Ettercap Man-in-the-Middle Fun!

Ethernet is a broadcast system. Messages sent over Ethernet from any one computer are broadcasted allowing other computers in the network to view and potentially intercept information. This vulnerability is what allows hackers to sniff packets and perform Man-in-the-Middle attacks (an attack where a hacker manipulates packets between its source and destination). What’s worse is that companies spend a lot […]

OpenVAS Quick and Easy: Scheduling and Running Tasks

“OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution” ( So I’ve been using OpenVAS as an alternative to Nessus and I’ve actually been quite pleased with the tool. The initial installation was a little difficult (see post) but once up and running, it has been great. I haven’t been […]

Scanning With Nmap

Nmap is an effective network-scanning tool that can be used for host and open port service discovery. It can be downloaded from here. In my experiences, to find hidden services or special services, not located on common ports, the below scans can be used. Different services respond to different packet messages. The “-p” tag specifies a port range, it is not required. However, […]

Backtrack Metagoofil

This tool will use google to search a domain for given file types and extract the metadata to a viewable HTML file. It is part of the footprinting stages of penetration testing. Command Use: cd /pentest/enumeration/google/metagoofil ./ –d <domain to search> -f <file type or all> -o <output html file name> -t <location to download files>

Backtrack theHarvester

This tool is used to gather e-mail accounts, usernames, hostnames, subdomains from public sources such as google, bing and Linkedin. In penetration testing, this is part of performing enumeration or footprinting a network Supported sources are: Google – emails, subdomain and hostnames Google profiles – locate employee names connected with the domain Bing search – emails, subdomain, hostnames and virtual […]