Book Image

Kali Linux Web Penetration Testing Cookbook - Second Edition

By : Gilberto Najera-Gutierrez
Book Image

Kali Linux Web Penetration Testing Cookbook - Second Edition

By: Gilberto Najera-Gutierrez

Overview of this book

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing. Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test – from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools. As you make your way through the book, you will learn how to use automated scanners to find security ?aws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities.
Table of Contents (12 chapters)

Updating and upgrading Kali Linux

Before we start testing the security of our web application, we need to be sure that we have all the necessary up-to-date tools. This recipe covers the basic task of maintaining the most up-to-date Kali Linux tools and their most recent versions. We will also install the web applications testing meta-package.

How to do it...

Once you have a working instance of Kali Linux up and running, perform the following steps:

  1. Log in as a root on Kali Linux; and open a Terminal.
  1. Run the apt-get update command. This will download the updated list of packages (applications and tools) that are available to install:
  1. Once the update is finished, run the apt-get full-upgrade command to update the system to the latest version:
  1. When asked to continue, press Y and then press Enter.
  2. Now, we have our Kali Linux up to date and ready to continue.
  3. Although Kali comes with a good set of tools preinstalled, there are some others that are included in its software repositories but not installed by default. To be sure we have everything we need for web application penetration testing, we install the kali-linux-web meta-package by entering the apt-get install kali-linux-web command:
  1. We can find the tools we have installed in the Applications menu under 03 - Web Applications Analysis:

How it works...

In this recipe, we have covered a basic procedure for package updates in Debian-based systems (such as Kali Linux) by using the standard software manager, apt. The first call to apt-get with the update parameter downloaded the most recent list of packages available for our specific system in the configured repositories. As Kali Linux is now a rolling distribution, this means that it is constantly updated and that there are no breaks between one version and the next; the full-upgrade parameter downloads and installs system (such as kernel and kernel modules) and non-system packages up to their latest version. If no major changes have been made, or we are just trying to keep an already installed version up to date, we can use the upgrade parameter instead.

In the last part of this recipe, we installed the kali-linux-web meta-package. A meta-package for apt is an installable package that contains many other packages, so we only need to install one package and all of the ones included will be installed. In this case, we installed all web penetration testing tools included in Kali Linux.