Page 200 - Hands-On Bug Hunting for Penetration Testers
P. 200
Other Tools Chapter 11
That's the reason we haven't covered the tool much. Because Metasploit's real value is
taking (for example) an SQLi vulnerability and turning it into an attack that exploits that
bug to expose user data, change the attacker's privileges, or accomplish some other
malicious end, it doesn't fall within our bounty-oriented workflow, which is more
concerned with the bug itself. In fact, most bug bounty programs actively discourage taking
that next step. It's essentially what separates a white hat researcher from a black hat hacker.
However, Metasploit can be a great tool for brainstorming realistic, stomach-churning
attack scenarios that can convince a security team that the vulnerability you're submitting is
a real threat. Clearly and convincingly articulating the impact of your findings is the most
direct path to bigger payouts and higher submission success rates.
Summary
In this chapter, we've covered tools and methodologies beyond those we used directly in
our walkthroughs. We've also discussed a process for evaluating new tools, and an example
applying that analysis to Burp Suite Pro and SecApps within the context of the pentesting
engagements we've explored throughout the book. By now, you've seen an expanded
overview of different types of scanners (application, network, and OSINT), community
databases of attack patterns, source code analysis tools, new Burp extensions and
workflows, the value of exploitation frameworks, and more. This should broaden your
horizon of understanding beyond this book and provide the basis for your continued
development as a security researcher.
Questions
1. How should you go about evaluating new tools?
2. What are some useful Burp extensions?
3. What are good options for port scanning?
4. What are a few of the new capabilities you could expect from upgrading to Burp
Pro?
5. What are some of the benefits to using Kali Linux?
6. What's OSINT?
7. What's Metasploit and what is it used for?
[ 185 ]
