This is the second phase in Penetration Testing after reconnaissance phase. This is a pre-attack phase that helps in identifying hosts which are running with exploitable services and exposed critical data. The main idea is behind this phase is to determine vulnerabilities which can enable us with the access of the system. There are challenges in performing infrastructure scan as organizations put IDS/IPS as control measures. If your scan is getting interrupted, will have to find the way to evade IDS/IPS. There are different kind of tools which can assist us in scanning our target. We will discuss a few of the important tools here.
Nmap: Network Mapper is one of the most famous scanning tools which can provide comprehensive information about our target. It can scan systems by specifying hostnames, IP addresses as well as network subnets. It scans ports and can report service and version information of open information. This information can help us to determine which service is exploitable and we can try connecting with payload to gain the access. It can also detect the OS version which in turn helps us to design our payload specific to the OS. Since almost all organizations use IDS/IPS to alert the administrator about the port scan, Nmap comes with IDS/IPS evasion/spoofing technique too. This tool is already loaded in Kali Linux.
Zenmap: Zenmap also does scanning but comes with GUI and with few add-on features. If you want to run GUI with your customized nmap command, that too can be done as writable command field is provided to facilitate command customization. This is also available in Kali Linux.
Nikto: Nikto is a lightweight tool loaded in Kali Linux. This is used for scanning web server. It reports identified vulnerabilities which can be exploited for further access or information disclosure. It also reports OSVDB id which can provide further information about the vulnerability.
There are few other tools loaded in Kali which can be used for scanning as well as gaining access like BurpSuite/ Owasp-Zap. There is wpscan which can be used for scanning WordPress based sites to identify if any vulnerability associated with WordPress platform or plugins. Sqlmap is another tool which can be used for automatically identifying SQLi in the target host. There tools for Cisco software or VoIP too. SSLyze is another tool which can be run to fetch SSL certificate related information of target information.
Plagiarism Score: 0% Calculated from SmallSEOTools
Leave a Reply