Untitled
Appendix B: Tool Setup Guide
Overview
This appendix provides installation and configuration instructions for tools used throughout the book.
Important: Security tools evolve rapidly. While the installation commands and basic usage examples here are generally stable, always consult the official documentation for the latest features, syntax changes, and security updates:
- Wireshark: https://www.wireshark.org/docs/
- Zeek: https://docs.zeek.org/
- Suricata: https://docs.suricata.io/
- Nmap: https://nmap.org/docs.html
- Metasploit: https://docs.metasploit.com/
- Elasticsearch/ELK: https://www.elastic.co/guide/
Analysis Tools
Wireshark
Purpose: Packet capture and analysis
# Ubuntu/Debian
sudo apt update
sudo apt install wireshark
# Allow non-root capture
sudo usermod -aG wireshark $USER
# Log out and back in
# macOS
brew install --cask wireshark
# Windows
# Download from https://www.wireshark.org/download.htmlZeek (Bro)
Purpose: Network security monitoring
# Ubuntu/Debian
sudo apt install zeek
# From source
git clone --recursive https://github.com/zeek/zeek
cd zeek
./configure
make
sudo make install
# Basic usage
zeek -i eth0 localtcpdump
Purpose: Command-line packet capture
# Ubuntu/Debian
sudo apt install tcpdump
# Basic usage
sudo tcpdump -i eth0 -w capture.pcap
sudo tcpdump -r capture.pcapScanning Tools
Nmap
Purpose: Port scanning and enumeration
# Ubuntu/Debian
sudo apt install nmap
# macOS
brew install nmap
# Basic scans
nmap -sS 192.168.1.0/24 # SYN scan
nmap -sV 192.168.1.100 # Version detection
nmap -O 192.168.1.100 # OS detection
nmap -A 192.168.1.100 # Aggressive scanMasscan
Purpose: High-speed port scanning
# Ubuntu/Debian
sudo apt install masscan
# Basic usage (very fast, use carefully)
sudo masscan 192.168.1.0/24 -p80,443 --rate=1000Attack Tools
Bettercap
Purpose: Network attack and monitoring framework
# Ubuntu/Debian
sudo apt install bettercap
# Basic usage
sudo bettercap -iface eth0
# Common commands
» net.probe on
» net.show
» arp.spoof on
» net.sniff onAircrack-ng Suite
Purpose: Wireless security testing
# Ubuntu/Debian
sudo apt install aircrack-ng
# Enable monitor mode
sudo airmon-ng start wlan0
# Scan networks
sudo airodump-ng wlan0mon
# Capture handshake
sudo airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -w capture wlan0mon
# Crack handshake
aircrack-ng -w wordlist.txt capture-01.capHashcat
Purpose: Password cracking
# Ubuntu/Debian
sudo apt install hashcat
# Basic usage
hashcat -m 0 hashes.txt wordlist.txt # MD5
hashcat -m 22000 hash.hc22000 wordlist.txt # WPA2
hashcat -m 1000 hashes.txt wordlist.txt # NTLMEnumeration Tools
Enum4linux
Purpose: SMB enumeration
# Ubuntu/Debian
sudo apt install enum4linux
# Usage
enum4linux -a 192.168.1.100Gobuster
Purpose: Directory brute forcing
# Install
go install github.com/OJ/gobuster/v3@latest
# Usage
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txtNikto
Purpose: Web server scanner
# Ubuntu/Debian
sudo apt install nikto
# Usage
nikto -h http://target.comOSINT Tools
theHarvester
Purpose: Email and subdomain enumeration
# Install
pip install theHarvester
# Usage
theHarvester -d example.com -b allAmass
Purpose: Subdomain enumeration
# Install
go install -v github.com/owasp-amass/amass/v3/...@master
# Usage
amass enum -d example.comLab Environment
Virtual Machines
Kali Linux
# Download from https://www.kali.org/get-kali/
# VirtualBox import
VBoxManage import kali-linux-*.ova
# Recommended specs
# - 4GB RAM minimum
# - 40GB disk
# - Network: NAT or bridgedMetasploitable 2
# Download from https://sourceforge.net/projects/metasploitable/
# Vulnerable by design - NEVER expose to internet
# Use host-only or internal network onlyDocker Lab Environment
# docker-compose.yml for security lab
version: '3'
services:
kali:
image: kalilinux/kali-rolling
tty: true
networks:
- lab
target:
image: vulnerables/web-dvwa
ports:
- "8080:80"
networks:
- lab
networks:
lab:
driver: bridgePython Libraries
Scapy
Purpose: Packet manipulation
# Install
pip install scapy
# Usage
from scapy.all import *
pkt = IP(dst="192.168.1.1")/ICMP()
send(pkt)Impacket
Purpose: Network protocol implementations
# Install
pip install impacket
# Tools included
secretsdump.py
psexec.py
smbclient.pyCloud Security Tools
ScoutSuite
Purpose: Cloud security auditing
# Install
pip install scoutsuite
# Usage
scout aws
scout azure
scout gcpProwler
Purpose: AWS security assessment
# Install
pip install prowler
# Usage
prowler awsQuick Reference
Tool by Purpose
| Purpose | Tool |
|---|---|
| Packet Capture | Wireshark, tcpdump |
| Network Monitoring | Zeek |
| Port Scanning | Nmap, Masscan |
| MITM Attacks | Bettercap |
| Wireless Testing | Aircrack-ng |
| Password Cracking | Hashcat, John |
| Web Testing | Burp Suite, Nikto |
| Cloud Security | ScoutSuite, Prowler |