Kali Linux web penetration testing cookbook : over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2 /

Mostrar otras versiones (1)

Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2 About This Book Familiarize yourself with the most common web vulnerabilities a web application faces, and understand how attackers take advantage of them Set up a penetration testing lab to conduct a pr...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Nájera-Gutiérrez, Gilberto (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing, 2016.
Colección:Quick answers to common problems.
Temas:
Linux.
Linux
Penetration testing (Computer security)
Tests d'intrusion.
COMPUTERS > Operating Systems > Linux.
COMPUTERS > Security > General.
Acceso en línea:Texto completo
Texto completo
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Setting Up Kali Linux; Introduction; Updating and upgrading Kali Linux; Installing and running OWASP Mantra; Setting up the Iceweasel browser; Installing VirtualBox; Creating a vulnerable virtual machine; Creating a client virtual machine; Configuring virtual machines for correct communication; Getting to know web applications on a vulnerable VM; Chapter 2: Reconnaissance; Introduction; Scanning and identifying services with Nmap; Identifying a web application firewall
  • Watching the source codeUsing Firebug to analyze and alter basic behavior; Obtaining and modifying cookies; Taking advantage of robots.txt; Finding files and folders with DirBuster; Password profiling with CeWL; Using John the Ripper to generate a dictionary; Finding files and folders with ZAP; Chapter 3: Crawlers and Spiders; Introduction; Downloading a page for offline analysis with Wget; Downloading the page for offline analysis with HTTrack; Using ZAP's spider; Using Burp Suite to crawl a website; Repeating requests with Burp's repeater; Using WebScarab
  • Identifying relevant files and directories from crawling resultsChapter 4: Finding Vulnerabilities; Introduction; Using Hackbar add-on to ease parameter probing; Using Tamper Data add-on to intercept and modify requests; Using ZAP to view and alter requests; Using Burp Suite to view and alter requests; Identifying cross-site scripting (XSS) vulnerabilities; Identifying error based SQL injection; Identifying a blind SQL Injection; Identifying vulnerabilities in cookies; Obtaining SSL and TLS information with SSLScan; Looking for file inclusions; Identifying POODLE vulnerability
  • Chapter 5: Automated ScannersIntroduction; Scanning with Nikto; Finding vulnerabilities with Wapiti; Using OWASP ZAP to scan for vulnerabilities; Scanning with w3af; Using Vega scanner; Finding Web vulnerabilities with Metasploit's Wmap; Chapter 6: Exploitation
  • Low Hanging Fruits; Introduction; Abusing file inclusions and uploads; Exploiting OS Command Injections; Exploiting an XML External Entity Injection; Brute-forcing passwords with THC-Hydra; Dictionary attacks on login pages with Burp Suite; Obtaining session cookies through XSS; Step by step basic SQL Injection
  • Finding and exploiting SQL Injections with SQLMapAttacking Tomcat's passwords with Metasploit; Using Tomcat Manager to execute code; Chapter 7: Advanced Exploitation; Introduction; Searching Exploit-DB for a web server's vulnerabilities; Exploiting Heartbleed vulnerability; Exploiting XSS with BeEF; Exploiting a Blind SQLi; Using SQLMap to get database information; Performing a cross-site request forgery attack; Executing commands with Shellshock; Cracking password hashes with John the Ripper by using a dictionary; Cracking password hashes by brute force using oclHashcat/cudaHashcat

Ejemplares similares