Packt+ | Advance your knowledge in tech

You're reading from Metasploit Revealed: Secrets of the Expert Pentester Build your defense against complex attacks

Product type Course

Published in Dec 2017

Publisher

ISBN-13 9781788624596

Length 860 pages

Edition 1st Edition

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Nipun Jaswal

Sagar Rahalkar

View More author details

Table of Contents (35) Chapters

Title Page

Credits

Preface

1. Module 1 FREE CHAPTER

Metasploit for Beginners

2. Introduction to Metasploit and Supporting Tools

3. Setting up Your Environment

4. Metasploit Components and Environment Configuration

5. Information Gathering with Metasploit

6. Vulnerability Hunting with Metasploit

7. Client-side Attacks with Metasploit

8. Web Application Scanning with Metasploit

9. Antivirus Evasion and Anti-Forensics

10. Cyber Attack Management with Armitage

11. Extending Metasploit and Exploit Development

12. Module 2

Mastering Metasploit

13. Approaching a Penetration Test Using Metasploit

14. Reinventing Metasploit

15. The Exploit Formulation Process

16. Porting Exploits

17. Testing Services with Metasploit

18. Virtual Test Grounds and Staging

19. Client-side Exploitation

20. Metasploit Extended

21. Speeding up Penetration Testing

22. Visualizing with Armitage

23. Module 3

Metasploit Bootcamp

24. Getting Started with Metasploit

25. Identifying and Scanning Targets

26. Exploitation and Gaining Access

27. Post-Exploitation with Metasploit

28. Testing Services with Metasploit

29. Fast-Paced Exploitation with Metasploit

30. Exploiting Real-World Challenges with Metasploit

31. Bibliography

32. Thanks page

Scanning HTTPS/SSL with Metasploit

Metasploit contains the SSL scanner module that can uncover a variety of information related to the SSL service on a target. Let us quickly set up and run the module as follows:

We have the SSL module from auxiliary/scanner/http, as shown in the preceding screenshot. We can now set the RHOSTS, a number of threads to run, and RPORT if it is not 443, and execute the module as follows:

Analyzing the preceding output, we can see that we have a self-signed certificate in place on the IP address 192.168.1.8 and other details such as CA authority, e-mail address, and much more. This information becomes vital to law enforcement agencies and in cases of fraud investigation. There have been many cases where the CA has accidentally signed malware spreading sites for SSL services.

We learned about various Metasploit modules. Let us now delve deeper and look at how the modules are built.

The rest of the chapter is locked

You're reading from Metasploit Revealed: Secrets of the Expert Pentester Build your defense against complex attacks

Table of Contents (35) Chapters

Scanning HTTPS/SSL with Metasploit

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you