Hands-On Web Penetration Testing with Metasploit

封面

Title Page

Copyright and Credits

Hands-On Web Penetration Testing with Metasploit

About Packt

Why subscribe?

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Disclaimer

Get in touch

Reviews

Introduction

Introduction to Web Application Penetration Testing

What is a penetration test?

Types of penetration test

White box penetration test

Black box penetration test

Gray box penetration test

Stages of penetration testing

Reconnaissance and information gathering

Enumeration

Vulnerability assessment and analysis

Exploitation

Reporting

Important terminologies

Penetration testing methodologies

Open Source Security Testing Methodology Manual (OSSTMM)

Operational security metrics

Trust analysis

Human security testing

Physical security testing

Wireless security testing

Telecommunications security testing

Data network security testing

Compliance regulations

Reporting with the STAR

OSSTMM test types

Information Systems Security Assessment Framework (ISSAF)

Penetration Testing Execution Standard (PTES)

Pre-engagement interactions

Intelligence gathering

Threat modeling

Vulnerability analysis

Exploitation

Post-exploitation

Reporting

Common Weakness Enumeration (CWE)

OWASP Top 10

SANS TOP 25

Summary

Questions

Further reading

Metasploit Essentials

Technical requirements

Introduction to Metasploit Framework

Metasploit Framework terminology

Installing and setting up Metasploit

Installing Metasploit Framework on *nix

Installing Metasploit Framework on Windows

Getting started with Metasploit Framework

Interacting with Metasploit Framework using msfconsole

MSF console commands

Customizing global settings

Variable manipulation in MSF

Exploring MSF modules

Running OS commands in MSF

Setting up a database connection in Metasploit Framework

Loading plugins in MSF

Using Metasploit modules

Searching modules in MSF

Checking for hosts and services in MSF

Nmap scanning with MSF

Setting up payload handling in MSF

MSF payload generation

Generating an MSF payload using msfconsole (one-liner)

Generating an MSF payload using msfvenom

Summary

Questions

Further reading

The Metasploit Web Interface

Technical requirements

Introduction to the Metasploit web interface

Installing and setting up the web interface

Installing Metasploit Community Edition on Windows

Installing Metasploit Community Edition on Linux/Debian

Getting started with the Metasploit web interface

Interface

Main menu

Project tab bar

Navigational breadcrumbs

Tasks bar

Project creation