Safe Penetration Testing Labs · beginner · ~10 min

The C-for-Kali track — tour

Tour the 23-module C-for-Kali track and pick a starting point.

Overview

A pointer page that orients the learner across the 23 paired modules of the C-for-Kali track.

Why it matters

Without this map, the track is just a list of exercises. With it, the learner sees the categories and picks where to dig in.

Lesson

Why this lesson exists

The C-for-Kali track teaches the C-programming foundations behind each Kali Linux tool category — written as defensive parsers that work on static fixtures baked into each exercise's harness. No exercise touches a live network, opens a raw socket, captures a real packet, or executes any Kali binary.

This is a tour. Pick the row that matches what you want to understand, then click through to that module.

Networking & web (waves K1, K2)

  • parse-nmap-xml — read nmap's XML output (count_open_ports).
  • parse-auth-log — detect brute-force bursts in an auth-log string (detect_brute_force).
  • password-policy-validator — bitmask validator for password policies (pw_check).
  • sql-injection-defender — metacharacter flagger for SQL inputs (has_sqli_markers).
  • build-markdown-report — render a finding as Markdown (render_finding).
  • parse-http-request — three-token request-line parser (parse_request_line).
  • parse-pcap-record — the 24-byte global header of a pcap file (read_pcap_header).
  • parse-sip-message — extract a SIP method (parse_sip_method).
  • parse-80211-header — classify a Wi-Fi frame from one byte (classify_frame).
  • parse-bt-advertisement — walk a BLE TLV stream (extract_local_name).

Binary & forensic parsing (wave K3)

  • parse-elf-symbols — count global symbols in .symtab (count_global_symbols).
  • parse-firmware-magic — classify a firmware blob by its first bytes (detect_firmware_type).
  • parse-mft-record-mock — read a filename from a simplified MFT record (read_mft_name).
  • recover-fat-filename — render an 8.3 name with the FAT deleted-entry rule (recover_8_3).
  • parse-iq-samples-header — read a 20-byte SDR capture header (parse_iq_header).

Text + score (wave K4)

  • parse-subdomain-list — dedupe a wordlist (count_unique_domains).
  • parse-cve-feed — count HIGH-severity feed entries (count_high_severity).
  • classify-phishy-url — heuristic phishing score (phishy_score).
  • parse-iso14443-uid — render a contactless-card UID as colon-hex (format_uid).
  • recognise-stack-canary — detect the canary pattern in a frame snapshot (has_canary_pattern).

Closing patterns (wave K5)

  • libfuzzer-entrypoint — write a fuzz target that never crashes (LLVMFuzzerTestOneInput).
  • constant-time-compare — equality without an early-exit leak (ct_memcmp).
  • tarball-evidence-bundler — write a USTAR header for an engagement bundle (write_ustar_header).

Safety reminder

Everything in this track is defensive, lab-only, and works on static fixtures. The modules teach the parsers that sit behind real tools — never how to drive a tool against a live target.

If you want to deepen any one row, the linked lesson explains the on-wire / on-disk format in detail and the linked exercise asks you to write the matching parser.

Summary

23 modules across 4 themes — networking & web, binary & forensic, text & score, closing patterns.