Performing a black box penetration test
Black box penetration testing is performed when we have no knowledge of the target in terms of OS details, web server technologies, backend database, and so on. So, in these cases, we need to perform everything ourselves. Black box testing generally comprises too many false positives, so it's the duty of the penetration tester to figure them out and verify them.
Let's see the various steps and tools that are needed while carrying out a black box test against a website with Metasploit.
As discussed earlier, FootPrinting refers to gathering information about the target by using active or passive techniques. Let's see how we can FootPrint the target with various commonly used tools of the industry.
Using Dmitry for FootPrinting
Dmitry is a command-line tool built into security distributions such as Backtrack and Kali Linux. This tool serves as a great resource for finding information about the target website or web server. Let's see how we can...