Pablo Guides

# Course #640 – tmux$ for Penetration Testing

## Section 1: Introduction to tmux$ and Installation on Kali Linux

### What is tmux$?

**tmux$** (terminal multiplexer) is an essential tool for penetration testers, allowing you to manage multiple terminal sessions from a single window. It enables the creation, destruction, and navigation of multiple terminal sessions, which is especially useful for running multiple tasks concurrently while maintaining an organized workflow.

In the context of penetration testing, tmux$ is invaluable for managing long-running processes, organizing workflows, and maintaining session persistence across SSH connections.

### Installation of tmux$ on Kali Linux

Installing tmux$ on Kali Linux is straightforward, as it is included in the package repositories. Follow these steps to install it:

1. **Open your terminal on Kali Linux.**
2. **Update your package list** to make sure you have the latest information:

   sudo apt update

 

3. **Install tmux$** with the following command:

   sudo apt install tmux

 

4. **Verify the installation** by checking the version:

   tmux -V

 

### Configuration of tmux$

After installation, you may want to customize your tmux$ settings to improve your workflow. This is usually done in the `~/.tmux.conf` file. Here's a basic configuration you can start with:

"`bash
# Set prefix to Ctrl+a (instead of default Ctrl+b)
set -g prefix C-a
unbind C-b

# Enable mouse support
set -g mouse on

# Split windows using | and –
bind | split-window -h
bind – split-window -v

# Set the default terminal mode to 256 colors
set -g default-terminal "screen-256color"

# Set a status bar
set -g status-bg black
set -g status-fg white
"`

To apply the changes, either restart tmux$ or source the configuration file:
"`bash
tmux source-file ~/.tmux.conf
"`

## Step-by-Step Usage of tmux$

Now that you have tmux$ installed and configured, let’s explore how to use it effectively for penetration testing.

### Starting a tmux Session

To start a new tmux$ session, simply type:
"`bash
tmux
"`

### Detaching and Reattaching Sessions

If you want to detach from a session (allowing it to run in the background), press:
"`
Ctrl+a d
"`

To reattach to your last tmux$ session, use:
"`bash
tmux attach
"`

You can also list all active sessions with:
"`bash
tmux list-sessions
"`
And to attach to a specific session:
"`bash
tmux attach -t
"`

### Using tmux$ for Real-World Penetration Testing

#### Example 1: Running a Web Vulnerability Scanner

Consider a scenario where you are running a web vulnerability scanner like **Nikto** against a target while monitoring multiple logs.

1. Start a tmux$ session:

   tmux

 

2. In the first pane, run Nikto:

   nikto -h http://target.com

 

3. Split the terminal vertically:
Press `Ctrl+a`, then `|`.

4. In the new pane, you can tail a log file:

   tail -f /var/log/apache2/access.log

 

This setup allows you to monitor the server’s responses in real-time as the scanner runs.

#### Example 2: Concurrent SSH Sessions

When working with multiple hosts, tmux$ makes it easy to manage SSH sessions:

1. Start a new tmux$ session:

   tmux

 

2. Open multiple panes for different SSH connections:
– Split horizontally and connect:

     ssh user@host1

   

     ssh user@host2

   

3. Use keyboard shortcuts to navigate between panes:
– `Ctrl+a` followed by arrow keys.

### Advanced tmux$ Commands

Here are a few advanced commands and techniques that can be extremely useful for penetration testers:

– **Combine commands**: You can run multiple commands in a single pane. For example, to update and upgrade packages:

– **Create named sessions**: When starting a session, you can name it for easier referencing:

– **Send commands to specific panes**: If you have multiple panes open and want to send the same command to all of them, you can use: