Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

Scanning & Enumeration

There are many tools to do reconnaissance, enumeration and network scanning. Your exact tool kit will depend on the client and objective. Here are some of the more popular scanners, enumerators and reconnaissance tools that we will eventually discuss:

  • apache-users - enumerates apache users if UserDir module is loaded

  • arp-scan - an ARP Scanner

  • CMSmap - detect flaws on popular CMS platforms

  • DirBuster - brute force word list scanner against web server to find hidden directories/files

  • dnsenum - runs a series of dns tests against target

  • EyeWitness - screenshots of websites with some header info and default creds if avaialable

  • Gitrob - look on GIT for potentially sensitive files

  • Gobuster - brute force Basic Auth, submdomain and URI tests

  • Grabber - web application scanner for smaller websites

  • HTTPScreenShot - screenshot multiple sites during a scan

  • Masscan - scan all ports on the internet in 6 minutes (it claims). Like nmap, but much faster.

  • nikto - several thousand scan types against web server

  • NMAP - tcp/udp probe for fingerprinting and discovering open ports

  • Parsero - look for clues based on robots.txt files

  • Recon-ng - framework like metasploit for easily managing tools

  • smbenum - detect software installed on target

  • snmpcheck - snmp enumeration like snmpwalk

  • SPARTA - gui helper for automating and managing recon

  • SpiderFoot - search 100s of sources for info on target IP

  • SSLcaudit - automate testing of MITM attacks for SSL/TLS clients

  • SSLyze - analyze SSL configuration for known weaknesses

  • sublis3r - find all publicly known subdomains

  • sqlmap - detect and exploit sql vulnerabilities

  • tcpdump - packet capture/analysis tool

  • theharvester - collect emails, ports, employee names, subdomains and other info related to domain

  • TLSSLed - eval ssl/TLS web server setup

  • WebSlayer - brute force/fuzz web applications and for finding resources not linked

  • Wireshark - gui packet capture/analysis tool, often used with packet dumps from other sources

  • WPScan - black box word press vuln scanner

  • WMAP - web application scanner

Last updated on 6 Mar 2019
Published on 6 Mar 2019