You are previewing Web Penetration Testing with Kali Linux.
O'Reilly logo
Web Penetration Testing with Kali Linux

Book Description

Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

  • Learn key reconnaissance concepts needed as a penetration tester

  • Attack and exploit key features, authentication, and sessions on web applications

  • Learn how to protect systems, write reports, and sell web penetration testing services

  • In Detail

    Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.

    Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.

    "Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.

    You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.

    On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.

    Table of Contents

    1. Web Penetration Testing with Kali Linux
      1. Table of Contents
      2. Web Penetration Testing with Kali Linux
      3. Credits
      4. About the Authors
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Penetration Testing and Setup
        1. Web application Penetration Testing concepts
        2. Penetration Testing methodology
          1. Calculating risk
        3. Kali Penetration Testing concepts
          1. Step 1 – Reconnaissance
          2. Step 2 – Target evaluation
          3. Step 3 – Exploitation
          4. Step 4 – Privilege Escalation
          5. Step 5 – maintaining a foothold
        4. Introducing Kali Linux
        5. Kali system setup
          1. Running Kali Linux from external media
          2. Installing Kali Linux
          3. Kali Linux and VM image first run
        6. Kali toolset overview
        7. Summary
      9. 2. Reconnaissance
        1. Reconnaissance objectives
        2. Initial research
          1. Company website
          2. Web history sources
          3. Regional Internet Registries (RIRs)
          4. Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
          5. Social media resources
          6. Trust
          7. Job postings
          8. Location
          9. Shodan
          10. Google hacking
          11. Google Hacking Database
          12. Researching networks
            1. HTTrack – clone a website
            2. ICMP Reconnaissance techniques
            3. DNS Reconnaissance techniques
            4. DNS target identification
            5. Maltego – Information Gathering graphs
          13. Nmap
            1. FOCA – website metadata Reconnaissance
        3. Summary
      10. 3. Server-side Attacks
        1. Vulnerability assessment
          1. Webshag
          2. Skipfish
          3. ProxyStrike
          4. Vega
          5. Owasp-Zap
          6. Websploit
        2. Exploitation
          1. Metasploit
          2. w3af
        3. Exploiting e-mail systems
        4. Brute-force attacks
          1. Hydra
          2. DirBuster
          3. WebSlayer
        5. Cracking passwords
          1. John the Ripper
        6. Man-in-the-middle
          1. SSL strip
            1. Starting the attack – redirection
            2. Setting up port redirection using Iptables
        7. Summary
      11. 4. Client-side Attacks
        1. Social engineering
        2. Social Engineering Toolkit (SET)
          1. Using SET to clone and attack
        3. MitM Proxy
        4. Host scanning
          1. Host scanning with Nessus
            1. Installing Nessus on Kali
            2. Using Nessus
        5. Obtaining and cracking user passwords
          1. Windows passwords
            1. Mounting Windows
            2. Linux passwords
        6. Kali password cracking tools
          1. Johnny
          2. hashcat and oclHashcat
          3. samdump2
          4. chntpw
          5. Ophcrack
          6. Crunch
        7. Other tools available in Kali
          1. Hash-identifier
          2. dictstat
          3. RainbowCrack (rcracki_mt)
          4. findmyhash
          5. phrasendrescher
          6. CmosPwd
          7. creddump
        8. Summary
      12. 5. Attacking Authentication
        1. Attacking session management
          1. Clickjacking
        2. Hijacking web session cookies
        3. Web session tools
          1. Firefox plugins
          2. Firesheep – Firefox plugin
          3. Web Developer – Firefox plugin
          4. Greasemonkey – Firefox plugin
          5. Cookie Injector – Firefox plugin
          6. Cookies Manager+ – Firefox plugin
          7. Cookie Cadger
          8. Wireshark
          9. Hamster and Ferret
          10. Man-in-the-middle attack
          11. dsniff and arpspoof
          12. Ettercap
          13. Driftnet
        4. SQL Injection
          1. sqlmap
        5. Cross-site scripting (XSS)
        6. Testing cross-site scripting
        7. XSS cookie stealing / Authentication hijacking
        8. Other tools
          1. urlsnarf
          2. acccheck
          3. hexinject
          4. Patator
          5. DBPwAudit
        9. Summary
      13. 6. Web Attacks
        1. Browser Exploitation Framework – BeEF
        2. FoxyProxy – Firefox plugin
        3. BURP Proxy
        4. OWASP – ZAP
        5. SET password harvesting
        6. Fimap
        7. Denial of Services (DoS)
          1. THC-SSL-DOS
          2. Scapy
          3. Slowloris
        8. Low Orbit Ion Cannon
        9. Other tools
          1. DNSCHEF
          2. SniffJoke
          3. Siege
          4. Inundator
          5. TCPReplay
        10. Summary
      14. 7. Defensive Countermeasures
        1. Testing your defenses
          1. Baseline security
          2. STIG
          3. Patch management
          4. Password policies
        2. Mirror your environment
          1. HTTrack
          2. Other cloning tools
        3. Man-in-the-middle defense
          1. SSL strip defense
        4. Denial of Service defense
        5. Cookie defense
        6. Clickjacking defense
        7. Digital forensics
          1. Kali Forensics Boot
            1. Filesystem analysis with Kali
          2. dc3dd
          3. Other forensics tools in Kali
            1. chkrootkit
            2. Autopsy
            3. Binwalk
            4. pdf-parser
            5. Foremost
            6. Pasco
            7. Scalpel
            8. bulk_extractor
        8. Summary
      15. 8. Penetration Test Executive Report
        1. Compliance
        2. Industry standards
        3. Professional services
        4. Documentation
        5. Report format
          1. Cover page
          2. Confidentiality statement
          3. Document control
          4. Timeline
          5. Executive summary
          6. Methodology
          7. Detailed testing procedures
          8. Summary of findings
          9. Vulnerabilities
          10. Network considerations and recommendations
          11. Appendices
          12. Glossary
        6. Statement of Work (SOW)
          1. External Penetration Testing
          2. Additional SOW material
        7. Kali reporting tools
          1. Dradis
          2. KeepNote
          3. Maltego CaseFile
          4. MagicTree
          5. CutyCapt
          6. Sample reports
        8. Summary
      16. Index