Collecting information is a useful tool in any situation. For a penetration tester, information gathering is not only useful but necessary. When they’re trying to discover the security flaws in a system/network/web application, it’s important to know what they’re working with.
Every person’s preference on how to get that information is different. However, the following tools are good for novices that don’t have a clue on where to start.
Nmap (or Network Mapper) is the basic of all tools. As a security scanner, it determines hosts and services on the target. Nmap can be used over LAN and WLAN. Despite this, WLAN success relies on ports 443/80 being closed (which is unlikely).
InfoSec Institute lists the features of nmap on their website, explaining that it detects:
- Live host on the network (host discovery)
- Open ports on the host (port discovery or enumeration)
- Software and the version to the respective port (service discovery)
- Operation system, hardware address, and the software version
- Vulnerability and security holes (Nmap scripts)
For Linux users, the installation and execution of nmap is simple. A list of nmap commands include:
- (sudo if not root) apt-get update && (sudo) apt-get install nmap – for installation
- nmap X.X.X.X – execute a security scan by putting in the target’s IP address
- nmap –help – for a list of options
Aided during website analysis, nikto provides a friendly user experience for running simple website scans. Nikto checks for:
- Potentially hazardous files/CGIs
- Outdated servers
- Precise issues related to specific versions
- Server configuration items (numerous index files, HTTP server selections, etc.)
- Installed web servers and software
Nikto commands for Linux users are as follows:
- (sudo) apt-get install nikto – for installation
- nikto -h X.X.X.X – use the host command and targeted IP address to execute
Nikto is also especially useful for identifying SQL injection and XSS vulnerabilities.
Screenshots for reference.