Penetration Testing with the Bash shell

Make the main of the Bash shell and Kali Linux's commandlinebased protection overview tools

About This Book

  • Utilize the command line to create, run, and execute tests
  • Learn valuable command line established info processing utilities and unencumber the matter fixing energy of a Linux terminal
  • Practical demonstrations utilizing in-depth factors and screenshots that can assist you use the Linux Bash terminal to take on a set of universal security-related problems.

Who This publication Is For

If you're a penetration tester, approach administrator, or developer who would favor an enriching and useful advent to the Bash shell and Kali Linux command-line-based instruments, this can be the publication for you.

What you'll Learn

  • Perform community enumeration strategies with Dig, whois, dnsenum, dnsmap, and others
  • Learn the best way to fuzz and opposite engineer utilizing the Kali Linux command line tools
  • Exploit universal net software vulnerabilities utilizing skipfish, arcachi, and sqlmap
  • Accomplish man-in-the-middle assaults instantly out of your command line
  • Assess SSL safeguard utilizing sslyze and openssl
  • Carry out community site visitors research utilizing tcpdump

In Detail

This booklet teaches you to take your challenge fixing features to the following point with the Bash shell, to evaluate community and alertness point protection by means of leveraging the ability of the command-line instruments on hand with Kali Linux.

The booklet starts by means of introducing a few of the basic bash scripting and knowledge processing instruments. development in this, the following few chapters concentrate on detailing how you can customise your Bash shell utilizing functionalities reminiscent of tab of completion and wealthy textual content formatting. After the basic customization strategies and common goal instruments were mentioned, the booklet breaks into themes corresponding to the command-line-based protection instruments within the Kali Linux working process. the final technique in discussing those instruments is to contain normal function instruments mentioned in past chapters to combine defense review instruments. this can be a one cease way to study Bash and clear up info safeguard problems.

Show description

Preview of Penetration Testing with the Bash shell PDF

Best Linux books

Embedded Linux Primer: A Practical Real-World Approach (2nd Edition)

Up to the moment, entire assistance for constructing Embedded suggestions with Linux   Linux has emerged as today’s number one working procedure for embedded items. Christopher Hallinan’s Embedded Linux Primer has confirmed itself because the definitive real-world advisor to construction effective, high-value, embedded structures with Linux.

The Official Ubuntu Book (5th Edition)

Ubuntu is an entire, loose working method that emphasizes neighborhood, help, and simplicity of use with no compromising velocity, energy, or flexibility. It’s Linux for humans, designed for everybody from desktop newbies to specialists. Ubuntu 10. 04 is the newest release—more strong, extra versatile, and friendlier than ever.

Advanced Linux Networking

With more and more networks and mission-critical functions working on Linux, process, and community directors has to be capable of do greater than arrange a server and depend on its default configuration. this article is designed that will help you in attaining the next point of competence. It specializes in strong recommendations and lines of Linux networking and offers you with the knowledge you want to enhance server potency, improve protection, and adapt to new requisites.

Guide to Assembly Language Programming in Linux

Introduces Linux options to programmers who're acquainted with different working structures akin to home windows XP offers accomplished assurance of the Pentium meeting language

Extra info for Penetration Testing with the Bash shell

Show sample text content

To begin off with, let us take a look at the invocation modes which are designed to carry information regarding a module. you could now not continually recognize which strategies can be found for the module you want to invoke. as a consequence, Metasploit has a really priceless mode you could invoke with the msfcli module. the subsequent command is used to do that: msfcli exploit/windows/smb/ms08_067_netapi O the former command will produce the output as follows: the choice invocation mode—abbreviated O as a command-line argument—displays a quick precis of in basic terms the required concepts, specifically the choices strictly required in an effort to effectively run the desired module. you may as well need to know slightly extra concerning the history of the module, for example, who constructed it, which vulnerability it attempts to use, and that are the working platforms it really is designed to focus on. you will find this out by utilizing the precis invocation mode, that is abbreviated as S. the next command is used to do that: msfcli exploit/windows/smb/ms08_067_netapi S [ sixty nine ] Exploitation and opposite Engineering • the former command will produce the output as follows: The mode verified within the previous screenshot merely prints a precis of the fundamental, worthwhile concepts. you'll even have Metasploit print out the entire checklist of innovations that use the complex mode utilizing the next command: msfcli exploit/linux/imap/imap_uw_lsub A [ 70 ] Chapter four the former command produces the output as follows: a few output from the previous screenshot has been passed over for the sake of brevity. the next may be the different invocation concepts: • AC: This information the on hand concepts for the given module • C: This exams the regimen for the provided module • I: This exhibits the IDS evasion ideas on hand for this module • P: This lists the to be had payload forms for the module • T: This lists the on hand working procedure goals for this module This concludes our dialogue concerning the Metasploit Frameworks command-line interface. the subsequent part will conceal worthy how you can combine this performance with bash scripting and different command-line utilities in universal occasions in the course of a penetration try out or vulnerability evaluate. [ seventy one ] Exploitation and opposite Engineering Bash hacks and msfcli on condition that msfcli permits us to invoke Metasploit modules immediately from the command line, we will do a little beautiful necessary issues similar to combine the result of an Nmap test with msfcli, or plug within the result of a DNS or Whois search for on to a msfcli module invocation. the next part will exhibit a number of worthwhile bash scripts that do exactly this. if you want to envision the exploitability of a given vulnerability on various IPs proliferated from a Whois look up, you could execute the subsequent bash script instantly out of your command-line interface: msfcli [MODULE] RHOSTS=`whois $(dig [domain identify] +short ) |\ awk –F\ '/inetnum/ { print $2"-"$4 }'` C within the earlier instructions, [MODULE] and [DOMAIN identify] stands out as the identify and course of the Metasploit module you must use—as it truly is utilized in the Metasploit console—and the area identify you would like to run the module opposed to, respectively.

Download PDF sample

Rated 4.75 of 5 – based on 7 votes