Table of Contents for
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition by Gerard Johansen Published by Packt Publishing, 2016
  1. Cover
  2. Table of Contents
  3. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
  4. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
  5. Credits
  6. Disclaimer
  7. About the Authors
  8. About the Reviewer
  9. www.PacktPub.com
  10. Preface
  11. What you need for this book
  12. Who this book is for
  13. Conventions
  14. Reader feedback
  15. Customer support
  16. 1. Beginning with Kali Linux
  17. Kali Linux tool categories
  18. Downloading Kali Linux
  19. Using Kali Linux
  20. Configuring the virtual machine
  21. Updating Kali Linux
  22. Network services in Kali Linux
  23. Installing a vulnerable server
  24. Installing additional weapons
  25. Summary
  26. 2. Penetration Testing Methodology
  27. Vulnerability assessment versus penetration testing
  28. Security testing methodologies
  29. General penetration testing framework
  30. Information gathering
  31. The ethics
  32. Summary
  33. 3. Target Scoping
  34. Preparing the test plan
  35. Profiling test boundaries
  36. Defining business objectives
  37. Project management and scheduling
  38. Summary
  39. 4. Information Gathering
  40. Using public resources
  41. Querying the domain registration information
  42. Analyzing the DNS records
  43. Getting network routing information
  44. Utilizing the search engine
  45. Metagoofil
  46. Accessing leaked information
  47. Summary
  48. 5. Target Discovery
  49. Identifying the target machine
  50. OS fingerprinting
  51. Summary
  52. 6. Enumerating Target
  53. Understanding the TCP/IP protocol
  54. Understanding the TCP and UDP message format
  55. The network scanner
  56. Unicornscan
  57. Zenmap
  58. Amap
  59. SMB enumeration
  60. SNMP enumeration
  61. VPN enumeration
  62. Summary
  63. 7. Vulnerability Mapping
  64. Vulnerability taxonomy
  65. Automated vulnerability scanning
  66. Network vulnerability scanning
  67. Web application analysis
  68. Fuzz analysis
  69. Database assessment tools
  70. Summary
  71. 8. Social Engineering
  72. Attack process
  73. Attack methods
  74. Social Engineering Toolkit
  75. Summary
  76. 9. Target Exploitation
  77. Vulnerability and exploit repositories
  78. Advanced exploitation toolkit
  79. MSFConsole
  80. MSFCLI
  81. Ninja 101 drills
  82. Writing exploit modules
  83. Summary
  84. 10. Privilege Escalation
  85. Password attack tools
  86. Network spoofing tools
  87. Network sniffers
  88. Summary
  89. 11. Maintaining Access
  90. Working with tunneling tools
  91. Creating web backdoors
  92. Summary
  93. 12. Wireless Penetration Testing
  94. Wireless network recon
  95. Wireless testing tools
  96. Post cracking
  97. Sniffing wireless traffic
  98. Summary
  99. 13. Kali Nethunter
  100. Installing Kali Nethunter
  101. Nethunter icons
  102. Nethunter tools
  103. Third-party applications
  104. Wireless attacks
  105. HID attacks
  106. Summary
  107. 14. Documentation and Reporting
  108. Types of reports
  109. The executive report
  110. The management report
  111. The technical report
  112. Network penetration testing report (sample contents)
  113. Preparing your presentation
  114. Post-testing procedures
  115. Summary
  116. A. Supplementary Tools
  117. Web application tools
  118. Network tool
  119. Summary
  120. B. Key Resources
  121. Paid incentive programs
  122. Reverse engineering resources
  123. Penetration testing learning resources
  124. Exploit development learning resources
  125. Penetration testing on a vulnerable environment
  126. Online web application challenges
  127. Virtual machines and ISO images
  128. Network ports
  129. Index

Chapter 14. Documentation and Reporting

Assessment tracking and documentation is a critical aspect of professional penetration testing. Each input and output from the testing tools should be recorded to ensure that the findings are reproducible in an accurate and consistent manner when needed. Keep in mind that part of the penetration testing process includes presenting the findings to clients. There is a high likelihood that these clients will want to mitigate the vulnerabilities and then attempt to mimic your steps in order to ensure their mitigations were effective. Depending on the scope, you may be required to perform additional testing that verifies any improvements the client makes, which actually removes the vulnerabilities you found. Accurate documentation of your steps will assist you in ensuring that the very same testing occurs during this follow up.

Proper test documentation provides a record of the actions performed and thus allows you to trace your steps in case the business experiences non-test-related incidents during your agreed-upon test window. A detailed recording of your actions can be very tedious, but as a professional penetration tester, you should not overlook this step.

Documentation, report preparation, and presentation are the core areas that must be addressed in a systematic, structured, and consistent manner. This chapter provides detailed instructions that will assist you in aligning your documentation and reporting strategy. The following topics will be covered in this chapter:

  • Results verification, which ensures that only validated findings are reported.
  • Types of report and their reporting structures will be discussed in the paradigm of an executive, management, and technical perspective to reflect the best interests of the relevant authorities involved in the penetration testing project.
  • The presentation section provides general tips and guidelines that may help in understanding your audience and their level of tactfulness to the given information.
  • Post-testing procedures, the corrective measures and recommendations that you should include as a part of a report, and their use for advising the remediation team at the organization concerned. This kind of exercise is quite challenging and requires an in-depth knowledge of a target infrastructure under security considerations.

Each of the following sections will provide a strong basis for preparing documentation, reporting, and presentation, and especially highlighting their roles. Even a small mistake can lead to a legal problem. The report that you create must show consistency with your findings, and should do more than just point out the potential weaknesses found in a target environment. For instance, it should be well prepared and demonstrate a proof of support against known compliance requirements, if any, required by your client. Additionally, it should clearly state the attacker's modus operandi, applied tools and techniques, and list the discovered vulnerabilities and verified exploitation methods. Primarily, it is about focusing on the weaknesses rather than explaining the fact or procedure used to discover them.

Documentation and results verification

A substantial amount of vulnerability verification will be necessary, in most cases, to ensure that your findings are actually exploitable. Mitigation efforts can be expensive and as such, vulnerability verification is a critical task in terms of your reputation and integrity. In our experience, we have noticed several situations where people just run a tool, grab the results, and present them directly to their clients. This type of irresponsibility and lack of control over your assessment may result in serious consequences and cause the downfall of your career. In situations where there are false negatives, it might even place the client at risk by selling a false sense of security. Thus, the integrity of test data should not be tainted with errors and inconsistencies. Following are a couple of procedures that may help you in documenting and verifying the test results before transforming them into a final report:

  • Taking detailed notes: Take detailed notes of each step that you have taken during the information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, and persistent access phases of the penetration-testing process.
  • Note-taking template: Make a note-taking template for every single tool you execute against your target from Kali. The template should clearly state its purpose, execution options, and profiles aligned for the target assessment, and provide space for recording the respective test results. It is also essential to repeat the exercise (at least twice) before drawing the final conclusion from a particular tool. In this way, you certify and test-proof your results against any unforeseen conditions. For instance, while using Nmap for the purpose of port scanning, we should lay out our template with any necessary sections such as usage purpose, target host, execution options, and profiles (service detection, OS type, MAC address, open ports, device type, and so on), and document the output results accordingly.
  • Reliability: Do not rely on a single tool. Relying on a single tool (for example, for information gathering) is absolutely impractical, and may introduce discrepancies to your penetration testing engagement. Thus, we highly encourage you to practice the same exercise with different tools made for a similar purpose. This will ensure the verification process's transparency, increase productivity, and reduce false positives and false negatives. In other words, every tool has its own specialty for handling a particular situation. It is also counted to test certain conditions manually wherever applicable, and use your knowledge and experience to verify all the reported findings.