Information Gathering and Scanning

In this chapter, we will cover the following recipes:

  • Passive information gathering with Metasploit
  • Active information gathering with Metasploit
  • Port scanning—the Nmap way
  • Port scanning—the db_nmap way
  • Host discovery with ARP Sweep
  • UDP Service Sweeper
  • SMB scanning and enumeration
  • Detecting SSH versions with the SSH Version Scanner
  • FTP scanning
  • SMTP enumeration
  • SNMP enumeration
  • HTTP scanning
  • WinRM scanning and brute forcing
  • Integrating with Nessus
  • Integrating with NeXpose
  • Integrating with OpenVAS