更新时间:2021-08-04 10:17:10
封面
版权信息
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Chapter 1. Penetration Testing and Setup
Web application Penetration Testing concepts
Penetration Testing methodology
Kali Penetration Testing concepts
Introducing Kali Linux
Kali system setup
Kali toolset overview
Summary
Chapter 2. Reconnaissance
Reconnaissance objectives
Initial research
Chapter 3. Server-side Attacks
Vulnerability assessment
Exploitation
Exploiting e-mail systems
Brute-force attacks
Cracking passwords
Man-in-the-middle
Chapter 4. Client-side Attacks
Social engineering
Social Engineering Toolkit (SET)
MitM Proxy
Host scanning
Obtaining and cracking user passwords
Kali password cracking tools
Other tools available in Kali
Chapter 5. Attacking Authentication
Attacking session management
Hijacking web session cookies
Web session tools
SQL Injection
Cross-site scripting (XSS)
Testing cross-site scripting
XSS cookie stealing / Authentication hijacking
Other tools
Chapter 6. Web Attacks
Browser Exploitation Framework – BeEF
FoxyProxy – Firefox plugin
BURP Proxy
OWASP – ZAP
SET password harvesting
Fimap
Denial of Services (DoS)
Low Orbit Ion Cannon
Chapter 7. Defensive Countermeasures
Testing your defenses
Mirror your environment
Man-in-the-middle defense
Denial of Service defense
Cookie defense
Clickjacking defense
Digital forensics
Chapter 8. Penetration Test Executive Report
Compliance
Industry standards
Professional services
Documentation
Report format
Statement of Work (SOW)
Kali reporting tools
Index
