Most used tools

Locate endpoints on a network

tools: nmap, ping, arp, fping, route -n

Usage:

  1. Locate up hosts

fping -asgp <ip>/24 > hosts.txt

  1. Obtain hosts information

nmap -sCV -iL hosts.txt

Identify open ports and services on a target

Tool: nmap

Usage: 

nmap -sSV -p- target

Identify operating system of a target

Tool: nmap

Usage:

nmap -O target

OSINT

Example:

  • Extract company information from public sources

  • Gather email addresses from public sources

  • Gather technical information from public sources

Tools: theHarvester, Sublist3r, Google Dorks

Usage:

theHarvester -d domain.com -b all

Identify vulnerabilities in services

Tool: nmap, https://www.exploit-db.com/

Usage:

nmap --script vuln target

Evaluate information and critically or impact of vulnerabilities

Website: nist.gov

PreviousAssessment MethodologiesNextHost & Network Pentesting

Last updated