web security is mainly divided into server security and client security, in B/S architecture occupies half of the Internet
service today, the security level of the web level determines the user and enterprise information security protection level. The purpose of
penetration testing is to help enterprises and companies fi nd possible vulnerabilities, and carry out threat analysis of vulnerabilities, and
provide vulnerabilities recurrence and repair suggestions. kali Linux, which redevelops BackTrack based on the Debian development
standard, is a specialized penetration testing and security audit platform pre-installed with a wealth of penetration testing tools. Using kali
Linux during penetration testing will greatly reduce the time and cost of testing, and the use of tools and scripts will make the penetration
testing work more eff ective and eff ective. In this paper, the author will develop a simulation of the penetration test of simulated network
services which based on kali Linux security tools and python scripts, and make principle analysis and repair suggestions on the existing
vulnerabilities.

kali Linux; Penetration test; python; Scripts

[1] Hui Tong,Xiaoguang Chen,Zuofeng Zhang. Basic course of Web Security [M]. Beijing: Beijing Normal University Press, 2017.10-16

[2] Tao Wu,Jiaming Fang,Rongde Wu,Yan Xu. Python Security Attack and Defense Penetration Test Practical Guide [M]. Beijing: China Machine Press,

2021.54-254

[3] Xiaoguang Chen,Bing Hu,Zuofeng Zhang. Web Business Security Practical Guide [M]. Beijing: Publishing House of Electronics Industry, 2018.11-12

[4] Stuart Mcclure, Joel Scambray, George Kurtz. Hackers expose Network security secrets and solutions [M]. Beijing: Tsinghua University Press, 2013.523-

659

[5] ShaoFei Zhao,Fan Yang, Tian Guo-min. SQL Injection analysis based on website system [J]. Network Security Technology and Application, 2019 (11) :

28-29. (in Chinese

[6] Chuan Guo. Research on Penetration Test Platform based on Kali Linux [D]. Inner Mongolia Autonomous Region: Inner Mongolia University of Science

and Technology, Master Dissertation, 2019

[7] Christian Armbruster. Hacker, Philipp, Datenprivatrecht[J]. Zeitschrift fur die gesamte Versicherungswis. 2021. PP 1-5

[8] Kirti Sharma; Shobha Bhatt. SQL injection attacks - a systematic review[J]. International Journal of Information and computer Security.2019(11):4-5