Vulnerability scanning websites
Nikto Runs vulnerability scan against a web site Simple scan Nikto -host 1.2.3.4 Runs from Nmap over a range and feeds into nikto to output to file Nmap -p80,443 1.2.3.0/24 -oG –…
Website Enumeration
Notes on website enumeration Enumeration with NMAP Process Verify port 80/443 open on target host ncat -v 1.2.3.4 80 ncat -v 1.2.3.4 443 or nmap Run http- enum script on…
Active Reconnaissance
Notes on active reconnaissance Network Scanning -Host Scanning -Port Scanning -Packet crafting (ack scans) -Device enumeration -Vulnerability scanning NMAP Command Line scanning utility that can be used for a range of scans such as: -Discovery…
Passive Reconnaissance
Notes on passive reconnaissance Open Source Intelligence (OSINT) The following are online areas which can be used to obtain information about a target that is freely available on the web: …
Planning and Scoping
PENTESTING FRAMEWORKS CHECK – http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html OWASP – https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents OSSTMM –http://www.isecom.org/mirror/OSSTMM.3.pdf PTES – http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines NIST SP800-115 – https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf CLOUD PENTEST PROCEDURES When performing a test against services leveraged on cloud products…