Kali Linux

7.

The Kali Linux Toolkit: Web Application Analysis

7.1.

Web Application Reconnaissance

7.1.1.

Technology Identification

7.1.1.1.

7.1.1.2.

7.1.1.3.

7.1.2.

Content Discovery

7.1.2.1.

Directory and File Enumeration

7.1.2.1.1.

7.1.2.1.1.1.

Wordlist Selection

7.1.2.1.1.2.

Custom Extensions

7.1.2.1.1.3.

Authentication Handling

7.1.2.1.2.

7.1.2.1.2.1.

7.1.2.1.2.2.

7.1.2.1.2.3.

7.1.2.1.3.

7.1.2.1.3.1.

7.1.2.1.3.2.

Threaded Scanning

7.1.2.2.

Subdomain Discovery

7.1.2.2.1.

7.1.2.2.2.

7.1.2.2.3.

7.1.3.

7.1.3.1.

7.1.3.2.

7.1.3.3.

7.2.

Web Vulnerability Scanning

7.2.1.

Comprehensive Web Scanners

7.2.1.1.

7.2.1.1.1.

Automated Scanning

7.2.1.1.1.1.

Quick Start Scan

7.2.1.1.1.2.

7.2.1.1.1.3.

7.2.1.1.2.

7.2.1.1.2.1.

7.2.1.1.2.2.

Request Modification

7.2.1.1.2.3.

Response Analysis

7.2.1.1.3.

Advanced Features

7.2.1.1.3.1.

7.2.1.1.3.2.

Session Management

7.2.1.1.3.3.

7.2.1.1.3.4.

7.2.1.2.

7.2.1.2.1.

Proxy Configuration

7.2.1.2.2.

Target Scope Definition

7.2.1.2.3.

Scanner Configuration

7.2.1.2.4.

7.2.1.2.5.

Repeater Functionality

7.2.1.2.6.

Sequencer Analysis

7.2.2.

Specialized Web Scanners

7.2.2.1.

7.2.2.1.1.

Server Misconfiguration Detection

7.2.2.1.2.

Outdated Software Detection

7.2.2.1.3.

Dangerous Files Detection

7.2.2.2.

7.2.2.2.1.

Recursive Web Application Security Scanner

7.2.2.3.

7.2.2.3.1.

Plugin Architecture

7.2.2.3.2.

Audit and Attack Plugins

7.3.

Web Application Proxies

7.3.1.

Intercepting Proxies

7.3.1.1.

Burp Suite Proxy

7.3.1.1.1.

Request Interception

7.3.1.1.2.

Response Modification

7.3.1.1.3.

Match and Replace Rules

7.3.1.1.4.

SSL Certificate Handling

7.3.1.2.

OWASP ZAP Proxy

7.3.1.2.1.

Transparent Proxying

7.3.1.2.2.

Request/Response Modification

7.3.1.2.3.

7.3.2.

Proxy Configuration

7.3.2.1.

Browser Configuration

7.3.2.2.

Certificate Installation

7.3.2.3.

Upstream Proxy Configuration

7.4.

SQL Injection Testing

7.4.1.

Automated SQL Injection Tools

7.4.1.1.

7.4.1.1.1.

Detection Techniques

7.4.1.1.2.

Database Enumeration

7.4.1.1.3.

Data Extraction

7.4.1.1.4.

File System Access

7.4.1.1.5.

Operating System Access

7.4.1.1.6.

Advanced Options

7.4.2.

Manual SQL Injection Testing

7.4.2.1.

Injection Point Identification

7.4.2.2.

Payload Construction

7.4.2.3.

Error-Based Injection

7.4.2.4.

Blind Injection Techniques

7.4.2.5.

Time-Based Injection

7.5.

Cross-Site Scripting (XSS) Testing

7.5.1.

XSS Detection Tools

7.5.1.1.

7.5.1.2.

7.5.2.

Manual XSS Testing

7.5.2.1.

7.5.2.2.

7.5.2.3.

7.5.2.4.

Payload Development

7.6.

Content Management System Testing

7.6.1.

WordPress Security Testing

7.6.1.1.

7.6.1.1.1.

Vulnerability Scanning

7.6.1.1.2.

Plugin Enumeration

7.6.1.1.3.

Theme Enumeration

7.6.1.1.4.

User Enumeration

7.6.1.1.5.

Password Attacks

7.6.2.

Joomla Security Testing

7.6.2.1.

7.6.2.2.

7.6.3.

Drupal Security Testing

7.6.3.1.

Previous

6. The Kali Linux Toolkit: Vulnerability Analysis

Go to top

Next

8. The Kali Linux Toolkit: Database Assessment