Scanning & Enumeration

There are many tools to do reconnaissance, enumeration and network scanning. Your exact tool kit will depend on the client and objective. Here are some of the more popular scanners, enumerators and reconnaissance tools that we will eventually discuss:

apache-users – enumerates apache users if UserDir module is loaded
arp-scan – an ARP Scanner
CMSmap – detect flaws on popular CMS platforms
DirBuster – brute force word list scanner against web server to find hidden directories/files
dnsenum – runs a series of dns tests against target
EyeWitness – screenshots of websites with some header info and default creds if avaialable
Gitrob – look on GIT for potentially sensitive files
Gobuster – brute force Basic Auth, submdomain and URI tests
Grabber – web application scanner for smaller websites
HTTPScreenShot – screenshot multiple sites during a scan
Masscan – scan all ports on the internet in 6 minutes (it claims). Like nmap, but much faster.
nikto – several thousand scan types against web server
NMAP – tcp/udp probe for fingerprinting and discovering open ports
Parsero – look for clues based on robots.txt files
Recon-ng – framework like metasploit for easily managing tools
smbenum – detect software installed on target
snmpcheck – snmp enumeration like snmpwalk
SPARTA – gui helper for automating and managing recon
SpiderFoot – search 100s of sources for info on target IP
SSLcaudit – automate testing of MITM attacks for SSL/TLS clients
SSLyze – analyze SSL configuration for known weaknesses
sublis3r – find all publicly known subdomains
sqlmap – detect and exploit sql vulnerabilities
tcpdump – packet capture/analysis tool
theharvester – collect emails, ports, employee names, subdomains and other info related to domain
TLSSLed – eval ssl/TLS web server setup
WebSlayer – brute force/fuzz web applications and for finding resources not linked
Wireshark – gui packet capture/analysis tool, often used with packet dumps from other sources
WPScan – black box word press vuln scanner
WMAP – web application scanner