Table of Contents for
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Published by
Packt Publishing, 2016
- Cover
- Table of Contents
- Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
- Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
- Credits
- Disclaimer
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Preface
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- 1. Beginning with Kali Linux
- Kali Linux tool categories
- Downloading Kali Linux
- Using Kali Linux
- Configuring the virtual machine
- Updating Kali Linux
- Network services in Kali Linux
- Installing a vulnerable server
- Installing additional weapons
- Summary
- 2. Penetration Testing Methodology
- Vulnerability assessment versus penetration testing
- Security testing methodologies
- General penetration testing framework
- Information gathering
- The ethics
- Summary
- 3. Target Scoping
- Preparing the test plan
- Profiling test boundaries
- Defining business objectives
- Project management and scheduling
- Summary
- 4. Information Gathering
- Using public resources
- Querying the domain registration information
- Analyzing the DNS records
- Getting network routing information
- Utilizing the search engine
- Metagoofil
- Accessing leaked information
- Summary
- 5. Target Discovery
- Identifying the target machine
- OS fingerprinting
- Summary
- 6. Enumerating Target
- Understanding the TCP/IP protocol
- Understanding the TCP and UDP message format
- The network scanner
- Unicornscan
- Zenmap
- Amap
- SMB enumeration
- SNMP enumeration
- VPN enumeration
- Summary
- 7. Vulnerability Mapping
- Vulnerability taxonomy
- Automated vulnerability scanning
- Network vulnerability scanning
- Web application analysis
- Fuzz analysis
- Database assessment tools
- Summary
- 8. Social Engineering
- Attack process
- Attack methods
- Social Engineering Toolkit
- Summary
- 9. Target Exploitation
- Vulnerability and exploit repositories
- Advanced exploitation toolkit
- MSFConsole
- MSFCLI
- Ninja 101 drills
- Writing exploit modules
- Summary
- 10. Privilege Escalation
- Password attack tools
- Network spoofing tools
- Network sniffers
- Summary
- 11. Maintaining Access
- Working with tunneling tools
- Creating web backdoors
- Summary
- 12. Wireless Penetration Testing
- Wireless network recon
- Wireless testing tools
- Post cracking
- Sniffing wireless traffic
- Summary
- 13. Kali Nethunter
- Installing Kali Nethunter
- Nethunter icons
- Nethunter tools
- Third-party applications
- Wireless attacks
- HID attacks
- Summary
- 14. Documentation and Reporting
- Types of reports
- The executive report
- The management report
- The technical report
- Network penetration testing report (sample contents)
- Preparing your presentation
- Post-testing procedures
- Summary
- A. Supplementary Tools
- Web application tools
- Network tool
- Summary
- B. Key Resources
- Paid incentive programs
- Reverse engineering resources
- Penetration testing learning resources
- Exploit development learning resources
- Penetration testing on a vulnerable environment
- Online web application challenges
- Virtual machines and ISO images
- Network ports
- Index
Index
A
- -A command
- about / ike-scan
- Acknowledgment
- active and passive detection techniques
- about / Target discovery
- Active Directory (AD) server
- about / Online attack tools
- additional weapons, installation
- Nessus vulnerability scanner, installation / Installing the Nessus vulnerability scanner
- Cisco password cracker, installation / Installing the Cisco password cracker
- Address Resolution Protocol (ARP)
- advanced exploitation toolkit
- about / Advanced exploitation toolkit
- advanced exploitation toolkit modules
- exploit / Advanced exploitation toolkit
- payload / Advanced exploitation toolkit
- auxiliaries / Advanced exploitation toolkit
- encoders / Advanced exploitation toolkit
- no operation / Advanced exploitation toolkit
- no operation performed (NOP) / Advanced exploitation toolkit
- Aircrack-ng
- about / Aircrack-ng
- monitoring tool / Aircrack-ng
- attacking tool / Aircrack-ng
- testing tool / Aircrack-ng
- cracking / Aircrack-ng
- WPA Pre-shared Key cracking / WPA Pre-shared Key cracking
- WEP cracking / WEP cracking
- alive6 tool
- Amap
- about / Amap
- Android SDK toolset
- reference link / Installing Kali Nethunter
- anonymous USB attack
- about / Anonymous USB Attack
- antennas
- about / Antennas
- apt-get dist-upgrade command
- about / Updating Kali Linux
- apt-get upgrade command
- about / Updating Kali Linux
- arping tool
- about / arping
- arpspoof tool
- about / arpspoof
- attack methods
- about / Attack methods
- impersonation / Impersonation
- reciprocation / Reciprocation
- influential authority attack / Influential authority
- scarcity / Scarcity
- social relationship / Social relationship
- curiosity / Curiosity
- attack process
- about / Attack process
- intelligence gathering / Attack process
- vulnerable points, identifying / Attack process
- attack, planning / Attack process
- execution / Attack process
- audit scope
- automated browser exploitation
- about / Automated browser exploitation
- automated vulnerability scanning
- about / Automated vulnerability scanning
- Nessus / Nessus
B
- backdoor
- about / Using operating system backdoors
- backdoor service
- about / Meterpreter
- backdoor shell
- about / Backdoor shell
- BackTrack
- about / A brief history of Kali Linux
- Base64
- about / WeBaCoo
- Basic Input Output System (BIOS)
- about / Installing Kali on a USB disk
- bind shell
- about / Bind shell
- black box testing
- about / Black box testing
- BlindElephant
- about / BlindElephant
- blog.g0tmi1k
- reference link / Hashcat
- Bridged Adapter
- about / Setting up a wired connection
- Bruteforce Exploit Detector (BED)
- about / BED
- Bubble View
- about / Maltego
- Burp Suite
- about / Burp Suite
- references / Burp Suite
- spider / Burp Suite
- repeater / Burp Suite
- intruder / Burp Suite
- comparer / Burp Suite
C
- channel
- Cisco analysis
- about / Cisco analysis
- Cisco auditing tool (CAT)
- about / Cisco auditing tool
- Cisco devices
- reference link / Cisco auditing tool
- Cisco global exploiter (CGE)
- about / Cisco global exploiter
- Cisco IOS HTTP Auth vulnerability
- reference link / Cisco global exploiter
- Cisco password
- reference link / Installing the Cisco password cracker
- client requisities, target scoping
- customer requisities form, creating / Creating the customer requirements form
- deliverables assessment form / The deliverables assessment form
- command-line interface (CLI)
- about / MSFCLI
- Common Internet File System (CIFS)
- about / SMB analysis
- Common weakness enumeration
- reference link / Vulnerability taxonomy
- Community support
- Crunch tool
- curiosity
- about / Curiosity
- Custom Word List (CeWL)
- Custom Word List (CeWL), options
- CVE
- reference link / The Nmap scripting engine
- CVE-2013-0232 MS Windows privilege escalation vulnerability
- reference link / Local vulnerability
- cyberwarzone
- reference link / Hashcat
- Cymothoa
- about / Cymothoa
D
- Dark Net sites
- reference link / Installing the TOR Browser
- database assessment tools
- about / Database assessment tools
- SQLMap / SQLMap
- SQL Ninja / SQL Ninja
- database management systems (DBMS)
- about / SQLMap
- Denial of Service (DoS)
- about / The Nmap scripting engine
- deployment
- network deployment / Network deployment
- wireless deployment / Wireless deployment
- host deployment / Host deployment
- detect-new-ip6 tool
- about / detect-new-ip6
- dig
- distributed computing environment (DCE) service
- about / Impacket Samrdump
- DMitry (Deepmagic Information Gathering Tool)
- about / DMitry
- dns2tcp
- about / dns2tcp
- dns2tcpc
- about / dns2tcp
- dns2tcpd
- about / dns2tcp
- DNSChef
- about / DNSChef
- reference link / DNSChef
- DNS proxy, setting up / Setting up a DNS proxy
- domain, faking / Faking a domain
- DNSChef Version 0.2
- reference link / Faking a domain
- dnsenum
- about / dnsenum
- DNS records
- DNS record types
- DNS spoofing
- steps / Ettercap
- dns_spoof plugin
- about / Ettercap
- documentation verification
- about / Documentation and results verification
- detailed notes, taking / Documentation and results verification
- note-taking template / Documentation and results verification
- reliability / Documentation and results verification
- Domain Name System (DNS)
- domain registration information
- querying / Querying the domain registration information
- dsniff tool
- about / dsniff
- Dynamic Host Configuration Protocol (DHCP)
E
- egress filtering
- about / proxychains
- Entity List
- about / Maltego
- ethics, security testing
- about / The ethics
- example / The ethics
- Ettercap
- Evil Access Point attack
- about / Evil AP attack
- Evil AP attack
- about / Evil AP attack
- Mana Wireless Toolkit / Mana Evil AP
- executive report
- about / The executive report
- project objective / The executive report
- vulnerability risk classification / The executive report
- executive summary / The executive report
- statistics / The executive report
- risk matrix / The executive report
- exploit
- reference link / Privilege escalation using a local exploit
- exploitation
- exploit code
- reference link / Vulnerability research
- exploit development learning resources
- about / Exploit development learning resources
- references / Exploit development learning resources
- exploit modules
- developing / Writing exploit modules
- exploit repositories
- external mode
- reference link / John
F
- FastTrack Schedule
- reference link / Project management and scheduling
- fast XP table
- reference link / Ophcrack
- Fern Wifi Cracker
- about / Fern Wifi Cracker
- fierce
- about / fierce
- file transfer
- about / File transfer
- File Transfer Protocol (FTP)
- Firefox installation
- reference link / Logging in to the NeXpose community
- firewall/IDS evasion
- -f (fragment packets) / Nmap options for Firewall/IDS evasion
- --mtu / Nmap options for Firewall/IDS evasion
- -D (decoy) / Nmap options for Firewall/IDS evasion
- --source-port <portnumber> / Nmap options for Firewall/IDS evasion
- -g (spoof source port) / Nmap options for Firewall/IDS evasion
- --data-length / Nmap options for Firewall/IDS evasion
- --max-parallelism / Nmap options for Firewall/IDS evasion
- --scan-delay <time> / Nmap options for Firewall/IDS evasion
- fping tool
- about / fping
- FreeS
- about / ike-scan
- Fuzz analysis
- about / Fuzz analysis
- reference link / Fuzz analysis
- Bruteforce Exploit Detector (BED) / BED
- JBroFuzz / JBroFuzz
G
- general penetration testing framework
- about / General penetration testing framework
- target scoping / Target scoping
- Google Hacking Database (GHDB)
- GParted Live
- reference link / Installing Kali on a physical machine
- GrammaTech
- reference link / Vulnerability taxonomy
- Graphical Processing Unit-based (GPU) password cracker
- about / Hashcat
- gray box testing
- about / Gray box testing
H
- hacking testing
- reference link / Using public resources
- half-open
- about / Nmap TCP scan options
- hard disk installation, Kali Linux
- installation, on physical machine / Installing Kali on a physical machine
- installation, on virtual machine / Installing kali on a virtual machine
- installation on virtual machine, from ISO image / Installing Kali on a virtual machine from the ISO image
- installation on virtual machine, Kali Linux VM image used / Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
- hash-identifier tool
- about / hash-identifier
- reference link / hash-identifier
- Hashcat
- Hashcat, attack modes
- Hashcat GPU-based tools
- hashcrack
- reference link / Hashcat
- HashMyFiles
- reference link / Downloading Kali Linux
- host
- hping3 tool
- HP software security
- reference link / Vulnerability taxonomy
- HTTP
- about / HTTP
- Human Intelligence (HUMINT)
- about / Open Source Intelligence
- Human Interface Devices (HID)
- about / Host deployment
- Human Interface Devices (HID) attacks
- about / HID attacks
- human psychology
- modeling / Modeling the human psychology
- Human Resource (HR)
- about / The management report
- Hybrid attack
- reference link / Hashcat
- Hydra tool
- about / Hydra
- Hypertext Transport Protocol (HTTP)
I
- ICMP control messages
- reference link / ping
- ICMPv6 Neighbor Discovery
- about / alive6
- IEEE 802.11 standard
- about / Overview of 802.11
- Wired Equivalent Privacy Standard / Wired Equivalent Privacy Standard
- Wi-Fi Protected Access / Wi-Fi Protected Access
- ike-scan tool
- Impacketsamrdump
- about / Impacket Samrdump
- impersonation
- about / Impersonation
- index
- influential authority attack
- about / Influential authority
- information gathering
- about / Information gathering
- target discovery / Target discovery
- target enumerating / Enumerating target
- vulnerability mapping / Vulnerability mapping
- social engineering / Social engineering
- target exploitation / Target exploitation
- privilege escalation / Privilege escalation
- access maintaining / Maintaining access
- documenting / Documentation and reporting
- reporting / Documentation and reporting
- Information Systems Security Assessment Framework (ISSAF)
- reference link / Information Systems Security Assessment Framework
- about / Information Systems Security Assessment Framework
- features / Key features and benefits of ISSAF
- Initialization Vectors (IVs)
- about / WEP cracking
- initial sequence number (ISN)
- Institute for Security and Open Methodologies (ISECOM)
- inter-process communication (IPC)
- about / SMB analysis
- Internet Assigned Number Authority (IANA)
- Internet Control Message Protocol (ICMP)
- about / ping
- interrogation tactics
- about / Modeling the human psychology
- Intersect
- about / Intersect
- interview tactics
- about / Modeling the human psychology
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- about / Identifying the target machine
- iodine
- IPsec
- ISO images
- about / Virtual machines and ISO images
- references / Virtual machines and ISO images
- iwlist
- about / Iwlist
J
- JBroFuzz
- Johnny tool
- John tool
- John tool, password cracking modes
K
- Kali Linux
- history / A brief history of Kali Linux
- reference link / A brief history of Kali Linux
- features / A brief history of Kali Linux
- tool categories / Kali Linux tool categories
- downloading / Downloading Kali Linux
- download link / Downloading Kali Linux
- running, Live DVD used / Running Kali using Live DVD
- hard disk installation / Installing on a hard disk
- installation link / Installing Kali on a physical machine
- virtual machine, saving / Saving or Moving the virtual machine
- virtual machine, moving / Saving or Moving the virtual machine
- installation, on USB disk / Installing Kali on a USB disk
- updating / Updating Kali Linux
- network services / Network services in Kali Linux
- vulnerable server, installation / Installing a vulnerable server
- additional weapons, installation / Installing additional weapons
- Kali Linux Live USB
- reference link / Installing Kali on a USB disk
- Kali Linux Nethunter
- about / Kali Nethunter
- deployment / Deployment
- installation / Installing Kali Nethunter
- installation link / Installing Kali Nethunter
- Kali Linux Nethunter icons
- about / Nethunter icons
- Kali Linux Nethunter tools
- about / Nethunter tools
- Nmap / Nmap
- Metasploit / Metasploit
- MAC changer / MAC changer
- Kali Linux VM image
- Karma exploit
- reference link / Mana Evil AP
- Kismet
- about / Kismet
- Klocwork
- reference link / Vulnerability taxonomy
L
- LAN Manager (LM) hash
- leaked information
- accessing / Accessing leaked information
- The Onion Router / The Onion Router
- TOR Browser, installing / Installing the TOR Browser
- TOR Browser, installation / Installing the TOR Browser
- Linux Live USB Creator
- reference link / Installing Kali on a USB disk
- Live DVD
- used, for running Kali Linux / Running Kali using Live DVD
- Local Area Network (LAN)
- about / arping, VPN enumeration, SMB analysis, Post cracking
- Local Area Networks (LANs)
- about / Wireless networking
- local vulnerability
- about / Local vulnerability
- Lua programming language
- reference link / The Nmap scripting engine
M
- -M command
- about / ike-scan
- MAC changer
- about / MAC changer
- MAC spoofing
- about / MAC spoofing
- Main View
- about / Maltego
- Maltego
- Maltego, layout algorithms
- man-in-the-middle (MITM)
- about / Burp Suite
- management information bases (MIBs)
- about / SNMP analysis
- management report
- about / The management report
- compliance achievement / The management report
- testing methodology / The management report
- assumptions / The management report
- limitations / The management report
- change management / The management report
- configuration management / The management report
- Mask attack
- reference link / Hashcat
- Maximum Transmission Unit (MTU)
- Media Access Control (MAC)
- about / arping
- Medusa
- about / Medusa
- Medusa, options
- Message Integrity Check (MIC)
- about / Wi-Fi Protected Access
- Metagoofil
- about / Metagoofil
- working / Metagoofil
- Metasploit
- about / Metasploit
- Metasploitable 2
- about / Installing a vulnerable server
- references / Installing a vulnerable server
- download link / Installing a vulnerable server
- Metasploit framework
- about / Vulnerability research
- references / Advanced exploitation toolkit
- Metasploit Meterpreter
- about / The meterpreter backdoor
- meterpreter
- about / Meterpreter
- Meterpreter backdoor
- about / The meterpreter backdoor
- Microsoft Office Project Professional
- reference link / Project management and scheduling
- Mimikatz tool
- about / Mimikatz
- Mitre's Common Attack Pattern Enumeration and Classification (CAPEC)
- Mitre's Common Weakness Enumeration (CWE)
- MS08-067 MS Windows Server Service vulnerability
- reference link / Remote vulnerability
- MSFCLI
- about / MSFCLI
- MSFConsole
- about / MSFConsole
- MSFConsole commands
- show auxiliary / MSFConsole
- show exploits / MSFConsole
- show payloads / MSFConsole
- show encoders / MSFConsole
- shownops / MSFConsole
- show options / MSFConsole
- show targets / MSFConsole
- show advanced / MSFConsole
- check / MSFConsole
- connectip port / MSFConsole
- exploit / MSFConsole
- run / MSFConsole
- jobs / MSFConsole
- route add subnet netmasksessionid / MSFConsole
- info module / MSFConsole
- setparam value / MSFConsole
- setgparam value / MSFConsole
- unsetparam / MSFConsole
- unsetgparam / MSFConsole
- sessions / MSFConsole
- search string / MSFConsole
- use module / MSFConsole
- MySQL
- about / MySQL
- MySQL injection vulnerability
N
- Name Servers (NS)
- about / dig
- nbtscan
- about / SMB enumeration
- nbtscan tool
- about / nbtscan
- Ncat
- about / ncat
- Ncat tool
- Nessus
- about / Nessus
- Nessus package
- download link / Installing the Nessus vulnerability scanner
- Nessus Version 6
- reference link / Installing the Nessus vulnerability scanner
- NetBIOS
- reference link / nbtscan
- NetBIOS Suffixes
- reference link / SMB enumeration
- Netcat
- reference link / Bind shell
- about / Netcat
- Nethunter images
- reference link / Installing Kali Nethunter
- Network Address Translation (NAT)
- about / Setting up a wired connection, Bind shell
- Network Basic Input Output System (NetBIOS)
- about / SMB analysis
- networking, virtual machine
- wired connection, setting up / Setting up a wired connection
- network penetration testing report
- network ports
- about / Network ports
- reference link / Network ports
- network routing information
- obtaining / Getting network routing information
- traceroute command / tcptraceroute
- tctrace command / tctrace
- network scanner
- about / The network scanner
- Nmap / Nmap
- Nmap target specification / Nmap target specification
- Nmap TCP scan options / Nmap TCP scan options
- Nmap UDP scan options / Nmap UDP scan options
- Nmap port specification / Nmap port specification
- Nmap output options / Nmap output options
- Nmap timing options / Nmap timing options
- Nmap options / Useful Nmap options
- Nmap, for scanning IPv6 target / Nmap for scanning the IPv6 target
- Nmap scripting engine / The Nmap scripting engine
- Nmap options, for firewall/IDS evasion / Nmap options for Firewall/IDS evasion
- network services
- network sniffer
- about / Network sniffers
- dsniff tool / dsniff
- tcpdump / tcpdump
- Wireshark / Wireshark
- network spoofing tools
- about / Network spoofing tools
- DNSChef / DNSChef
- arpspoof tool / arpspoof
- Ettercap / Ettercap
- network tool
- about / Network tool
- reference link / Network tool
- Netcat / Netcat
- open connection / Open connection
- service banner grabbing / Service banner grabbing
- simple chat server / Creating a simple chat server
- file transfer / File transfer
- portscanning / Port scanning
- backdoor shell / Backdoor shell
- reverse shell / Reverse shell
- network vulnerability scanning
- about / Network vulnerability scanning
- Cisco analysis / Cisco analysis
- Cisco auditing tool (CAT) / Cisco auditing tool
- Cisco global exploiter (CGE) / Cisco global exploiter
- SMB analysis / SMB analysis
- Impacketsamrdump / Impacket Samrdump
- SNMP analysis / SNMP analysis
- SNMP Walk / SNMP Walk
- NeXpose Community Edition
- features / NeXpose Community Edition
- NeXpose scan engine / NeXpose Community Edition
- NeXpose security console / NeXpose Community Edition
- reference link / Installing NeXpose
- NeXpose Community Edition (NeXpose CE)
- about / NeXpose Community Edition
- Nigerian 419 Scam
- reference link / Scarcity
- Nikto2
- Ninja 101 drills
- about / Ninja 101 drills
- scenario 1 / Scenario 1
- scenario 2 / Scenario 2
- scenario 3 / Scenario 3
- scenario 4 / Scenario 4
- Nmap
- Nmap, port states
- Nmap-Parser
- reference link / Nmap output options
- Nmap manual
- reference link / Nmap options for Firewall/IDS evasion
- Nmap NSE Vulscan
- reference link / The Nmap scripting engine
- Nmap options
- about / Useful Nmap options
- service version detection / Service version detection
- operating system detection / Operating system detection
- host discovery, disabling / Disabling host discovery
- aggressive scan / Aggressive scan
- Nmap output options
- about / Nmap output options
- interactive output / Nmap output options
- normal output (-oN) / Nmap output options
- XML output (-oX) / Nmap output options
- grepable output (-oG) / Nmap output options
- Nmap port specification
- about / Nmap port specification
- -p port range / Nmap port specification
- -F (fast) / Nmap port specification
- -r (don't randomize port) / Nmap port specification
- --top-ports <1 or greater> / Nmap port specification
- Nmap scripting engine (NSE)
- about / The Nmap scripting engine
- Nmap target specification
- about / Nmap target specification
- Nmap TCP scan options
- TCP connect scan (-sT) / Nmap TCP scan options
- SYN scan (-sS) / Nmap TCP scan options
- TCP NULL scan (-sN) / Nmap TCP scan options
- TCP FIN scan (-sF) / Nmap TCP scan options
- TCP XMAS scan (-sX) / Nmap TCP scan options
- TCP Maimon scan (-sM) / Nmap TCP scan options
- TCP ACK scan (-sA) / Nmap TCP scan options
- TCP Window scan (-sW) / Nmap TCP scan options
- TCP Idle scan (-sI) / Nmap TCP scan options
- Nmap timing options
- about / Nmap timing options
- paranoid (0) / Nmap timing options
- sneaky (1) / Nmap timing options
- polite (2) / Nmap timing options
- normal (3) / Nmap timing options
- aggressive (4) / Nmap timing options
- insane (5) / Nmap timing options
- Nmap UDP scan options
- about / Nmap UDP scan options
- nping tool
- about / nping
- NSE command-line arguments
- about / The Nmap scripting engine
- NSE scripts
- auth / The Nmap scripting engine
- default / The Nmap scripting engine
- discovery / The Nmap scripting engine
- DoS / The Nmap scripting engine
- exploit / The Nmap scripting engine
- external / The Nmap scripting engine
- fuzzer / The Nmap scripting engine
- intrusive / The Nmap scripting engine
- malware / The Nmap scripting engine
- safe / The Nmap scripting engine
- version / The Nmap scripting engine
- vuln / The Nmap scripting engine
- NT LAN Manager (NTLM) hash
O
- object identifier (OID)
- about / SNMP analysis
- offline attack tools
- about / Offline attack tools
- onesixtyone tool
- about / onesixtyone
- online attack tools
- about / Online attack tools
- online web application
- risks / Online web application challenges
- references. for risks / Online web application challenges
- open connection
- about / Open connection
- Open Source Intelligence (OSINT)
- about / Open Source Intelligence
- Open Source Security Testing Methodology Manual (OSSTMM)
- reference link / Open Source Security Testing Methodology Manual
- about / Open Source Security Testing Methodology Manual
- blind testing / Open Source Security Testing Methodology Manual
- double blind testing / Open Source Security Testing Methodology Manual
- gray box testing / Open Source Security Testing Methodology Manual
- double gray box testing / Open Source Security Testing Methodology Manual
- tandem testing / Open Source Security Testing Methodology Manual
- reversal testing / Open Source Security Testing Methodology Manual
- features / Key features and benefits of OSSTMM
- OpenSwan
- about / ike-scan
- Open System Interconnection (OSI)
- about / arping
- Open Systems Interconnection (OSI) model
- Open Web Application Security Project (OWASP)
- about / Security testing methodologies, Open Web Application Security Project
- reference link / Open Web Application Security Project
- reference, for Testing Guide / Open Web Application Security Project
- reference, for Developer's Guide / Open Web Application Security Project
- reference, for Code Review Guide / Open Web Application Security Project
- features / Key features and benefits of OWASP
- Operating System (OS) fingerprinting
- about / OS fingerprinting
- active method / OS fingerprinting
- passive method / OS fingerprinting
- p0f tool / p0f
- Nmap / Nmap
- operating system backdoors
- using / Using operating system backdoors
- Cymothoa / Cymothoa
- Intersect / Intersect
- Meterpreter backdoor / The meterpreter backdoor
- Ophcrack
- OSVDB
- reference link / The Nmap scripting engine
- OWASP Top 10
- reference link / Vulnerability taxonomy
- OWASP ZAP (Zed Attack Proxy)
- about / OWASP ZAP
P
- -P command
- about / ike-scan
- p0f
- about / OS fingerprinting
- p0f tool
- about / p0f
- packets per second (PPS)
- about / Unicornscan
- packetstormsecurity
- reference link / Hashcat
- paid incentive programs
- about / Paid incentive programs
- references / Paid incentive programs
- Palette window
- about / Maltego
- Paros proxy
- about / Paros proxy
- reference link / Paros proxy
- passive_discovery6 tool
- about / passive_discovery6
- password attack tools
- about / Password attack tools
- offline attack tools / Offline attack tools
- hash-identifier tool / hash-identifier
- Hashcat / Hashcat
- RainbowCrack tool / RainbowCrack
- samdump2 / samdump2
- John tool / John
- Johnny tool / Johnny
- Ophcrack / Ophcrack
- Crunch tool / Crunch
- online attack tools / Online attack tools
- Custom Word List (CeWL) / CeWL
- Hydra tool / Hydra
- Medusa / Medusa
- Mimikatz tool / Mimikatz
- password attack tools, factors
- something you know / Password attack tools
- something you have / Password attack tools
- something you are / Password attack tools
- password attack tools, types
- offline attack tools / Password attack tools
- online attack tools / Password attack tools
- penetration testing
- types / Types of penetration testing
- versus vulnerability assessment / Vulnerability assessment versus penetration testing
- on vulnerable environment / Penetration testing on a vulnerable environment
- penetration testing, types
- black box testing / Black box testing
- white box testing / White box testing
- gray box testing / Gray box testing
- test, deciding / Deciding on a test
- Penetration Testing Execution Standard (PTES)
- penetration testing learning resources
- about / Penetration testing learning resources
- references / Penetration testing learning resources
- penetration testing tools
- about / Kali Linux tool categories
- information gathering / Kali Linux tool categories
- vulnerability assessment / Kali Linux tool categories
- web applications / Kali Linux tool categories
- database assessment / Kali Linux tool categories
- password attacks / Kali Linux tool categories
- wireless attacks / Kali Linux tool categories
- exploitation tools / Kali Linux tool categories
- sniffing / Kali Linux tool categories
- spoofing / Kali Linux tool categories
- post exploitation / Kali Linux tool categories
- reporting tools / Kali Linux tool categories
- system services / Kali Linux tool categories
- persistence
- about / Persistence
- PHP Meterpreter
- about / PHP meterpreter
- ping tool
- PixieWPS
- PoC exploit code
- Portable Kali Linux method
- about / Installing Kali on a USB disk
- Kali Linux ISO image / Installing Kali on a USB disk
- USB flash disk / Installing Kali on a USB disk
- ports
- port scanning
- defining / Introducing port scanning
- portscanning
- about / Port scanning
- post-testing procedures
- about / Post-testing procedures
- post cracking
- about / Post cracking
- MAC spoofing / MAC spoofing
- persistence / Persistence
- PostgreSQL login
- about / PostGRESQL login
- PowerShell
- reference link / Nmap output options
- privilege escalation
- about / Vulnerability assessment versus penetration testing
- local exploit, using / Privilege escalation using a local exploit
- Process Identifier (PID)
- Project KickStart Pro
- reference link / Project management and scheduling
- ProjectLibre
- reference link / Project management and scheduling
- proof-of-concept (PoC)
- about / Vulnerability research
- proof of concept (PoC) code
- protocols
- reference link / SMB analysis
- proxychains
- about / proxychains
- uses / proxychains
- psk-crack tool
- about / ike-scan
- ptunnel tool
- about / ptunnel
- public resources
- using / Using public resources
- Putty
- reference link / SSH
- pwdump
- reference link / John
- python-Nmap
- reference link / Nmap output options
R
- RainbowCrack tool
- about / RainbowCrack
- rtgen tool / RainbowCrack
- rtsort tool / RainbowCrack
- rcrack tool / RainbowCrack
- rainbow tables
- references / RainbowCrack
- RAV score
- rcracki_mt
- about / RainbowCrack
- reference link / RainbowCrack
- reciprocation
- about / Reciprocation
- recon-ng
- reference link / Reconnaissance tool
- recon-ng version 4.7.2
- download link / Reconnaissance tool
- modules / Reconnaissance tool
- reconnaissance tool
- about / Reconnaissance tool
- remote procedure calls (RPC) service
- about / Impacket Samrdump
- remote vulnerability
- about / Remote vulnerability
- report presentation
- preparing / Preparing your presentation
- reports
- types / Types of reports
- executive report / The executive report
- management report / The management report
- technical report / The technical report
- repositories
- references / Vulnerability and exploit repositories
- results verification
- about / Documentation and results verification
- detailed notes, taking / Documentation and results verification
- note-taking template / Documentation and results verification
- reliability / Documentation and results verification
- reverse code engineering tools
- reference link / Vulnerability research
- reverse engineering resources
- about / Reverse engineering resources
- references / Reverse engineering resources
- reverse shell
- about / Reverse shell, Reverse shell
- RFC 793
- download link / Understanding the TCP and UDP message format
- RFC 3168
- download link / Understanding the TCP and UDP message format
- Congestion Window Reduced (CWR) / Understanding the TCP and UDP message format
- Explicit Connection Notification-Echo (ECN-Echo) / Understanding the TCP and UDP message format
- Window Size (16 bits) / Understanding the TCP and UDP message format
- Checksum (16 bits) / Understanding the TCP and UDP message format
- RFC 3912
- reference link / Querying the domain registration information
- Risk Assessment Values (RAV)
- rooting toolkit
- reference link / Installing Kali Nethunter
- router passwords
- reference link / Persistence
- Ruby Nmap
- reference link / Nmap output options
- Rufus
- reference link / Installing Kali on a USB disk
- Rule-based attack
- reference link / Hashcat
S
- samdump2
- SANS-CWE
- scanflags
- about / Nmap TCP scan options
- scarcity
- about / Scarcity
- scenario 2
- SMB usernames / SMB usernames
- VNC blank authentication scanner / VNC blank authentication scanner
- PostgreSQL login / PostGRESQL login
- scenario 3
- bind shell / Bind shell
- reverse shell / Reverse shell
- meterpreter / Meterpreter
- scenario 4
- binary backdoor, generating / Generating a binary backdoor
- automated browser exploitation / Automated browser exploitation
- scip VulDB
- reference link / The Nmap scripting engine
- scope
- search engine
- utilizing / Utilizing the search engine
- theharvester / theharvester
- SimplyEmail / SimplyEmail
- Secure Shell (SSH)
- about / SSH
- security account manager (SAM)
- about / Impacket Samrdump
- Security Accounts Manager (SAM) file
- about / samdump2
- security analysis
- programming skills / Vulnerability research
- reverse engineering / Vulnerability research
- instrumented tools / Vulnerability research
- exploitability / Vulnerability research
- payload construction / Vulnerability research
- Security Association (SA)
- about / ike-scan
- SecurityFocus
- reference link / The Nmap scripting engine
- Security Test Audit Report (STAR)
- security testing
- methodologies / Security testing methodologies
- features / Security testing methodologies
- benefits / Security testing methodologies
- OSSTMM / Open Source Security Testing Methodology Manual
- (OSSTMM) / Open Source Security Testing Methodology Manual
- (ISSAF) / Information Systems Security Assessment Framework
- (OWASP) / Open Web Application Security Project
- web application security threats / Web Application Security Consortium Threat Classification
- (PTES) / Penetration Testing Execution Standard
- SecurityTracker
- reference link / The Nmap scripting engine
- segment
- sequence number field
- Server Message Block (SMB)
- Server Message Block (SMB) analysis
- about / SMB analysis
- service banner grabbing
- about / Service banner grabbing
- Service Set Identifier (SSID)
- about / Wi-Fi Protected Access
- SET section
- reference link / Anonymous USB Attack
- Seven pernicious kingdoms
- reference link / Vulnerability taxonomy
- SHA-1 type hash
- about / hash-identifier
- SHA1 hash value
- about / Downloading Kali Linux
- reference link / Downloading Kali Linux
- shell commands
- reference link / Vulnerability and exploit repositories
- Signals Intelligence (SIGINT)
- about / Open Source Intelligence
- simple chat server
- about / Creating a simple chat server
- Simple Network Management Protocol (SNMP)
- Simple Network Management Protocol (SNMP) analysis
- about / SNMP analysis
- Simple Network Monitoring Protocol (SNMP)
- about / SNMP enumeration
- SimplyEmail
- reference link / SimplyEmail
- skullsecurity
- reference link / Hashcat
- small XP table
- reference link / Ophcrack
- SMB (Server Message Block)
- about / SMB usernames
- SMB enumeration
- about / SMB enumeration
- SMB usernames
- about / SMB usernames
- snmpcheck
- about / snmpcheck
- SNMP enumeration
- about / SNMP enumeration
- onesixtyone tool / onesixtyone
- snmpcheck / snmpcheck
- SNMP protocol
- reference link / SNMP analysis
- SNMP Walk
- socat tool
- about / socat
- init phase / socat
- open phase / socat
- transfer phase / socat
- close phase / socat
- CREATETopicn<filename> / socat
- EXECTopicn<command-line> / socat
- FDTopicn<fdnum> / socat
- INTERFACETopicn<interface> / socat
- IP4-SENDTOTopicn<host>Topicn<protocol> / socat
- IP4-RECVTopicn<protocol> / socat
- OPENTopicn<filename> / socat
- OPENSSLTopicn<host>Topicn<port> / socat
- OPENSSL-LISTENTopicn<port> / socat
- PIPETopicn<filename> / socat
- TCP4Topicn<host>Topicn<port> / socat
- TCP4-LISTENTopicn<port> / socat
- UDP4Topicn<host>Topicn<port> / socat
- UDP4-LISTENTopicn<port> / socat
- UDP4-SENDTOTopicn<host>Topicn<port> / socat
- UDP4-RECVTopicn<port> / socat
- UNIX-CONNECTTopicn<filename> / socat
- UNIX-LISTENTopicn<filename> / socat
- UNIX-SENDTOTopicn<filename> / socat
- UNIX-RECVTopicn<filename> / socat
- HTTP header information, obtaining / Getting HTTP header information
- files, transferring / Transferring files
- Social Engineering Framework
- reference link / Modeling the human psychology
- social engineering toolkit (SET)
- about / Social Engineering Toolkit
- anonymous USB attack / Anonymous USB Attack
- reference link / Anonymous USB Attack
- social relationship
- about / Social relationship
- SQL injection attacks
- reference link / Database assessment tools
- SQLMap
- about / SQLMap
- SQLMap examples
- reference link / SQLMap
- SQL Ninja
- sslh
- about / sslh
- strongSwan
- about / ike-scan
- stunnel4
- about / stunnel4
- Swiss Army Knife
- about / Using public resources, Network tool
- SYN stealth
- about / Nmap TCP scan options
- System Key (SysKey)
- about / samdump2
- SystemRescueCD
- reference link / Installing Kali on a physical machine
T
- table-lookup
- reference link / Hashcat
- TARBALL file
- download link / p0f
- target discovery
- planning / Starting off with target discovery
- target machine
- identification / Identifying the target machine
- ping tool / ping
- arping tool / arping
- fping tool / fping
- hping3 tool / hping3
- nping tool / nping
- alive6 tool / alive6
- detect-new-ip6 / detect-new-ip6
- passive_discovery6 tool / passive_discovery6
- nbtscan tool / nbtscan
- target scoping
- client requisities, gathering / Gathering client requirements
- test plan, preparing / Preparing the test plan
- test boundaries, profiling / Profiling test boundaries
- test boundaries, profiling / Profiling test boundaries
- business objectives, defining / Defining business objectives
- project management / Project management and scheduling
- scheduling / Project management and scheduling
- TaskJuggler
- reference link / Project management and scheduling
- TaskMerlin
- reference link / Project management and scheduling
- Tcl
- reference link / hping3
- TCP
- characteristics / Understanding the TCP/IP protocol
- TCP/IP protocol
- tcpdump
- about / tcpdump
- TCP header
- Source Port / Understanding the TCP and UDP message format
- Destination Port / Understanding the TCP and UDP message format
- Sequence Number (32 bits) / Understanding the TCP and UDP message format
- Acknowledgment Number (32 bits) / Understanding the TCP and UDP message format
- H.Len. (4 bits) / Understanding the TCP and UDP message format
- Rsvd / Understanding the TCP and UDP message format
- Control Bits / Understanding the TCP and UDP message format
- SYN / Understanding the TCP and UDP message format
- ACK / Understanding the TCP and UDP message format
- RST / Understanding the TCP and UDP message format
- FIN / Understanding the TCP and UDP message format
- PSH / Understanding the TCP and UDP message format
- URG / Understanding the TCP and UDP message format
- TCP message format
- TCP Window field
- about / Nmap TCP scan options
- TCP Window value
- about / Nmap TCP scan options
- technical report
- about / The technical report
- security issues / The technical report
- vulnerabilities map / The technical report
- exploits map / The technical report
- best practices / The technical report
- test boundaries, profiling
- technology limitations / Profiling test boundaries
- knowledge limitations / Profiling test boundaries
- other infrastructure restrictions / Profiling test boundaries
- test plan, preparing
- structured testing process / Preparing the test plan
- resource allocation / Preparing the test plan
- cost analysis / Preparing the test plan
- non-disclosure agreement (NDA) / Preparing the test plan
- penetration testing contract / Preparing the test plan
- rules of engagement (ROE) / Preparing the test plan
- test plan checklist / The test plan checklist
- test process validation
- about / Preparing the test plan
- third-party applications
- about / Third-party applications
- time-memory tradeoff technique
- download link / RainbowCrack
- TimeControl
- reference link / Project management and scheduling
- Time To Live (TTL)
- about / p0f
- Time to Live (TTL)
- about / Nmap
- tools, Kali Linux
- reverse engineering / Kali Linux tool categories
- stress testing / Kali Linux tool categories
- hardware hacking / Kali Linux tool categories
- forensics / Kali Linux tool categories
- top 10 security tools
- about / Kali Linux tool categories
- TOR browser
- about / The Onion Router
- transform attributes
- reference link / ike-scan
- Transmission Control Protocol (TCP)
- about / Introducing port scanning
- TrustedSec
- reference link / Social Engineering Toolkit
- tunneling tools
- working with / Working with tunneling tools
- dns2tcp / dns2tcp
- iodine / iodine
- DNS server, configuration / Configuring the DNS server
- iodine server, executing / Running the iodine server
- iodine client, executing / Running the iodine client
- Ncat tool / ncat
- proxychains / proxychains
- ptunnel tool / ptunnel
- socat tool / socat
- sslh / sslh
- stunnel4 / stunnel4
- TWRP Recovery Image
- reference link / Installing Kali Nethunter
U
- UDP
- characteristics / Understanding the TCP/IP protocol
- UDP header
- Source Port / Understanding the TCP and UDP message format
- Destination Port / Understanding the TCP and UDP message format
- UDP Length / Understanding the TCP and UDP message format
- UDP Checksum (16 bits) / Understanding the TCP and UDP message format
- UDP message format
- Unicornscan
- about / Unicornscan
- features / Unicornscan
- Uniform Resource Locator (URL)
- about / CeWL
- Universal USB Installer
- reference link / Installing Kali on a USB disk
- Urgent Pointer
- user-defined function (UDF)
- about / SQLMap
- User Account Control (UAC)
- about / HID attacks
- User Datagram Protocol (UDP)
- about / Introducing port scanning
V
- vector
- Vega
- VirtualBox
- reference link / Installing kali on a virtual machine
- VirtualBox Extension Pack
- VirtualBox guest additions
- about / VirtualBox Guest Additions
- features / VirtualBox Guest Additions
- virtual machine
- configuring / Configuring the virtual machine
- virtual machine, configuring
- VirtualBox guest additions / VirtualBox Guest Additions
- networking, setting up / Setting up Networking
- wireless connection, setting up / Setting up a wireless connection
- virtual machines
- about / Virtual machines and ISO images
- references / Virtual machines and ISO images
- Virtual Network Computing (VNC)
- about / VNC blank authentication scanner
- Virtual Private Network (VPN) systems
- about / VPN enumeration
- Vista table
- reference link / Ophcrack
- VNC blank authentication scanner
- about / VNC blank authentication scanner
- VPN enumeration
- about / VPN enumeration
- ike-scan tool / ike-scan
- VPN method
- IPsec-based VPN / VPN enumeration
- OpenVPN / VPN enumeration
- SSL-based VPN / VPN enumeration
- vulnerabilities
- types / Types of vulnerabilities
- design vulnerabilities / Types of vulnerabilities
- implementation vulnerabilities / Types of vulnerabilities
- operational vulnerabilities / Types of vulnerabilities
- local vulnerability / Local vulnerability
- remote vulnerability / Remote vulnerability
- vulnerability
- vulnerability assessment
- versus penetration testing / Vulnerability assessment versus penetration testing
- about / Vulnerability assessment versus penetration testing
- vulnerability disclosure
- about / Vulnerability disclosure and tracking
- references / Vulnerability disclosure and tracking
- vulnerability research
- about / Vulnerability research
- vulnerability scanner
- about / Vulnerability scanner
- NeXpose Community Edition / NeXpose Community Edition
- NeXpose Community Edition, installation / Installing NeXpose
- NeXpose Community Edition, beginning / Starting the NeXpose community
- NeXpose Community Edition, logging in / Logging in to the NeXpose community
- NeXpose Community Edition, using / Using the NeXpose community
- vulnerability taxonomy
- about / Vulnerability taxonomy
- vulnerability tracking
- about / Vulnerability disclosure and tracking
- references / Vulnerability disclosure and tracking
W
- W3AF
- WAIDPS
- about / WAIDPS
- WAIDPS.py
- download link / WAIDPS
- WAN
- about / ike-scan
- WASC-TC
- WASC threat classification
- reference link / Vulnerability taxonomy
- web application analysis
- about / Web application analysis
- Nikto2 / Nikto2
- OWASP ZAP / OWASP ZAP
- Burp Suite / Burp Suite
- Paros proxy / Paros proxy
- W3AF / W3AF
- WafW00f / WafW00f
- WebScarab / WebScarab
- web application firewall (WAF)
- about / WafW00f
- Web Application Security Consortium (WASC)
- about / Security testing methodologies
- web application security threats
- about / Web Application Security Consortium Threat Classification
- enumeration view / Web Application Security Consortium Threat Classification
- development view / Web Application Security Consortium Threat Classification
- taxonomy cross-reference view / Web Application Security Consortium Threat Classification
- reference link / Web Application Security Consortium Threat Classification
- web application tools
- about / Web application tools
- Vega / Vega
- BlindElephant / BlindElephant
- Web Backdoor Cookie (WeBaCoo)
- web backdoors
- creating / Creating web backdoors
- Web Backdoor Cookie (WeBaCoo) / WeBaCoo
- PHP Meterpreter / PHP meterpreter
- WebScarab
- white box testing
- about / White box testing
- whois client
- references / Querying the domain registration information
- Wifite
- about / Wifite
- Win32DiskImager
- reference link / Installing Kali on a USB disk
- Winrtgen
- reference link / RainbowCrack
- Wired Equivalent Privacy Standard
- stage process / Wired Equivalent Privacy Standard
- wireless antennas and chipsets
- reference link / Antennas
- wireless attacks
- about / Wireless attacks
- wireless scanning / Wireless scanning
- WPA/WPA2 cracking / WPA/WPA2 cracking
- WPS cracking / WPS cracking
- Evil AP attack / Evil AP attack
- Wireless Local Area Networks (WLANs)
- about / Wireless networking
- wireless networking
- about / Wireless networking
- IEEE 802.11 standard / Overview of 802.11
- wireless network recon
- about / Wireless network recon
- antennas / Antennas
- iwlist / Iwlist
- Kismet / Kismet
- WAIDPS / WAIDPS
- wireless scanning
- about / Wireless scanning
- Kali Linux Nethunter tools / Nethunter tools
- third-party applications / Third-party apps
- wireless testing tools
- about / Wireless testing tools
- Aircrack-ng / Aircrack-ng
- PixieWPS / PixieWPS
- Wifite / Wifite
- Fern Wifi Cracker / Fern Wifi Cracker
- wireless traffic
- sniffing / Sniffing wireless traffic
- WLAN traffic, sniffing / Sniffing WLAN traffic
- passive sniffing / Passive sniffing
- Wireshark
- wordlist mode
- reference link / John
- WPA-Personal implementation
- Weak Pre-shared Key / Wi-Fi Protected Access
- Wi-Fi Protected Setup (WPS) / Wi-Fi Protected Access
- WPA/WPA2 cracking
- about / WPA/WPA2 cracking
- WPA2
- WPA-Personal / Wi-Fi Protected Access
- WPA-Enterprise / Wi-Fi Protected Access
- Wi-Fi Protected Setup (WPS) / Wi-Fi Protected Access
- WPS cracking
- about / WPS cracking