Introduction to Penetration Testing

Introduction to Penetration Testing

Released December 2015
Publisher(s): Infinite Skills
ISBN: 9781771375245

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

In this Introduction to Penetration Testing training course, expert author Ric Messier will teach you how to find and analyze vulnerabilities in systems and networks with Kali Linux. This course is designed for the absolute beginner, meaning no penetration testing experience is required.

You will start by learning about reconnaissance, including DNS, using job sites, social networking investigation, and using Wireshark filters. From there, Ric will teach you about scanning and vulnerability analysis, including setting up and starting an OpenVAS scan, ExploitDB, and vulnerability research using CVEs. This video tutorial also covers Metasploit, including adding hosts to the database, using Metasploit for scans, and exploits with Metasploit. Finally, you will learn about website testing.

Once you have completed this computer based training course, you will have learned how to find and analyze vulnerabilities in systems and networks with Kali Linux.

Publisher resources

View/Submit Errata

Table of contents

  1. Introduction
    1. Welcome
    2. Setting Up A Lab - VMs
    3. Targets - Vulnerable Hosts
    4. Targets - Vulnerable Web Apps
    5. Kali Linux
  2. Reconnaissance
    1. Google Hacking
    2. More Google Hacking
    3. Google Hacking Database
    4. whois
    5. DNS
    6. Browser Plugins - Wappalyzer
    7. Browser Plugins - PassiveRecon
    8. SSL-Certificate Inspection
    9. Browser Plugins - Cookie Watcher
    10. Using Job Sites
    11. Social Networking Investigation
    12. Passive Fingerprinting With p0f
    13. Web Recon Using recon-ng
    14. DNS Reconnaissance Using DNSRecon And DSNWalk
    15. Determining Firewall Rules Using Firewalk
    16. Using TheHarvester To Gather Information
    17. Wireshark
  3. Scanning
    1. nmap
    2. SYN Scanning
    3. OS Identification
    4. UDP Scanning
    5. FIN Scanning
    6. Idle Scanning
    7. nmap Scripting
    8. Writing nmap Scripts
    9. Using Telnet To Perform Port Analysis
    10. Netcat
    11. Fast Scanning – Massscan
    12. Massscan For Heartbleed
    13. More Fast Scanning – ZMap
    14. Evasion Using Fragroute
    15. Custom Packet Creation Using hping3
  4. Vulnerability Analysis
    1. Setting Up OpenVAS
    2. Starting An OpenVAS Scan
    3. Generating OpenVAS Report
    4. Nessus
    5. Starting Nessus Scan
    6. Reporting From Nessus
    7. Nexpose
    8. Starting Nexpose Scan
    9. Reporting From Nexpose
    10. ExploitDBv
    11. Vulnerability Research Using CVEs
    12. Bugtraq
  5. Metasploit
    1. Intro To Metasploit
    2. Workspaces
    3. Adding Hosts To The Database
    4. Importing Vulnerability Scans
    5. Searching Exploits
    6. Using Metasploit For Scans
    7. Exploits With Metasploit
    8. Payloads
    9. Armitage
    10. Social Engineering Toolkit
    11. Scripting Metasploit
  6. Web Site Testing
    1. w3af
    2. Locating Hidden Information With w3af
    3. Brute Force Attacks With Burp Intruder
    4. Scanning With OWASP ZAP
    5. Fuzzing With ZAP
    6. Passive Scanning With Ratproxy
    7. Spike Proxy
    8. SSLScan For Weak Ciphers
    9. Man In The Middle With SSLStrip
    10. Using Skipfish
  7. Wrapping Up
    1. What We Covered
    2. Next Steps
    3. Conclusion

Product information

  • Title: Introduction to Penetration Testing
  • Author(s):
  • Release date: December 2015
  • Publisher(s): Infinite Skills
  • ISBN: 9781771375245