WPScan WPScan capabilities Update the local database of WPScan The local database can be updated with the following command: wpscan –update Enumeration Modes When enumerating the WordPress version, installed plugins or installed themes, you can use three different “modes”, which are: The following enumeration options exist: If no option is supplied to the -e flag, then the … Read more
Burp Suite Target: This tool allows you to visualize your target application’s contents in a folder structure hierarchy that corresponds to the site’s URL structure. This section shows all of the content that has been is covered until now, by manually browsing the site’s pages.Proxy: This is the main engine of Burp, which allows it … Read more
Enum4Linux enum4linux -a target-ip Do Everything, runs all options apart from dictionary based share name guessing Extract OS Information enum4linux -s shares.txt target-ip Perform a dictionary attack, if the server doesn’t let you retrieve a share list enum4linux -i target-ip Pull information about printers known to the remove device. Lists usernames, if the server allows … Read more
SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks. Link to … Read more
Web application scanning using WMAP WMAP is a feature-rich web application vulnerability scanner that was originally created from a tool named SQLMap. This tool is integrated with Metasploit in the form of a plugin. It allows us to conduct web application scanning from within the Metasploit Framework.
SMB(Server Message Block) Versions Before diving into the various methods using to collect information from SMB, it is important to understand the iterations SMB went through over the years and why some of them are known to be highly insecure: SMB1 was the first implementation of SMB. It used 16-bit packet and small data buffers, … Read more
Nmap Which systems are up? What services are running on these systems? Scan Types: ARP scan: This scan uses ARP requests to discover live hosts ICMP scan: This scan uses ICMP requests to identify live hosts TCP/UDP ping scan: This scan sends packets to TCP ports and UDP ports to determine live hosts. ARP from … Read more
A Vulnerability Assessment aims to identify and categorize risks for security weaknesses related to assets within an environment. It is important to note that there is little to no manual exploitation during a vulnerability assessment. A vulnerability assessment also provides remediation steps to fix the issues. The purpose of a Vulnerability Assessment is to understand, identify, and categorize the risk … Read more
