Monthly Archives: May 2019

Nikto is a website scanning tool designed not for stealth, but for quickest result. Nikto has many features such as checking for outdated software versions (PHP, apache, etc), checking for vulnerability and etc.

The Metasploit framework is a very powerful tool capable of information gathering, vulnerability analysis, exploit vulnerabilities and etc. For a full tutorial, visit https://www.offensive-security.com/metasploit-unleashed/.

DIRB is a web content scanner used for scanning both hidden and non hidden web objects. It does a dictionary based attack against a web server and checks every response given.

Nmap is a network mapping tool used for network discovery. Nmap can get information such as open ports, OS, version and etc. Nmap has a lot of options such as syn scan, udp scan and etc.

TheHarvester is used to gather emails, subdomains, hosts, employee names and etc. The tool is only available in CLI but is very straightforward.

Maltego is a tool used for open-source intelligence and forensics. Unlike most tools, maltego has a GUI and is user friendly.

WPScan is (as the name suggests) for scanning wordpress websites for vulnerabilities. WPScan is both passive and aggressive depending on the setting used. In addition, it can also enumerate users and attempt brute force attacks.