Metasploit but also cover some of the other tools available for exploiting the vul‐
nerabilities found by the tools discussed in other parts of the book.
Owning Metasploit
Metasploit is a dense piece of software. Getting used
to using it effectively can
take a long time. Nearly 2,000 exploits are available in Metasploit, as well as over
500 payloads. When you mix and match those, you get
thousands of possibilities
for interacting with remote systems. Beyond that, you can create your own mod‐
ules. We’ll cover Metasploit beyond just the basics of using it for rudimentary
exploits.
Wireless Security Testing
Everyone has wireless networks these days. That’s
how mobile devices like
phones and tablets, not to mention a lot of laptops, connect to enterprise net‐
works. However, not all wireless networks have been configured in the best man‐
ner possible. Kali Linux has tools available for performing wireless testing. This
includes scanning for wireless networks,
injecting frames, and cracking pass‐
words.
Web Application Testing
A lot of commerce happens through web interfaces. Additionally, a lot of sensi‐
tive information is available through web interfaces. Businesses need to pay
attention to how vulnerable their important web applications are.
Kali is loaded
with tools that will help you perform assessments on web applications. We’ll take
a look at proxy-based testing as well as other tools that can be used for more
automated testing. The goal is to help you provide a better understanding of the
security posture of these applications to the organization you are doing testing
for.
Cracking Passwords
This isn’t always a requirement, but you may be asked to test both remote sys‐
tems and local password databases for password complexity and difficulty in get‐
ting in remotely. Kali has programs that will help with password cracking—both
cracking password hashes, as in a password file, and brute forcing logins on
remote
services like SSH, VNC, and other remote access protocols.
Advanced Techniques and Concepts
You can use all the tools in Kali’s arsenal to do extensive testing. At some point,
though, you need to move beyond the canned techniques and develop your own.
This may include creating your own exploits or writing your own tools. Getting a
better understanding of how exploits work and
how you can develop some of
your own tools will provide insight on directions you can go. We’ll cover extend‐
ing some of the tools Kali has as well as the basics of popular scripting languages
along the way.
Preface | xi
Reporting
The most important thing you will do is generate a report when you are done
testing. Kali has a lot of tools that can help you generate a report at the end of
your testing. We’ll cover techniques for taking notes through the course of your
testing as well as some strategies for generating the report.
