Kali Linux network scanning cookbook : take your penetration-testing skills to the next level / Michael Hixon, Justin Hutchens.

Format:

Book

Author/Creator:

Hixon, Michael, author.

Hutchens, Justin, author.

Language:

English

Subjects (All):

Kali Linux.

Computers--Access control.

Computers.

Computer security.

Physical Description:

1 online resource (601 pages) : illustrations

Edition:

Second edition.

Place of Publication:

Birmingham, England ; London, [England] : Packt Publishing, 2017.

System Details:

text file

Biography/History:

Hixon Michael: Michael Hixon currently works as a security consultant with a focus on penetration testing and web application security. He previously served in the United States Marine Corp, where he was an infantryman, security forces member, and counterintelligence agent. After the military, he worked as a programmer before changing his focus to IT security. He has worked for the Red Cross, Department of Defense, Department of Justice, and numerous intelligence agencies in his career. He holds a bachelors degree in management information systems and multiple professional information-security certifications, including Certified Information Systems Security Professional (CISSP), eLearnSecurity Web Application Penetration Tester (eWPT), Certified Ethical Hacker (CEH), and eLearnSecurity Certified Professional Penetration Tester (eCPPT). He currently runs the Baltimore chapter of the Open Web Application Security Project (OWASP).

Summary:

Over 100 practical recipes that leverage custom scripts and integrated tools in Kali Linux to help you effectively master network scanning About This Book Learn the fundamentals behind commonly used scanning techniques Deploy powerful scanning tools that are integrated into the Kali Linux testing platform The practical recipes will help you automate menial tasks and build your own script library Who This Book Is For This book is for information security professionals and casual security enthusiasts alike. It provides foundational principles if you're a novice, but will also introduce scripting techniques and in-depth analysis if you're more advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this book will help you both understand and ultimately master many of the most powerful and useful scanning techniques in the industry. It is assumed that you have some basic security testing experience. What You Will Learn Develop a network-testing environment to test scanning tools and techniques Understand the principles of network-scanning tools by building scripts and tools Identify distinct vulnerabilities in web apps and remote services and learn how they are exploited Perform comprehensive scans to identify listening on TCP and UDP sockets Get started with different Kali desktop environments--KDE, MATE, LXDE, and Xfce Use Sparta for information gathering, port scanning, fingerprinting, vulnerability scanning, and more Evaluate DoS threats and learn how common DoS attacks are performed Learn how to use Burp Suite to evaluate web applications In Detail With the ever-increasing amount of data flowing in today's world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools. Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and h...

Contents:

Cover

Copyright

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Customer Feedback

Table of Contents

Preface

Chapter 1: Getting Started

Introduction

Configuring a security lab with VMware Player (Windows)

Getting ready

How to do it...

How it works...

Configuring a security lab with VMware Fusion (macOS)

Installing Ubuntu Server

Installing Metasploitable2

Installing Windows Server

Increasing the Windows attack surface

Installing Kali Linux

Using text editors (Vim and GNU nano)

Keeping Kali updated

Managing Kali services

Configuring and using SSH

Installing Nessus on Kali Linux

Chapter 2: Reconnaissance

Using Google to find subdomains

Finding e-mail addresses using theHarvester

Enumerating DNS using the host command

Enumerating DNS using DNSRecon

Standard DNS enumeration

Reverse lookups

Zone transfer

Enumerating DNS using the dnsenum command

Default settings

Brute-force

Chapter 3: Discovery

Introduction.

Knowing the OSI model

Using Scapy to perform host discovery (layers 2/3/4)

Layer 2 discovery - ARP

Layer 3 discovery - ICMP

Layer 4 discovery - TCP and UDP

Using Nmap to perform host discovery (layers 2/3/4)

Using ARPing to perform host discovery (layer 2)

Using netdiscover to perform host discovery (layer 2)

Using Metasploit to perform host discovery (layer 2)

Using hping3 to perform host discovery (layers 3/4)

Using ICMP to perform host discovery

Using fping to perform host discovery

Chapter 4: Port Scanning

UDP port scanning

TCP port scanning

Port scanning with Scapy (UDP, stealth, connect, and zombie)

UDP port scanning with Scapy

Stealth scanning with Scapy

Connect scanning with Scapy

Zombie scanning with Scapy

Port scanning with Nmap (UDP, stealth, connect, zombie)

UDP scanning with Nmap

Stealth scanning with Nmap

Connect scanning with Nmap

Zombie scanning with Nmap

Port scanning with Metasploit (UDP, stealth, and connect)

UDP scanning with Metasploit

Stealth scanning with Metasploit

Connect scanning with Metasploit

How it works....

Port scanning with hping3 (stealth)

Port scanning with DMitry (connect)

Port scanning with Netcat (connect)

Port scanning with masscan (stealth)

Chapter 5: Fingerprinting

Banner grabbing with Netcat

Banner grabbing with Python sockets

How to do it....

Banner grabbing with DMitry

Banner grabbing with Nmap NSE

Banner grabbing with Amap

Service identification with Nmap

Service identification with Amap

Operating system identification with Scapy

Operating system identification with Nmap

Operating system identification with xprobe2

Passive operating system identification with p0f

SNMP analysis with Onesixtyone

SNMP analysis with SNMPwalk

Firewall identification with Scapy

Firewall identification with Nmap

Firewall identification with Metasploit

Chapter 6: Vulnerability Scanning

Vulnerability scanning with the Nmap Scripting Engine

Vulnerability scanning with MSF auxiliary modules

Creating scan policies with Nessus

Vulnerability scanning with Nessus

Vulnerability scanning with OpenVAS

Validating vulnerabilities with HTTP interaction

Validating vulnerabilities with ICMP interaction

Chapter 7: Denial of Service

Fuzz testing to identify buffer overflows

Remote FTP service buffer-overflow DoS

Smurf DoS attack

DNS amplification DoS attacks

SNMP amplification DoS attack

SYN flood DoS attack

Sock stress DoS attack

DoS attacks with Nmap NSE

DoS attacks with Metasploit

DoS attacks with the exploit database

Chapter 8: Working with Burp Suite

Configuring Burp Suite on Kali Linux

Defining a web application target with Burp Suite

Using Burp Suite Spider

How to do it....

How it works...

Using Burp Suite Proxy

Using Burp Suite engagement tools

Using the Burp Suite web application scanner

Using Burp Suite Intruder

Using Burp Suite Comparer

Using Burp Suite Repeater

Using Burp Suite Decoder

Using Burp Suite Sequencer

Using Burp Suite Extender

Using Burp Suite Clickbandit

Chapter 9: Web Application Scanning

Web application scanning with Nikto

SSL/TLS scanning with SSLScan

SSL/TLS scanning with SSLyze

GET method SQL injection with sqlmap

POST method SQL injection with sqlmap

Requesting a capture SQL injection with sqlmap

Automating CSRF testing

Validating command-injection vulnerabilities with HTTP traffic

Validating command-injection vulnerabilities with ICMP traffic

Chapter 10: Attacking the Browser with BeEF

Hooking the browser with BeEF

Collecting information with BeEF.

Notes:

Previous edition published: 2014.

Description based on online resource; title from PDF title page (ebrary, viewed June 23, 2017).

ISBN:

9781787285019

1787285014

OCLC:

988868607