Online Courses
API Penetration Testing Course
Online Courses
API Penetration Testing Course
  • Introduction
  • Setting Up
    • Tools
    • Hacking Lab
  • API Reconnaissance
    • Introduction to API Reconnaissance
    • Passive Reconnaissance
      • Google Dorking
      • GitDorking
      • TruffleHog
      • API Directories
      • Shodan
      • The Wayback Machine
    • Active Reconnaissance
      • Nmap
      • OWASP Amass
      • Directory Brute-force with Gobuster
      • Kiterunner
      • DevTools
      • Directory Brute-Forcing
  • Endpoint Analysis
    • Reverse Engineering an API
    • Excessive Data Exposure
    • Assessment
  • Scanning APIs
    • Finding Security Misconfigurations
    • Scanning APIs with OWASP ZAP
    • Assessment
  • Authentication Attacks
    • Classic Authentication Attacks
      • Note on Base64 Encoding
    • Token Attacks
    • Assessment
  • Exploiting API Authorization
    • Exploiting API Authorization
    • Broken Object Level Authorization (BOLA)
    • Broken Function Level Authorization (BFLA)
    • Assessment
  • Improper Assets Management
    • Improper Assets Management
    • Finding Improper Assets Management Vulnerabilities
    • Assessment
  • Mass Assignment
    • Mass Assignment Attacks
    • Other Mass Assignment Vectors
    • Hunting for Mass Assignment
    • Assessment
  • Exploiting Server-Side Request Forgery
    • Server-Side Request Forgery
    • Types of SSRF
    • Ingredients for SSRF
    • Testing for SSRF
    • Assessment
  • Injection Vulnerabilities
    • Testing for Injection Vulnerabilities
    • Discovering Injection Vulnerabilities
      • SQL Injection Metacharacters
      • NoSQL Injection
      • OS Injection
    • Fuzzing Wide with Postman
    • Fuzzing Deep with WFuzz
    • Assessment
  • Evasion and Combining Techniques
    • Evasive Maneuvers
    • Combining Techniques
Powered by GitBook
On this page
  • Update Kali
  • Update User Accounts

Setting Up

In this course, we will be using Kali Linux as our operating system with tools like Postman, Burp Suite, Wfuzz, and Kiterunner. You may use any operating system that you would like, but the tools and techniques of this course will be demonstrated using Kali. The tools that we will be using are all free, but because of this benefit, there are some limitations. For example, the free community edition of Burp Suite throttles scans to the point where it becomes unrealistic to use in a professional setting. So, I do advise you to upgrade to professional/enterprise versions of applications when you move into that setting. For the purpose of this course, you will be able to learn the tools and techniques without paying for software upgrades.

Update Kali

Once you have your Kali VM up and running, open the Kali Linux Terminal and use the following commands to update your system:

$ sudo apt update -y
$ sudo apt upgrade -y
$ sudo apt dist-upgrade -y

Update User Accounts

When starting a new operating system it is always a great idea to update default credentials:

$ sudo passwd kali    (enter in a new more complex password)
$ sudo useradd -m hapihacker
$ sudo usermod -a -G sudo hapihacker
$ sudo chsh -s /bin/zsh hapihacker
PreviousIntroductionNextTools

Last updated 1 year ago