Scanning is the task of probing enterprise networks or Internet wide services, searching for vulnerabilities or ways to infiltrate IT assets. Scans can be done against system admin, software, and network services.

Recommended Tools:

  1. Nmap – open source utility for network discovery and security auditing
  2. Dirbuster – Scan web sites for hidden web pages
  3. Metasploit Framework – included in Kali Linux , configure to scan for known vulnerabilities based on environment
  4. Recon-ng – built in the Kali Linux distribution; used to perform reconnaissance on remote targets.

Nmap Output Example:

Other Available Tools:

  • OpenVAS (Open Vulnerability Assessment System) – open source version of Nessus used for vulnerability scanner & security manager
  • Ncat NW connector – integrated with Nmap ; utility reads and writes data across networks from the command line; uses TCP and UDP ;
  • Nping packet manipulator – open source CLI tool for NW packet gen ; Custom TCP, UDP, ICMP and ARP packet generation; Echo mode for advances troubleshooting.
  • Fierce  – IP and DNS recon tool written in PERL for finding target IPs associated with domain names.
  • FOCA (Fingerprinting Organizations with Collected Archives) – analyze web servers and their hidden info. Collects data from MS Office, OpenOffice, PDF, as well as Adobe InDesign, SVG and GIF files. Works with Google, Bing and DuckDuckGo. 

References: tbd