Simple Tools for Collecting Information During Pen-Testing

Collecting information is a useful tool in any situation. For a penetration tester, information gathering is not only useful but necessary. When they’re trying to discover the security flaws in a system/network/web application, it’s important to know what they’re working with.

Every person’s preference on how to get that information is different. However, the following tools are good for novices that don’t have a clue on where to start.

Nmap

Nmap (or Network Mapper) is the basic of all tools. As a security scanner, it determines hosts and services on the target. Nmap can be used over LAN and WLAN. Despite this, WLAN success relies on ports 443/80 being closed (which is unlikely).

InfoSec Institute lists the features of nmap on their website, explaining that it detects:

  • Live host on the network (host discovery)
  • Open ports on the host (port discovery or enumeration)
  • Software and the version to the respective port (service discovery)
  • Operation system, hardware address, and the software version
  • Vulnerability and security holes (Nmap scripts)

For Linux users, the installation and execution of nmap is simple. A list of nmap commands include:

  • (sudo if not root) apt-get update && (sudo) apt-get install nmap – for installation
  • nmap X.X.X.X – execute a security scan by putting in the target’s IP address
  • nmap –help – for a list of options

Nikto

Aided during website analysis, nikto provides a friendly user experience for running simple website scans. Nikto checks for:

  • Potentially hazardous files/CGIs
  • Outdated servers
  • Precise issues related to specific versions
  • Server configuration items (numerous index files, HTTP server selections, etc.)
  • Installed web servers and software

Nikto commands for Linux users are as follows:

  • (sudo) apt-get install nikto – for installation
  • nikto -h X.X.X.X – use the host command and targeted IP address to execute

Nikto is also especially useful for identifying SQL injection and XSS vulnerabilities.

Screenshots for reference.

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience