Book Image

Mastering Kali Linux for Advanced Penetration Testing - Third Edition

By : Vijay Kumar Velu, Robert Beggs
Book Image

Mastering Kali Linux for Advanced Penetration Testing - Third Edition

By: Vijay Kumar Velu, Robert Beggs

Overview of this book

This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters. To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices. Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices.
Table of Contents (16 chapters)

Managing collaborative penetration testing using Faraday

One of the most difficult aspects of penetration testing is remembering to test all of the relevant parts of the network or system target or trying to remember whether the target was actually tested after the testing has been completed. In some cases, a single client may have multiple penetration testers performing scanning activities from multiple locations and management would like to have a single view. Faraday can provide a single view, assuming all of the penetration testers are able to ping each other on the same network or on the internet for external assessment.

Faraday is a multiuser penetration test IDE (Integrated Development Environment). It is designed for testers to distribute, index, and analyze all of the data that is generated during the process of a penetration testing or technical security audit to provide different views such as Management, Executive Summary, and Overall Issues lists.

This IDE platform is developed in Python by InfoByte and version 2.7.2 is installed by default in the latest version of Kali Linux. You can navigate from the menu Applications, click on 12-Reporting tools, and then click on Faraday IDE. That should open up the new workspace to be created by the testers, as shown in the following screenshot:

Launching Faraday should be able to open up the Faraday shell console to us, as shown in the following screenshot:

One of the features of the application is that following any scanning that you or any other penetration testers in your team do, you'll be able to visualize the information by clicking on Faraday Web and you'll be able to see the following:

Faraday Web
There is a limitation on the free version of Faraday for Community that can be utilized to visualize the whole list of issues in a single place.