WPScan WPScan capabilities Update the local database of WPScan The local database can be updated with the following command: wpscan –update Enumeration Modes When enumerating the WordPress version, installed plugins or installed themes, you can use three different “modes”, which are: The following enumeration options exist: If no option is supplied to the -e flag, then the … Read more
Enum4Linux enum4linux -a target-ip Do Everything, runs all options apart from dictionary based share name guessing Extract OS Information enum4linux -s shares.txt target-ip Perform a dictionary attack, if the server doesn’t let you retrieve a share list enum4linux -i target-ip Pull information about printers known to the remove device. Lists usernames, if the server allows … Read more
SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks. Link to … Read more
Web application scanning using WMAP WMAP is a feature-rich web application vulnerability scanner that was originally created from a tool named SQLMap. This tool is integrated with Metasploit in the form of a plugin. It allows us to conduct web application scanning from within the Metasploit Framework.
SMB(Server Message Block) Versions Before diving into the various methods using to collect information from SMB, it is important to understand the iterations SMB went through over the years and why some of them are known to be highly insecure: SMB1 was the first implementation of SMB. It used 16-bit packet and small data buffers, … Read more
Nmap Which systems are up? What services are running on these systems? Scan Types: ARP scan: This scan uses ARP requests to discover live hosts ICMP scan: This scan uses ICMP requests to identify live hosts TCP/UDP ping scan: This scan sends packets to TCP ports and UDP ports to determine live hosts. ARP from … Read more
