Hands-On Web Penetration Testing with Metasploit: The subtle art of using Metasploit 5.0 for web application exploitation - Softcover

Synopsis

Identify, Exploit and Test your Web Security

Key Features

• Become a web penetration testing expert using Metasploit
• Exploit and protect your Web environment
• Embrace tools and techniques like network scanning, pen testing, and exploitation

Book Description

Metasploit Framework has always been a MUST for many years but in case of web application penetration testing, there are very few modules available publically. This book will aim to help you to learn another side of Metasploit Framework which is used rarely - Web Application. Metasploit not only covers the basics of web application penetration testing but when used with a Graphical User Interface (GUI) - Metasploit Web GUI, the experience is so much better especially when Web Application Pentesting modules are available within the framework itself.

You will learn about the existing scripts which can be used to perform multiple tasks while performing Penetration testing on a particular application such as recon using inbuilt auxiliaries, web application enumeration, fuzzing HTTP forms, using inbuilt exploits for CMS and other well known applications.

This book will also cover topics on vulnerability assessment & exploitation of technological platforms such has JBoss, Jira, NodeJS etc. and what caused the vulnerability and how exactly the exploit will be working in Metasploit.

By the end of the book, you will finally know about the auxiliaries in Metasploit which can be used as a part of web application pentesting.

What you will learn

• Setting up and Installing Metasploit
• Using Metasploit for Web-Apps Reconnaissance
• Pentesting Content Management Systems (CMS)
• Performing Pentesting on Technological Platforms
• Fuzzing using different tools
• Writing Penetration Testing Reports

Who This Book Is For

This book is intended for web security analysts, security professionals, or any stakeholder in the security sector who wants to learn how to penetrate and test the web environment. This book would also be useful for professionals who are not experts with command line tools and want to see major things done on a GUI interface.

No experience of Metasploit is required but having basics of Linux, Web Application pentesting and Metasploit could be helpful.

"synopsis" may belong to another edition of this title.