Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
Getting Started
Introduction
Configuring a security lab with VMware Player (Windows)
Getting ready
How to do it…
How it works…
Configuring a security lab with VMware Fusion (macOS)
Getting ready
How to do it…
How it works…
Installing Ubuntu Server
Getting ready
How to do it…
How it works…
Installing Metasploitable2
Getting ready
How to do it…
How it works…
Installing Windows Server
Getting ready
How to do it…
How it works…
Increasing the Windows attack surface
Getting ready
How to do it…
How it works…
Installing Kali Linux
Getting ready
How to do it…
How it works…
Using text editors (Vim and GNU nano)
Getting ready
How to do it…
How it works…
Keeping Kali updated
Getting ready
How to do it…
How it works…
Managing Kali services
Getting ready
How to do it…
How it works…
Configuring and using SSH
Getting ready
How to do it…
How it works…
Installing Nessus on Kali Linux
Getting ready
How to do it…
How it works…
Reconnaissance
Introduction
Using Google to find subdomains
Getting ready
How to do it...
How it works...
Finding e-mail addresses using theHarvester
Getting ready
How to do it…
How it works…
Enumerating DNS using the host command
Getting ready
How to do it...
How it works...
Enumerating DNS using DNSRecon
Getting ready
How to do it…
Standard DNS enumeration
Reverse lookups
Zone transfer
How it works…
Enumerating DNS using the dnsenum command
Getting ready
How to do it…
Default settings
Brute-force
How it works…
Discovery
Introduction
Knowing the OSI model
Using Scapy to perform host discovery (layers 2/3/4)
Getting ready
How to do it…
Layer 2 discovery - ARP
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works…
Using Nmap to perform host discovery (layers 2/3/4)
Getting ready
How to do it…
Layer 2 discovery - ARP
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works…
Using ARPing to perform host discovery (layer 2)
Getting ready
How to do it…
How it works…
Using netdiscover to perform host discovery (layer 2)
Getting ready
How to do it…
How it works…
Using Metasploit to perform host discovery (layer 2)
Getting ready
How to do it…
How it works…
Using hping3 to perform host discovery (layers 3/4)
Getting ready
How to do it…
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works…
Using ICMP to perform host discovery
Getting ready
How to do it…
How it works…
Using fping to perform host discovery
Getting ready
How to do it…
How it works…
Port Scanning
Introduction
UDP port scanning
TCP port scanning
Port scanning with Scapy (UDP, stealth, connect, and zombie)
Getting ready
How to do it…
UDP port scanning with Scapy
Stealth scanning with Scapy
Connect scanning with Scapy
Zombie scanning with Scapy
How it works…
Port scanning with Nmap (UDP, stealth, connect, zombie)
Getting ready
How to do it…
UDP scanning with Nmap
Stealth scanning with Nmap
Connect scanning with Nmap
Zombie scanning with Nmap
How it works…
Port scanning with Metasploit (UDP, stealth, and connect)
Getting ready
How to do it…
UDP scanning with Metasploit
Stealth scanning with Metasploit
Connect scanning with Metasploit
How it works…
Port scanning with hping3 (stealth)
Getting ready
How to do it…
How it works…
Port scanning with DMitry (connect)
Getting ready
How to do it…
How it works…
Port scanning with Netcat (connect)
Getting ready
How to do it…
How it works…
Port scanning with masscan (stealth)
Getting ready
How to do it…
How it works…
Fingerprinting
Introduction
Banner grabbing with Netcat
Getting ready
How to do it…
How it works…
Banner grabbing with Python sockets
Getting ready
How to do it….
How it works…
Banner grabbing with DMitry
Getting ready
How to do it…
How it works…
Banner grabbing with Nmap NSE
Getting ready
How to do it…
How it works…
Banner grabbing with Amap
Getting ready
How to do it…
How it works…
Service identification with Nmap
Getting ready
How to do it…
How it works…
Service identification with Amap
Getting ready
How to do it…
How it works…
Operating system identification with Scapy
Getting ready
How to do it…
How it works…
Operating system identification with Nmap
Getting ready
How to do it…
How it works…
Operating system identification with xprobe2
Getting ready
How to do it…
How it works…
Passive operating system identification with p0f
Getting ready
How to do it…
How it works…
SNMP analysis with Onesixtyone
Getting ready
How to do it…
How it works…
SNMP analysis with SNMPwalk
Getting ready
How to do it…
How it works…
Firewall identification with Scapy
Getting ready
How to do it…
How it works…
Firewall identification with Nmap
Getting ready
How to do it…
How it works…
Firewall identification with Metasploit
Getting ready
How to do it…
How it works…
Vulnerability Scanning
Introduction
Vulnerability scanning with the Nmap Scripting Engine
Getting ready
How to do it…
How it works…
Vulnerability scanning with MSF auxiliary modules
Getting ready
How to do it…
How it works…
Creating scan policies with Nessus
Getting ready
How to do it…
How it works…
Vulnerability scanning with Nessus
Getting ready
How to do it…
How it works…
Vulnerability scanning with OpenVAS
Getting ready
How to do it...
How it works...
Validating vulnerabilities with HTTP interaction
Getting ready
How to do it…
How it works…
Validating vulnerabilities with ICMP interaction
Getting ready
How to do it…
How it works…
Denial of Service
Introduction
Fuzz testing to identify buffer overflows
Getting ready
How to do it…
How it works…
Remote FTP service buffer-overflow DoS
Getting ready
How to do it…
How it works…
Smurf DoS attack
Getting ready
How to do it…
How it works…
DNS amplification DoS attacks
Getting ready
How to do it…
How it works…
SNMP amplification DoS attack
Getting ready
How to do it…
How it works…
SYN flood DoS attack
Getting ready
How to do it…
How it works…
Sock stress DoS attack
Getting ready
How to do it…
How it works…
DoS attacks with Nmap NSE
Getting ready
How to do it…
How it works…
DoS attacks with Metasploit
Getting ready
How to do it…
How it works…
DoS attacks with the exploit database
Getting ready
How to do it…
How it works…
Working with Burp Suite
Introduction
Configuring Burp Suite on Kali Linux
Getting ready
How to do it…
How it works…
Defining a web application target with Burp Suite
Getting ready
How to do it…
How it works…
Using Burp Suite Spider
Getting ready
How to do it…
How it works…
Using Burp Suite Proxy
Getting ready
How to do it…
How it works…
Using Burp Suite engagement tools
Getting ready
How to do it…
How it works…
Using the Burp Suite web application scanner
Getting ready
How to do it…
How it works…
Using Burp Suite Intruder
Getting ready
How to do it…
How it works…
Using Burp Suite Comparer
Getting ready
How to do it…
How it works…
Using Burp Suite Repeater
Getting ready
How to do it…
How it works…
Using Burp Suite Decoder
Getting ready
How to do it…
How it works…
Using Burp Suite Sequencer
Getting ready
How to do it…
How it works…
Using Burp Suite Extender
Getting ready
How to do it…
How it works…
Using Burp Suite Clickbandit
Getting ready
How to do it…
How it works…
Web Application Scanning
Introduction
Web application scanning with Nikto
Getting ready
How to do it…
How it works…
SSL/TLS scanning with SSLScan
Getting ready
How to do it…
How it works…
SSL/TLS scanning with SSLyze
Getting ready
How to do it…
How it works…
GET method SQL injection with sqlmap
Getting ready
How to do it…
How it works…
POST method SQL injection with sqlmap
Getting ready
How to do it…
How it works…
Requesting a capture SQL injection with sqlmap
Getting ready
How to do it…
How it works…
Automating CSRF testing
Getting ready
How to do it…
How it works…
Validating command-injection vulnerabilities with HTTP traffic
Getting ready
How to do it…
How it works…
Validating command-injection vulnerabilities with ICMP traffic
Getting ready
How to do it…
How it works…
Attacking the Browser with BeEF
Hooking the browser with BeEF
Getting ready
How to do it…
How it works…
Collecting information with BeEF
Getting ready
How to do it…
How it works…
Creating a persistent connection with BeEF
Getting ready
How to do it…
How it works…
Integrating BeEF and Metasploit
Getting ready
How to do it…
How it works…
Using the BeEF autorule engine
Getting ready
How to do it…
How it works…
Working with Sparta
Information gathering with Sparta
Getting ready
How to do it...
How it works...
Creating custom commands for Sparta
Getting ready
How to do it...
How it works...
Port scanning with Sparta
Getting ready
How to do it...
How it works...
Fingerprinting with Sparta
Getting ready
How to do it...
How it works...
Vulnerability scanning with Sparta
Getting ready
How to do it...
How it works...
Web application scanning with Sparta
Getting ready
How to do it...
How it works...
Automating Kali Tools
Introduction
Nmap greppable output analysis
Getting ready
How to do it…
How it works…
Port scanning with NMAP NSE execution
Getting ready
How to do it…
How it works…
Automate vulnerability scanning with NSE
Getting ready
How to do it…
How it works…
Automate web application scanning with Nikto
Getting ready
How to do it...
How it works...
Multithreaded MSF exploitation with reverse shell payload
Getting ready
How to do it…
How it works…
Multithreaded MSF exploitation with backdoor executable
Getting ready
How to do it…
How it works…
Multithreaded MSF exploitation with ICMP verification
Getting ready
How to do it…
How it works…
Multithreaded MSF exploitation with admin account creation
Getting ready
How to do it…
How it works…
← Prev
Back
Next →
← Prev
Back
Next →