Let's go Metasploiting
A lot of the tools we've used in this book so far are focused on web applications and have proven quite handy in assessing the vulnerabilities that may exist in a website. One of the more general tools in use across all pen testing domains, Metasploit (https://www.metasploit.com), actually offers some great value in testing against many of the top web app vulns, XSS included. Metasploit likely needs no introduction; chances are you are using it as a significant part of your workflow or methodology. That being said, it is a framework that incorporates a wide variety of extensible recon and scanning modules to populate a database of hosts and corresponding vulns. This database allows Metasploit to then pivot into the ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access