book

Web Penetration Testing with Kali Linux

Name: Web Penetration Testing with Kali Linux
ISBN: 9781782163169

by Joseph Muniz, Aamir Lakhani

September 2013

Intermediate to advanced

342 pages

7h 54m

English

Packt Publishing

Read now

Unlock full access

Web Penetration Testing with Kali Linux
Table of Contents
Web Penetration Testing with Kali Linux
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and moreWhy Subscribe?Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
ErrataPiracyQuestions
1. Penetration Testing and Setup
Web application Penetration Testing concepts
Penetration Testing methodology
Calculating risk
Kali Penetration Testing concepts
Step 1 – ReconnaissanceStep 2 – Target evaluationStep 3 – ExploitationStep 4 – Privilege EscalationStep 5 – maintaining a foothold
Introducing Kali Linux
Kali system setup
Running Kali Linux from external mediaInstalling Kali LinuxKali Linux and VM image first run
Kali toolset overview
Summary
2. Reconnaissance
Reconnaissance objectives
Initial research
Company websiteWeb history sourcesRegional Internet Registries (RIRs)Electronic Data Gathering, Analysis, and Retrieval (EDGAR)Social media resourcesTrustJob postingsLocationShodanGoogle hackingGoogle Hacking DatabaseResearching networksHTTrack – clone a websiteICMP Reconnaissance techniquesDNS Reconnaissance techniquesDNS target identificationMaltego – Information Gathering graphsNmapFOCA – website metadata Reconnaissance
Summary
3. Server-side Attacks
Vulnerability assessmentWebshagSkipfishProxyStrikeVegaOwasp-ZapWebsploit
Exploitation
Metasploitw3af
Exploiting e-mail systems
Brute-force attacks
HydraDirBusterWebSlayer
Cracking passwords
John the Ripper
Man-in-the-middle
SSL stripStarting the attack – redirectionSetting up port redirection using Iptables
Summary
4. Client-side Attacks
Social engineering
Social Engineering Toolkit (SET)
Using SET to clone and attack
MitM Proxy
Host scanning
Host scanning with NessusInstalling Nessus on KaliUsing Nessus
Obtaining and cracking user passwords
Windows passwordsMounting WindowsLinux passwords
Kali password cracking tools
Johnnyhashcat and oclHashcatsamdump2chntpwOphcrackCrunch
Other tools available in Kali
Hash-identifierdictstatRainbowCrack (rcracki_mt)findmyhashphrasendrescherCmosPwdcreddump
Summary
5. Attacking Authentication
Attacking session managementClickjacking
Hijacking web session cookies
Web session tools
Firefox pluginsFiresheep – Firefox pluginWeb Developer – Firefox pluginGreasemonkey – Firefox pluginCookie Injector – Firefox pluginCookies Manager+ – Firefox pluginCookie CadgerWiresharkHamster and FerretMan-in-the-middle attackdsniff and arpspoofEttercapDriftnet
SQL Injection
sqlmap
Cross-site scripting (XSS)
Testing cross-site scripting
XSS cookie stealing / Authentication hijacking
Other tools
urlsnarfacccheckhexinjectPatatorDBPwAudit
Summary
6. Web Attacks
Browser Exploitation Framework – BeEF
FoxyProxy – Firefox plugin
BURP Proxy
OWASP – ZAP
SET password harvesting
Fimap
Denial of Services (DoS)
THC-SSL-DOSScapySlowloris
Low Orbit Ion Cannon
Other tools
DNSCHEFSniffJokeSiegeInundatorTCPReplay
Summary
7. Defensive Countermeasures
Testing your defensesBaseline securitySTIGPatch managementPassword policies
Mirror your environment
HTTrackOther cloning tools
Man-in-the-middle defense
SSL strip defense
Denial of Service defense
Cookie defense
Clickjacking defense
Digital forensics
Kali Forensics BootFilesystem analysis with Kalidc3ddOther forensics tools in KalichkrootkitAutopsyBinwalkpdf-parserForemostPascoScalpelbulk_extractor
Summary
8. Penetration Test Executive Report
Compliance
Industry standards
Professional services
Documentation
Report format
Cover pageConfidentiality statementDocument controlTimelineExecutive summaryMethodologyDetailed testing proceduresSummary of findingsVulnerabilitiesNetwork considerations and recommendationsAppendicesGlossary
Statement of Work (SOW)
External Penetration TestingAdditional SOW material
Kali reporting tools
DradisKeepNoteMaltego CaseFileMagicTreeCutyCaptSample reports
Summary
Index

Overview

Dive into the world of web security by learning how to test and fortify web applications using Kali Linux. This book presents a practical and hands-on approach to penetration testing, guiding you through real-world applications of tools and techniques that simulate actual attacks to identify vulnerabilities.

What this Book will help me do

Master reconnaissance techniques to gather crucial information about your target systems.
Exploit weaknesses in web servers and applications for educational and defensive purposes.
Utilize advanced tactics such as SQL injection and session hijacking to understand potential threats.
Develop expertise in reporting vulnerabilities and communicating findings effectively.
Gain insights into protecting systems against attacks to enhance security posture.

Author(s)

The book is written by a collective team of experienced penetration testers and cybersecurity professionals. Each contributor brings a wealth of practical industry experience and technical expertise, ensuring comprehensive and accurate coverage of methodologies in web application security testing. Their focus is on creating resources that enable not only learning but also professional application of skills.

Who is it for?

This book is perfect for aspiring and current penetration testers who want to specialize in web application security. Beginners will find foundational guidance, while seasoned professionals can uncover new tools and hone their skills. Familiarity with programming and networking basics provides a solid starting point for diving into the detailed topics presented.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Mastering Kali Linux for Web Penetration Testing

Publisher Resources

ISBN: 9781782163169Other

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills