mixed environments. But today I also wanted to go through the process using the veteran: NFS! For this example, we’ll be looking at the newest version, NFS4, which adds performance and security features, but also operates a little bit differently than its predecessors.

Objective: test the SSL/TLS security posture of a target as a standalone tool or as a custom made solution. sslyze is a fast and powerful SSL/TLS scanning Python tool that can be used both from the command line or as a library to include in your own scripts. It’s being updated frequently and it’s been tested on Windows, Linux and MacOS platforms.

Homepage: https://github.com/nabla-c0d3/sslyze

Objective: perform thorough DNS enumeration and subdomain bruteforcing on a target. dnsrecon is true to its name, it’s written in Python, and judging from the number of stars on its Github repository, it’s a much more popular choice than the other candidates in Kali’s DNS section.

Homepage: https://github.com/darkoperator/dnsrecon

Objective: you want to convert between different types of netmasks and network addresses, or generate optimized netmasks for firewall rules. netmask can take care of your netmasks!

Homepage: https://github.com/tlby/netmask

New day, new machine to hack! Today’s target is called Pluck.

Objective you want to detect possible URL hijacking or phishing of a domain, where unsuspecting users are lured to a malicious domain that is very similar to the original one. urlcrazy ftw!

Homepage: https://www.morningstarsecurity.com/research/urlcrazy

Today’s VM is the second machine in the SickOs series. The goal is to obtain the root flag. Target acquired!

Objective: you want to perform OSINT recon on a target and aggregate information from different sources. TheHarvester is an e-mail, subdomain and people names harvester written in Python.

Homepage: https://github.com/laramies/theHarvester

Today’s target was inspired by the Mr Robot series. The goal is to find 3 hidden flags.