Book Image

The Ultimate Kali Linux Book - Third Edition

By : Glen D. Singh
5 (2)
Book Image

The Ultimate Kali Linux Book - Third Edition

5 (2)
By: Glen D. Singh

Overview of this book

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals. In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications. The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.
Table of Contents (21 chapters)
19
Index

Using web application scanners

As an aspiring penetration tester, you will also be required to perform web application security testing based on the scope of your penetration testing engagements. In this section, you will learn how to use various types of web application scanners to identify and fingerprint web applications on a target server.Let’s get started!

WhatWeb

WhatWeb enables ethical hackers and penetration testers to identify and fingerprint the type of technologies that are running on web application servers. WhatWeb is pre-installed on Kali Linux and should be part of your arsenal of tools during your reconnaissance and vulnerability assessment phase.To profile a targeted web server using WhatWeb, please use the following instructions:

  1. Firstly, power-on the Kali Linux and Metasploitable 3 (Windows version) virtual machines.
  2. On Kali Linux, open the Terminal and use the following commands to identify whether there’s a web application running on the target:
...