Mastering Kali Linux for Web Penetration Testing by Michael McPhee

Author:Michael McPhee [McPhee, Michael]
Language: eng
Format: azw3, mobi, epub, pdf
Tags: COM053000 - COMPUTERS / Security / General, COM060080 - COMPUTERS / Web / General, COM060040 - COMPUTERS / Security / Online Safety & Privacy
Publisher: Packt Publishing
Published: 2017-06-28T04:00:00+00:00

Sample phishing lure, used to test employees. Every link in here is potentially tainted.

Hyperlinks, graphics, anything interactive in the page or the e-mail can be a useful lure, and when attacking a specific person or team, your efforts on social media will have a huge impact on your success rate here.

Let's go Metasploiting

A lot of the tools we've used in this book so far are focused on web applications and have proven quite handy in assessing the vulnerabilities that may exist in a website. One of the more general tools in use across all pen testing domains, Metasploit (https://www.metasploit.com), actually offers some great value in testing against many of the top web app vulns, XSS included. Metasploit likely needs no introduction; chances are you are using it as a significant part of your workflow or methodology. That being said, it is a framework that incorporates a wide variety of extensible recon and scanning modules to populate a database of hosts and corresponding vulns. This database allows Metasploit to then pivot into the exploitation phase, where exploits can be launched actively or in some cases are bundled into a payload for file-based delivery. The community surrounding Metasploit is very active, and literally hundreds of plugins and modules have been crafted to make Metasploit everyone's favorite foundational pen test tool.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.