Objective: you need to establish if a web application firewall is in place, and ideally, what type of WAF it is. You can go bark at it with wafw00f!
Today’s target is similar to what can be found in OSCP labs. The goal is to obtain root privileges and get the flag. Let’s dive right in!
Today we’ll explore another tool for DNS enumeration: the DNS Network Mapper (dnsmap). Although at the time of this post, its last update was in 2010, this tool has survived the passage of time, and has been packaged with versions of both Backtrack and Kali. There is quite a wealth of information about the tool on its homepage, and it comes with a built-in wordlist for domain bruteforcing.
Objective: you want to assess the SSL security posture of a target by listing the supported cipher suites. sslscan is a fast SSL/TLS scanner that has been extended from its original version, and at the time of this post, its last update was 2 days ago.
Vulnix is an older machine from VulnHub that intends to present vulnerabilities from a misconfiguration point of view. The goal is to get the flag inside /root
Objective: enumerate shares on a target and gather as much information as possible. enum4linux is a Perl script that can get the job done.
Objective: a tool that can be used to perform ARP reconaissance and discover hosts on the local network. You could do that with Nmap too, but here netdiscover shines!
Back to looking through VulnHub’s selection of virtual machines, I got hooked by the name of this one. The author intended for this machine to be similar in difficulty to those in the OSCP lab, so it’s definitely good training if you’re preparing to jump into the fray!
Objective: you want to check suspicious IPs, domains and hashes for maliciousness. Maybe you’ve heard that your favorite news site has been hacked and is serving malware to its users. You’d like to confirm if something is dangerous or not, without navigating to it and risking to get compromised in the process. There is a Python tool on Kali that can help you with just that! Enter Automater!
Nmap is our favorite port scanner, but if you want to scan billions of hosts, and still be relatively young when you get the results, there is a solid alternative focused entirely on speed: Masscan – the Mass IP port scanner