Hands-On Web Penetration Testing with Metasploit: The subtle art of using Metasploit 5.0 for web application exploitation
暫譯: 實戰網路滲透測試與 Metasploit:使用 Metasploit 5.0 進行網路應用程式攻擊的微妙藝術

Sharma, Himanshu, Singh, Harpreet

買這商品的人也買了...

相關主題

商品描述

Key Features

  • Get up to speed with Metasploit and discover how to use it for pentesting
  • Understand how to exploit and protect your web environment effectively
  • Learn how an exploit works and what causes vulnerabilities

Book Description

Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you'll explore another aspect of the framework – web applications – which is not commonly used. You'll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing.

The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you'll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you'll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools.

By the end of this book, you'll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.

What you will learn

  • Get up to speed with setting up and installing the Metasploit framework
  • Gain first-hand experience of the Metasploit web interface
  • Use Metasploit for web-application reconnaissance
  • Understand how to pentest various content management systems
  • Pentest platforms such as JBoss, Tomcat, and Jenkins
  • Become well-versed with fuzzing web applications
  • Write and automate penetration testing reports

Who this book is for

This book is for web security analysts, bug bounty hunters, security professionals, or any stakeholder in the security sector who wants to delve into web application security testing. Professionals who are not experts with command line tools or Kali Linux and prefer Metasploit's graphical user interface (GUI) will also find this book useful. No experience with Metasploit is required, but basic knowledge of Linux and web application pentesting will be helpful.

商品描述(中文翻譯)

**主要特點**

- 快速掌握 Metasploit,並了解如何將其用於滲透測試
- 理解如何有效地利用和保護您的網路環境
- 學習漏洞是如何運作的,以及什麼原因導致漏洞

**書籍描述**

Metasploit 多年來一直是重要的安全工具。然而,Metasploit 針對網路應用程式的滲透測試僅提供了少數幾個模組。在本書中,您將探索這個框架的另一個方面——網路應用程式——這是較少使用的。您還將發現,當 Metasploit 與其內建的 GUI 一起使用時,如何簡化網路應用程式的滲透測試。

本書首先專注於 Metasploit 的設置,並涵蓋滲透測試過程的生命週期。接著,您將探索 Metasploit 的術語和在 Metasploit Community Edition 中可用的網路 GUI。然後,本書將帶您進行對流行內容管理系統(如 Drupal、WordPress 和 Joomla)的滲透測試,這也將包括研究最新的 CVE 並詳細了解漏洞的根本原因。之後,您將深入了解 JBoss、Jenkins 和 Tomcat 等技術平台的漏洞評估和利用。最後,您將學習如何使用第三方工具對網路應用程式進行模糊測試,以發現邏輯安全漏洞。

在本書結束時,您將對如何利用各種工具和技術來利用和驗證漏洞有扎實的理解。

**您將學到的內容**

- 快速掌握 Metasploit 框架的設置和安裝
- 獲得 Metasploit 網路介面的第一手經驗
- 使用 Metasploit 進行網路應用程式的偵查
- 理解如何對各種內容管理系統進行滲透測試
- 對 JBoss、Tomcat 和 Jenkins 等平台進行滲透測試
- 熟悉網路應用程式的模糊測試
- 撰寫和自動化滲透測試報告

**本書適合誰**

本書適合網路安全分析師、漏洞獎勵獵人、安全專業人士或任何希望深入了解網路應用程式安全測試的安全領域相關人員。對於不擅長命令行工具或 Kali Linux 的專業人士,並且偏好使用 Metasploit 的圖形用戶介面 (GUI),本書也將非常有用。無需具備 Metasploit 的經驗,但對 Linux 和網路應用程式滲透測試的基本知識將會有所幫助。

目錄大綱

  1. Introduction to Web Application Penetration Testing
  2. Metasploit Essentials
  3. The Metasploit Web Interface
  4. Using Metasploit for Reconnaissance
  5. Web Application Enumeration using Metasploit
  6. Vulnerability scanning using WMAP
  7. Vulnerability Assessment using Metasploit (Nessus)
  8. Pentesting CMSes ― WordPress
  9. Pentesting CMSes ― Joomla
  10. Pentesting CMSes ― Drupal
  11. Penetration Testing on Technological Platforms ― JBoss
  12. Penetration Testing on Technological Platforms ― Apache Tomcat
  13. Penetration Testing on Technological Platforms ― Jenkins
  14. Web Application Fuzzing ― Logical Bug Hunting
  15. Writing Penetration Testing Reports

目錄大綱(中文翻譯)


  1. Introduction to Web Application Penetration Testing

  2. Metasploit Essentials

  3. The Metasploit Web Interface

  4. Using Metasploit for Reconnaissance

  5. Web Application Enumeration using Metasploit

  6. Vulnerability scanning using WMAP

  7. Vulnerability Assessment using Metasploit (Nessus)

  8. Pentesting CMSes ― WordPress

  9. Pentesting CMSes ― Joomla

  10. Pentesting CMSes ― Drupal

  11. Penetration Testing on Technological Platforms ― JBoss

  12. Penetration Testing on Technological Platforms ― Apache Tomcat

  13. Penetration Testing on Technological Platforms ― Jenkins

  14. Web Application Fuzzing ― Logical Bug Hunting

  15. Writing Penetration Testing Reports