You're reading from PowerShell for Penetration Testing Explore the capabilities of PowerShell for pentesters across multiple platforms

Product type Paperback

Published in May 2024

Publisher Packt

ISBN-13 9781835082454

Length 298 pages

Edition 1st Edition

Languages

PowerShell

Tools

PowerShell

Concepts

Penetration Testing

Author (1):

Dr. Andrew Blyth

View More author details

Table of Contents (23) Chapters

Preface

1. Part 1: Introduction to Penetration Testing and PowerShell FREE CHAPTER

2. Chapter 1: Introduction to Penetration Testing

3. Chapter 2: Programming Principles in PowerShell

4. Part 2: Identification and Exploitation

5. Chapter 3: Network Services and DNS

6. Chapter 4: Network Enumeration and Port Scanning

7. Chapter 5: The WEB, REST, and SOAP

8. Chapter 6: SMB, Active Directory, LDAP and Kerberos

9. Chapter 7: Databases: MySQL, PostgreSQL, and MSSQL

10. Chapter 8: Email Services: Exchange, SMTP, IMAP, and POP

11. Chapter 9: PowerShell and FTP, SFTP, SSH, and TFTP

12. Chapter 10: Brute Forcing in PowerShell

13. Chapter 11: PowerShell and Remote Control and Administration

14. Part 3: Penetration Testing on Azure and AWS cloud Environments

15. Chapter 12: Using PowerShell in Azure

16. Chapter 13: Using PowerShell in AWS

17. Part 4: Post Exploitation and Command and Control

18. Chapter 14: Command and Control

19. Chapter 15: Post-Exploitation in Microsoft Windows

20. Chapter 16: Post-Exploitation in Linux

21. Index

Why subscribe?

22. Other Books You May Enjoy

Security auditing tools for SSH

We can also make use of various auditing tools for security audits:

Invoke-Command -ComputerName YourSSHServer -ScriptBlock { ssh-audit YourSSHServer }

This command uses the ssh-audit tool to perform a security audit on the SSH server, implementing hardening recommendations. Security auditing tools can automate the assessment process and provide valuable insights into potential vulnerabilities.

User authentication and authorization

As part of a security audit for a secure server, we should validate the ability to use SSH key authentication:

# Invoke SSH command on the remote server using the private key
Invoke-Command -ComputerName ssh.snowcapcyber.com -ScriptBlock {
    param($sshKey)
    ssh -T -i $using:sshKey ajcblyth@ssh.snowcapcyber.com
} -ArgumentList $sshKey

This command uses SSH key authentication to connect to the SSH server. Replacing the key file path and user details is necessary. SSH...