Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Mastering Kali Linux for Web Penetration Testing

You're reading from Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Product type Paperback

Published in Jun 2017

Publisher Packt

ISBN-13 9781784395070

Length 338 pages

Edition 1st Edition

Languages

Java

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

McPhee

View More author details

Table of Contents (19) Chapters

Title Page

Credits

About the Author

About the Reviewers

www.PacktPub.com

Customer Feedback

Preface

1. Common Web Applications and Architectures FREE CHAPTER

2. Guidelines for Preparation and Testing

3. Stalking Prey Through Target Recon

4. Scanning for Vulnerabilities with Arachni

5. Proxy Operations with OWASP ZAP and Burp Suite

6. Infiltrating Sessions via Cross-Site Scripting

7. Injection and Overflow Testing

8. Exploiting Trust Through Cryptography Testing

9. Stress Testing Authentication and Session Management

10. Launching Client-Side Attacks

11. Breaking the Application Logic

12. Educating the Customer and Finishing Up

The Arachni test scenario

The DVWA we're using is included in the OWASP BWA image, which is located in my lab at the address https://172.16.30.131/dvwa/. Our Kali box is on the same subnet (172.16.30.133), and we're interested in shortening the scan time over the default profile. We'll use this very simple topology in figure following to show off some of the advanced moves Arachni can make with a little bit of additional effort and input over a base scan.

Simple Arachni Test Scenario

Profiles for efficiency

Most pen tester's early experience with Arachni usually involves running scans with the default settings, which run a comprehensive list of threat vectors past the target environment. This is a great way to see what Arachni can do, but the OSINT gathered in the recon phase or even through browsing, as we've just seen, gives us some great information that can help us narrow the search field. We can leverage this information to craft a custom profile, which, as far as Arachni is concerned...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Authors (1)

McPhee

McPhee

Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.

See other products by McPhee

Other recommended products

Related to this chapter

Burp Suite Cookbook

Burp Suite Cookbook

The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.

Sep 2018 11h 56m

Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments.

Feb 2018 13h 12m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Learning Python Web Penetration Testing

Learning Python Web Penetration Testing

This book will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.

Jun 2018 4h 36m

Penetration Testing Bootcamp

Penetration Testing Bootcamp

Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing.

Jun 2017 8h 36m

Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.

Feb 2018 14h 12m

Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

Jul 2018 11h 52m

Hands-On Penetration Testing with Kali NetHunter

Hands-On Penetration Testing with Kali NetHunter

Kali NetHunter is a free-to-use version of Kali that allows for extreme mobility, flexibility and raw power that can be installed and executed on a range of smartphones and tablets. In this book, you will explore Kali NetHunter from different angles in an effort to familiarize and use the distribution to pentest and secure an environment.

Feb 2019 10h 4m

Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing will provide you with a number or proven techniques to defeat the latest defences on the networks using Kali Linux. From selecting the most effective tools, to rapidly compromising network security, to highlighting the techniques used to avoid detection.

Jun 2017 17h 0m

Kali Linux 2018: Windows Penetration Testing

Kali Linux 2018: Windows Penetration Testing

This second edition of Kali Linux 2: Windows Penetration Testing provides approaches and solutions to the issues of modern penetration testing for a Microsoft Windows environment. As a pen tester, you need to be able to understand and use the best available tools - this book addresses these needs with maximum in a cost and time efficient way.

Oct 2018 13h 28m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m