Ethernet is a broadcast system. Messages sent over Ethernet from any one computer are broadcasted allowing other computers in the network to view and potentially intercept information. This vulnerability is what allows hackers to sniff packets and perform Man-in-the-Middle attacks (an attack where a hacker manipulates packets between its source and destination). What’s worse is that companies spend a lot […]
“OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution” (http://www.openvas.org/). So I’ve been using OpenVAS as an alternative to Nessus and I’ve actually been quite pleased with the tool. The initial installation was a little difficult (see post) but once up and running, it has been great. I haven’t been […]
Nmap is an effective network-scanning tool that can be used for host and open port service discovery. It can be downloaded from here. In my experiences, to find hidden services or special services, not located on common ports, the below scans can be used. Different services respond to different packet messages. The “-p” tag specifies a port range, it is not required. However, […]
This is a tool used to brute force subdomains and domains for a specified website. It accomplishes the attacks through the use of a wordlists. Command Use: cd /pentest/enumeration/reverseraider ./reverseraider –d <domain> -w <wordlist file, a few can be found in the wordlist directory contained>
This tool can retrieve host addresses, name servers, MX records, sub domains, whois performances and reverse lookups for netblocks. It performs a quick enumeration. Command Use: cd /pentest/enumeration/dns/dnsenum ./dnsenum.pl –-enum –f –r <target website> The flags allow for a powerful scan including sub domains.
This tool will use google to search a domain for given file types and extract the metadata to a viewable HTML file. It is part of the footprinting stages of penetration testing. Command Use: cd /pentest/enumeration/google/metagoofil ./metagoofil.py –d <domain to search> -f <file type or all> -o <output html file name> -t <location to download files>
This is a tool used to extract hostnames, subdomains, IP and email addresses from a given domain through information from google. It is part of the footprinting stages of penetration testing. Command Use: cd /pentest/enumeration/google/goohost ./goohost.sh <domain>
This tool is used to gather e-mail accounts, usernames, hostnames, subdomains from public sources such as google, bing and Linkedin. In penetration testing, this is part of performing enumeration or footprinting a network Supported sources are: Google – emails, subdomain and hostnames Google profiles – locate employee names connected with the domain Bing search – emails, subdomain, hostnames and virtual […]