Performing a black box penetration test

Black box penetration testing is performed when we have no knowledge of the target in terms of OS details, web server technologies, backend database, and so on. So, in these cases, we need to perform everything ourselves. Black box testing generally comprises too many false positives, so it's the duty of the penetration tester to figure them out and verify them.

Let's see the various steps and tools that are needed while carrying out a black box test against a website with Metasploit.

FootPrinting

As discussed earlier, FootPrinting refers to gathering information about the target by using active or passive techniques. Let's see how we can FootPrint the target with various commonly used tools of the industry. ...

Get Mastering Metasploit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.