Muniz, J., Lakhani, A. Web Penetration Testing with Kali Linux 2013

Web Penetration Testing with Kali Linux: A practical guide to implementing penetration testing strategies on websites, web applications, and standard web protocols with Kali Linux
Web Penetration Testing Joseph Muniz

  1. Preface
  2. Chapter 1: Penetration Testing and Setup
    1. Web application Penetration Testing concepts
    2. Penetration Testing methodology
    3. Calculating risk
    4. Kali Penetration Testing concepts
      1. Step 1 – Reconnaissance
      2. Step 2 – Target evaluation
      3. Step 3 – Exploitation
      4. Step 4 – Privilege Escalation
      5. Step 5 – Maintaining a Foothold
    5. Introducing Kali Linux
    6. Kali system setup
    7. Running Kali Linux from external media
    8. Installing Kali Linux
    9. Kali Linux and VM image first run
    10. Kali toolset overview
    11. Summary
  3. Chapter 2: Reconnaissance
    1. Reconnaissance objectives
    2. Initial research
    3. Company website
    4. Web history sources
    5. Regional Internet Registries (RIRs)
    6. Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
    7. Social media resources
    8. Trust
    9. Job postings
    10. Location
    11. Shodan
    12. Google hacking
    13. Google Hacking Database
    14. Researching networks
    15. HTTrack – clone a website
    16. ICMP Reconnaissance techniques
    17. DNS Reconnaissance techniques
    18. DNS target identification
    19. Maltego – Information Gathering graphs
    20. Nmap
    21. FOCA – website metadata Reconnaissance
    22. Summary
  4. Chapter 3: Server-side Attacks
    1. Vulnerability assessment
    2. Webshag
    3. Skipfish
    4. ProxyStrike
    5. Vega
    6. Owasp-Zap
    7. Websploit
    8. Exploitation
    9. Metasploit
    10. w3af
    11. Exploiting e-mail systems
    12. Brute-force attacks
    13. Hydra
    14. DirBuster
    15. WebSlayer
    16. Cracking passwords
    17. John the Ripper
    18. Man-in-the-middle
    19. SSL strip
    20. Starting the attack – redirection
    21. Setting up port redirection using Iptables
    22. Summary
  5. Chapter 4: Client-side Attacks
    1. Social engineering
    2. Social Engineering Toolkit (SET)
    3. Using SET to clone and attack
    4. MitM Proxy
    5. Host scanning
    6. Host scanning with Nessus
    7. Installing Nessus on Kali
    8. Using Nessus
    9. Obtaining and cracking user passwords
    10. Windows passwords
    11. Mounting Windows
    12. Linux passwords
    13. Kali password cracking tools
    14. Johnny
    15. Hashcat and oclHashcat
    16. samdump2
    17. chntpw
    18. Ophcrack
    19. Crunch
    20. Other tools available in Kali
    21. Hash-identifier
    22. dictstat
    23. RainbowCrack (rcracki_mt)
    24. findmyhash
    25. phrasendrescher
    26. CmosPwd
    27. creddump
    28. Summary
  6. Chapter 5: Attacking Authentication
    1. Attacking session management
    2. Clickjacking
    3. Hijacking web session cookies
    4. Web session tools
    5. Firefox plugins
    6. Firesheep – Firefox plugin
    7. Web Developer – Firefox plugin
    8. Greasemonkey – Firefox plugin
    9. Cookie Injector – Firefox plugin
    10. Cookies Manager+ – Firefox plugin
    11. Cookie Cadger
    12. Wireshark
    13. Hamster and Ferret
    14. Man-in-the-middle attack
    15. dsniff and arpspoof
    16. Ettercap
    17. Driftnet
    18. SQL Injection
    19. sqlmap
    20. Cross-site scripting (XSS)
    21. Testing cross-site scripting
    22. XSS cookie stealing / Authentication hijacking
    23. Other tools
    24. urlsnarf
    25. acccheck
    26. hexinject
    27. Patator
    28. DBPwAudit
    29. Summary
  7. Chapter 6: Web Attacks
    1. Browser Exploitation Framework – BeEF
    2. FoxyProxy – Firefox plugin
    3. BURP Proxy
    4. OWASP – ZAP
    5. SET password harvesting
    6. Fimap
    7. Denial of Services (DoS)
    8. THC-SSL-DOS
    9. Scapy
    10. Slowloris
    11. Low Orbit Ion Cannon
    12. Other tools
    13. DNSCHEF
    14. SniffJoke
    15. Siege
    16. Inundator
    17. TCPReplay
    18. Summary
  8. Chapter 7: Defensive Countermeasures
    1. Testing your defenses
    2. Baseline security
    3. STIG
    4. Patch management
    5. Password policies
    6. Mirror your environment
    7. HTTrack
    8. Other cloning tools
    9. Man-in-the-middle defense
    10. SSL strip defense
    11. Denial of Service defense
    12. Cookie defense
    13. Clickjacking defense
    14. Digital forensics
    15. Kali Forensics Boot
    16. Filesystem analysis with Kali
    17. dc3dd
    18. Other forensics tools in Kali
    19. chkrootkit
    20. Autopsy
    21. Binwalk
    22. pdf-parser
    23. Foremost
    24. Pasco
    25. Scalpel
    26. bulk_extractor
    27. Summary
  9. Chapter 8: Penetration Test Executive Report
    1. Compliance Industry standards
    2. Professional services
    3. Documentation
    4. Report format
    5. Cover page
    6. Confidentiality statement
    7. Document control
    8. Timeline
    9. Executive summary
    10. Methodology
    11. Detailed testing procedures
    12. Summary of findings
    13. Vulnerabilities
    14. Network considerations and recommendations
    15. Statement of Work (SOW)
    16. External Penetration Testing
    17. Additional SOW material
    18. Kali reporting tools
    19. Dradis
    20. KeepNote
    21. Maltego CaseFile
    22. MagicTree
    23. CutyCapt
    24. Sample reports
    25. Summary
  10. Index