Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
Net Discover
IP Ranger
Can help us enumerate which devices are on a network using ICMP packets (pings) or ARP. Some specialised tools such as Bloodhound may help us enumerate networks using Active Directory.
We can see there are 5 ports open. We may be able to exploit the HTTP service on port 80 or gain access to SSH on port 20. Port scanning can be slow, tools such as PyRCON and Rust Scanner may help us speed up this process. Typically this isn't necessary but in a KOTH or battlegrounds game, we can't spare the time.
We can see there are 5 ports open. We may be able to exploit the HTTP service on port 80 or gain access to SSH on port 20. Port scanning can be slow, tools such as PyRCON and Rust Scanner may help us speed up this process. Typically this isn't necessary but in a KOTH or battlegrounds game, we can't spare the time.
UniScan
whatweb
Specialised tools can be used, for example WPScan. Allowing us to enumerate the wordpress CMS.
In a real-world scenario. You're likely to come across a target with more than one domain, each having it's own subdomains. There's plenty of tools that you can use to discover these. Again, PyRCON offers some options for this but I like tools such as sublist3r and publicly available records such as security trials.