Hands-On Web Penetration Testing with Metasploit
The subtle art of using Metasploit 5.0 for web application exploitation
Packt(GCO Science)
2020년 05월 22일 출간
(개의 리뷰)
(
0%
의 구매자)
- eBook 상품 정보
- 파일 정보 pdf (102.60MB)
- ISBN 9781789951639
- 쪽수 532쪽
- 지원기기 교보eBook App, PC e서재, 리더기, 웹뷰어
-
교보eBook App
듣기(TTS) 불가능
TTS 란?텍스트를 음성으로 읽어주는 기술입니다.
- 전자책의 편집 상태에 따라 본문의 흐름과 다르게 텍스트를 읽을 수 있습니다.
- 전자책 화면에 표기된 주석 등을 모두 읽어 줍니다.
- 이미지 형태로 제작된 전자책 (예 : ZIP 파일)은 TTS 기능을 지원하지 않습니다.
- '교보 ebook' 앱을 최신 버전으로 설치해야 이용 가능합니다. (Android v3. 0.26, iOS v3.0.09,PC v1.2 버전 이상)
PDF 필기 Android 가능 (iOS예정)
소득공제
소장
정가 : 24,000원
쿠폰적용가 21,600원
10% 할인 | 5%P 적립이 상품은 배송되지 않는 디지털 상품이며,
교보eBook앱이나 웹뷰어에서 바로 이용가능합니다.
카드&결제 혜택
- 5만원 이상 구매 시 추가 2,000P
- 3만원 이상 구매 시, 등급별 2~4% 추가 최대 416P
- 리뷰 작성 시, e교환권 추가 최대 300원
작품소개
이 상품이 속한 분야
▶Book Description
Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you'll explore another aspect of the framework ? web applications ? which is not commonly used. You'll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing.
The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you'll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you'll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools.
By the end of this book, you'll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.
▶What You Will Learn
- Get up to speed with setting up and installing the Metasploit framework
- Gain first-hand experience of the Metasploit web interface
- Use Metasploit for web-application reconnaissance
- Understand how to pentest various content management systems
- Pentest platforms such as JBoss, Tomcat, and Jenkins
- Become well-versed with fuzzing web applications
- Write and automate penetration testing reports
▶Key Features
- Get up to speed with Metasploit and discover how to use it for pentesting
- Understand how to exploit and protect your web environment effectively
- Learn how an exploit works and what causes vulnerabilities
▶Who This Book Is For
This book is for web security analysts, bug bounty hunters, security professionals, or any stakeholder in the security sector who wants to delve into web application security testing. Professionals who are not experts with command line tools or Kali Linux and prefer Metasploit's graphical user interface (GUI) will also find this book useful. No experience with Metasploit is required, but basic knowledge of Linux and web application pentesting will be helpful.
Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you'll explore another aspect of the framework ? web applications ? which is not commonly used. You'll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing.
The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you'll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you'll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools.
By the end of this book, you'll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.
▶What You Will Learn
- Get up to speed with setting up and installing the Metasploit framework
- Gain first-hand experience of the Metasploit web interface
- Use Metasploit for web-application reconnaissance
- Understand how to pentest various content management systems
- Pentest platforms such as JBoss, Tomcat, and Jenkins
- Become well-versed with fuzzing web applications
- Write and automate penetration testing reports
▶Key Features
- Get up to speed with Metasploit and discover how to use it for pentesting
- Understand how to exploit and protect your web environment effectively
- Learn how an exploit works and what causes vulnerabilities
▶Who This Book Is For
This book is for web security analysts, bug bounty hunters, security professionals, or any stakeholder in the security sector who wants to delve into web application security testing. Professionals who are not experts with command line tools or Kali Linux and prefer Metasploit's graphical user interface (GUI) will also find this book useful. No experience with Metasploit is required, but basic knowledge of Linux and web application pentesting will be helpful.
▶TABLE of CONTENTS
▷ Section 1. Introduction
1. Introduction to Web Application Penetration Testing
2. Metasploit Essentials
3. The Metasploit Web Interface
▷ Section 2. The Pentesting Life Cycle with Metasploit
4. Using Metasploit for Reconnaissance
5. Web Application Enumeration Using Metasploit
6. Vulnerability Scanning Using WMAP
7. Vulnerability Assessment Using Metasploit (Nessus)
▷ Section 3. Pentesting Content Management Systems (CMSes)
8. Pentesting CMSes - WordPress
9. Pentesting CMSes - Joomla
10. Pentesting CMSes - Drupal
▷ Section 4. Performing Pentesting on Technological Platforms
11. Penetration Testing on Technological Platforms - JBoss
12. Penetration Testing on Technological Platforms - Apache Tomcat
13. Penetration Testing on Technological Platforms - Jenkins
▷ Section 5. Logical Bug Hunting
14. Web Application Fuzzing - Logical Bug Hunting
15. Writing Penetration Testing Reports
▷ Section 1. Introduction
1. Introduction to Web Application Penetration Testing
2. Metasploit Essentials
3. The Metasploit Web Interface
▷ Section 2. The Pentesting Life Cycle with Metasploit
4. Using Metasploit for Reconnaissance
5. Web Application Enumeration Using Metasploit
6. Vulnerability Scanning Using WMAP
7. Vulnerability Assessment Using Metasploit (Nessus)
▷ Section 3. Pentesting Content Management Systems (CMSes)
8. Pentesting CMSes - WordPress
9. Pentesting CMSes - Joomla
10. Pentesting CMSes - Drupal
▷ Section 4. Performing Pentesting on Technological Platforms
11. Penetration Testing on Technological Platforms - JBoss
12. Penetration Testing on Technological Platforms - Apache Tomcat
13. Penetration Testing on Technological Platforms - Jenkins
▷ Section 5. Logical Bug Hunting
14. Web Application Fuzzing - Logical Bug Hunting
15. Writing Penetration Testing Reports
▶What this book covers
- Chapter 1, Introduction to Web Application Penetration Testing, covers the setup and installation of Metasploit, along with pentesting life cycles, the OWASP Top 10, and the Sans Top 25, in detail.
- Chapter 2, Metasploit Essentials, explains the basics of Metasploit, from installation to exploitation. The basic Metasploit terminologies and other less commonly used options in Metasploit are also covered.
- Chapter 3, The Metasploit Web Interface, focuses on a walkthrough of the Metasploit web GUI interface, which is available in Metasploit Community Edition, before we dive into other topics.
- Chapter 4, Using Metasploit for Reconnaissance, covers the first process in a penetration testing life cycle: reconnaissance. From banner grabbing to WEBDAV recon, a basic reconnaissance process will be explained with the help of particular Metasploit modules used for this.
- Chapter 5, Web Application Enumeration Using Metasploit, focuses on one of the most important processes in web application penetration testing, in other words, enumeration. The chapter will start with the very basics of file and directory enumeration, before proceeding to crawling and scraping from a website, and then further enumeration involving Metasploit modules.
- Chapter 6, Vulnerability Scanning Using WMAP, covers the WMAP module of the Metasploit Framework for scanning web applications.
- Chapter 7, Vulnerability Assessment Using Metasploit (Nessus), covers the utilization of the Nessus vulnerability scanner via Metasploit to perform vulnerability assessment scanning on a target.
- Chapter 8, Pentesting CMSes ? WordPress, covers the enumeration of vulnerabilities for WordPress and how to exploit them.
- Chapter 9, Pentesting CMSes ? Joomla, covers the enumeration of vulnerabilities for Joomla and how to exploit them.
- Chapter 10, Pentesting CMSes ? Drupal, covers the enumeration of vulnerabilities for Drupal and how to exploit them.
- Chapter 11, Penetration Testing on Technological Platforms ? JBoss, covers methods for enumerating, exploiting, and gaining access to a JBoss server.
- Chapter 12, Penetration Testing on Technological Platforms ? Apache Tomcat, covers methods for enumerating, exploiting, and gaining access to a Tomcat server.
- Chapter 13, Penetration Testing on Technological Platforms ? Jenkins, covers methods for enumerating, exploiting, and gaining access to a server running Jenkins.
- Chapter 14, Web Application Fuzzing ? Logical Bug Hunting, focuses on exploiting flaws that exist in the business logic of the web application. We will cover in-depth examples of these, along with methods for fuzzing a web application in order to identify a vulnerability.
- Chapter 15, Writing Penetration Testing Reports, covers the basics of report writing and how different tools can be used to automate the report-writing process.
▶ Preface
In today's rapidly evolving technological world, the security industry is changing at a phenomenal pace, while the number of cyber attacks involving organizations is also increasing rapidly. To protect themselves from these real-world attacks, many companies have introduced security audits and risk and vulnerability assessments in their process management, designed to help the company gauge the risks with respect to their business assets. To protect these assets, many companies have hired security professionals with the purpose of identifying risks, vulnerabilities, and threats in companies' applications and networks. For a security professional, building up their skills and familiarizing themselves with the latest attacks are crucial. Also, for their betterment and improved efficiency, many individuals use Metasploit as their first choice in the case of exploitation and enumeration.
As regards network exploitation and post-exploitation, we have a host of resources at our disposal, but in terms of web applications, not many opt for Metasploit. This book will help security consultants and professionals see the other side of Metasploit with regard to web applications. It will also enable readers to work more efficiently on their web application penetration testing projects with the help of Metasploit.
작가정보
저자(글) Harpreet Singh
Harpreet Singh is the author of Hands-On Red Team Tactics published by Packt Publishing and has more than 7 years of experience in the fields of ethical hacking, penetration testing, vulnerability research, and red teaming. He is also a certified OSCP (Offensive Security Certified Professional) and OSWP (Offensive Security Wireless Professional). Over the years, Harpreet has acquired an offensive skill set as well as a defensive skill set. He is a professional who specializes in wireless and network exploitation, including but not limited to mobile exploitation and web application exploitation, and he has also performed red team engagements for banks and financial groups.
저자(글) Himanshu Sharma
Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many others. He has assisted international celebrities such as Harbajan Singh in recovering their hacked accounts. He has been a speaker and trainer at international conferences such as Botconf 2013, CONFidence, RSA Singapore, LeHack, Hacktivity, Hack In the Box, and SEC-T. He also spoke at the IEEE Conference for Tedx. Currently, he is the cofounder of BugsBounty, a crowdsourced security platform.
이 상품의 총서
Klover리뷰 (0)
Klover리뷰 안내
Klover(Kyobo-lover)는 교보를 애용해 주시는 고객님들이 남겨주신 평점과 감상을 바탕으로, 다양한 정보를 전달하는 교보문고의 리뷰 서비스입니다.
1. 리워드 안내
구매 후 90일 이내에 평점 작성 시 e교환권 100원을 적립해 드립니다.
- - e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- - 리워드는 1,000원 이상 eBook, 오디오북, 동영상에 한해 다운로드 완료 후 리뷰 작성 시 익일 제공됩니다.
- - 리워드는 한 상품에 최초 1회만 제공됩니다.
- - sam 이용권 구매 상품 / 선물받은 eBook은 리워드 대상에서 제외됩니다.
2. 운영 원칙 안내
Klover리뷰를 통한 리뷰를 작성해 주셔서 감사합니다. 자유로운 의사 표현의 공간인 만큼 타인에 대한 배려를 부탁합니다. 일부 타인의 권리를 침해하거나 불편을 끼치는 것을 방지하기 위해 아래에 해당하는 Klover 리뷰는 별도의 통보 없이 삭제될 수 있습니다.
- 도서나 타인에 대해 근거 없이 비방을 하거나 타인의 명예를 훼손할 수 있는 리뷰
- 도서와 무관한 내용의 리뷰
- 인신공격이나 욕설, 비속어, 혐오 발언이 개재된 리뷰
- 의성어나 의태어 등 내용의 의미가 없는 리뷰
구매 후 리뷰 작성 시, e교환권 100원 적립
문장수집
문장수집 안내
문장수집은 고객님들이 직접 선정한 책의 좋은 문장을 보여 주는 교보문고의 새로운 서비스 입니다. 교보eBook 앱에서 도서 열람 후 문장 하이라이트 하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다. 마음을 두드린 문장들을 기록하고 좋은 글귀들은 ‘좋아요’ 하여 모아보세요. 도서 문장과 무관한 내용 등록 시 별도 통보없이 삭제될 수 있습니다.
리워드 안내
- 구매 후 90일 이내에 문장 수집 등록 시 e교환권 100원을 적립해 드립니다.
- e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- 리워드는 1,000원 이상 eBook에 한해 다운로드 완료 후 문장수집 등록 시 제공됩니다.
- 리워드는 한 상품에 최초 1회만 제공됩니다.
- sam 이용권 구매 상품/오디오북·동영상 상품/주문취소/환불 시 리워드 대상에서 제외됩니다.
구매 후 문장수집 작성 시, e교환권 100원 적립
교보eBook 첫 방문을 환영 합니다!
신규가입 혜택 지급이 완료 되었습니다.
바로 사용 가능한 교보e캐시 1,000원 (유효기간 7일)
지금 바로 교보eBook의 다양한 콘텐츠를 이용해 보세요!
신간 알림 안내
Hands-On Web Penetration Testing with Metasploit
웹툰 신간 알림이 신청되었습니다.
신간 알림 안내
Hands-On Web Penetration Testing with Metasploit
웹툰 신간 알림이 취소되었습니다.
리뷰작성
- 구매 후 90일 이내 작성 시, e교환권 100원 (최초1회)
- 리워드 제외 상품 : 마이 > 라이브러리 > Klover리뷰 > 리워드 안내 참고
- 콘텐츠 다운로드 또는 바로보기 완료 후 리뷰 작성 시 익일 제공
감성 태그
가장 와 닿는 하나의 키워드를 선택해주세요.
사진 첨부(선택)
0 / 5
총 5MB 이하로 jpg,jpeg,png 파일만 업로드 가능합니다.
신고/차단
신고 사유를 선택해주세요.
신고 내용은 이용약관 및 정책에 의해 처리됩니다.
허위 신고일 경우, 신고자의 서비스 활동이 제한될 수
있으니 유의하시어 신중하게 신고해주세요.
이 글을 작성한 작성자의 모든 글은 블라인드 처리 됩니다.
문장수집 작성
구매 후 90일 이내 작성 시, e교환권 100원 적립
eBook 문장수집은 웹에서 직접 타이핑 가능하나, 모바일 앱에서 도서를 열람하여 문장을 드래그하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다.
P.
Hands-On Web Penetration Testing with Metasploit
The subtle art of using Metasploit 5.0 for web application exploitation
저자 모두보기
낭독자 모두보기
sam 이용권 선택
님이 보유하신 이용권입니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
sam 이용권 선택
님이 보유하신 이용권입니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
sam 이용권 선택
님이 보유하신 프리미엄 이용권입니다.
선물하실 sam이용권을 선택하세요.
선물하실 sam이용권을 선택하세요.
결제완료
e캐시 원 결제
계속 하시겠습니까?
교보 e캐시 간편 결제
sam 열람권 선물하기
-
보유 권수 / 선물할 권수0권 / 1권
-
받는사람 이름받는사람 휴대전화
- 구매한 이용권의 대한 잔여권수를 선물할 수 있습니다.
- 열람권은 1인당 1권씩 선물 가능합니다.
- 선물한 열람권이 ‘미등록’ 상태일 경우에만 ‘열람권 선물내역’화면에서 선물취소 가능합니다.
- 선물한 열람권의 등록유효기간은 14일 입니다.
(상대방이 기한내에 등록하지 않을 경우 소멸됩니다.) - 무제한 이용권일 경우 열람권 선물이 불가합니다.
이 상품의 총서 전체보기
네이버 책을 통해서 교보eBook 첫 구매 시
교보e캐시 지급해 드립니다.
교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 네이버 책을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)
구글북액션을 통해서 교보eBook
첫 구매 시 교보e캐시 지급해 드립니다.
첫 구매 시 교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 구글북액션을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)