-
Not really. Nessus can be installed on any server and you just need to provide the network IP and port with credentials for authentication. Metasploit will automatically authenticate with the remotely installed Nessus instance.
-
Metasploit supports Nexpose, Nessus, and OpenVAS vulnerability scanners as pluggable modules. For other vulnerability scanners, you may have to code your own plugin module.
-
Yes. You can use Nessus Professional with Metasploit. You just need to activate the Nessus Pro license first.
- The number of concurrent systems in scanning is the same as the number allowed as per your Nessus subscription.
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Introduction
- Introduction to Web Application Penetration Testing
- What is a penetration test?
- Types of penetration test
- Stages of penetration testing
- Important terminologies
- Penetration testing methodologies
- Common Weakness Enumeration (CWE)
- Summary
- Questions
- Further reading
- Metasploit Essentials
- Technical requirements
- Introduction to Metasploit Framework
- Metasploit Framework terminology
- Installing and setting up Metasploit
- Getting started with Metasploit Framework
- Interacting with Metasploit Framework using msfconsole
- MSF console commands
- Customizing global settings
- Variable manipulation in MSF
- Exploring MSF modules
- Running OS commands in MSF
- Setting up a database connection in Metasploit Framework
- Loading plugins in MSF
- Using Metasploit modules
- Searching modules in MSF
- Checking for hosts and services in MSF
- Nmap scanning with MSF
- Setting up payload handling in MSF
- MSF payload generation
- Summary
- Questions
- Further reading
- The Metasploit Web Interface
- The Pentesting Life Cycle with Metasploit
- Using Metasploit for Reconnaissance
- Web Application Enumeration Using Metasploit
- Vulnerability Scanning Using WMAP
- Vulnerability Assessment Using Metasploit (Nessus)
- Pentesting Content Management Systems (CMSes)
- Pentesting CMSes - WordPress
- Technical requirements
- Introduction to WordPress
- WordPress reconnaissance and enumeration
- Vulnerability assessment for WordPress
- WordPress exploitation part 1 – WordPress Arbitrary File Deletion
- WordPress exploitation part 2 – unauthenticated SQL injection
- WordPress exploitation part 3 – WordPress 5.0.0 Remote Code Execution
- Going the extra mile – customizing the Metasploit exploit
- Summary
- Questions
- Further reading
- Pentesting CMSes - Joomla
- Technical requirements
- An introduction to Joomla
- The Joomla architecture
- Reconnaissance and enumeration
- Enumerating Joomla plugins and modules using Metasploit
- Performing vulnerability scanning with Joomla
- Joomla exploitation using Metasploit
- Joomla shell upload
- Summary 
- Questions
- Further reading
- Pentesting CMSes - Drupal
- Performing Pentesting on Technological Platforms
- Penetration Testing on Technological Platforms - JBoss
- Technical requirements
- An introduction to JBoss
- Reconnaissance and enumeration
- Performing a vulnerability assessment on JBoss AS
- JBoss exploitation
- JBoss exploitation via the administration console
- Exploitation via the JMX console (the MainDeployer method)
- Exploitation via the JMX console using Metasploit (MainDeployer)
- Exploitation via the JMX console (BSHDeployer)
- Exploitation via the JMX console using Metasploit (BSHDeployer)
- Exploitation via the web console (Java applet)
- Exploitation via the web console (the Invoker method)
- Exploitation via JMXInvokerServlet using Metasploit
- Summary
- Questions
- Further reading
- Penetration Testing on Technological Platforms - Apache Tomcat
- Penetration Testing on Technological Platforms - Jenkins
- Logical Bug Hunting
- Web Application Fuzzing - Logical Bug Hunting
- Technical requirements
- What is fuzzing?
- Fuzzing terminology
- Fuzzing attack types
- Introduction to web app fuzzing
- Identifying web application attack vectors
- HTTP request verbs
- HTTP request URIs
- Fuzzing an HTTP request URl path using Wfuzz
-  Fuzzing an HTTP request URl path using ffuf
- Fuzzing an HTTP request URl path using Burp Suite Intruder
- Fuzzing HTTP request URl filenames and file extensions using Wfuzz
- Fuzzing HTTP request URl filenames and file extensions using ffuf
- Fuzzing HTTP request URl filenames and file extensions using Burp Suite Intruder
- Fuzzing an HTTP request URl using Wfuzz (GET parameter + value)
- Fuzzing an HTTP request URl using Burp Suite Intruder (GET parameter + value)
- HTTP request headers
- Summary
- Questions
- Further reading
- Writing Penetration Testing Reports
- Assessment
- Other Books You May Enjoy
Chapter 7
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.