Scanning and Enumeration - Paiet/SEC-335 GitHub Wiki
- Scanning/Foot-printing/Enumeration
- Automate the information gathering process
- Host Discovery
- Service enumeration
- Vulnerability discovery
- Host Discovery
- Ping Sweeps (Work on LANs and Internet)
- 3rd Party tools
nmap -sn 192.168.219.1/24
- Custom Bash script
- ARP (Great for LANs)
netdiscovery -i eth0 -r 192.168.219.0/24
- DNS
- whois
- zone transfers
- dig
- nslookup
- Email Address Enumeration
- The Harvester
theharvester -d microsoft -l 20 -b all
- Using Google
- search Google for info about target
- site:Champlain.edu
- Service Enumeration
- Banner Grabbing
- Service Scanning
- Nmap (the King)
- Stealth Scan (
-sS)
- UDP Scan (
-sU)
- XMAS Scan (
-sX)
- SMB enumeration
enum4linux -a 192.168.219.163
- Web Directory Discovery
- Vulnerability Scanning
- Full
- Nessus
- OpenVAS
- Nmap
- Metasploit
- Web