In Chapter 4, we identified hosts on a network and a few running services, including HTTP, FTP, and SSH. Each of these protocols has its own set of tests we could perform. In this chapter, we’ll use specialized tools on the discovered services to find out as much as we can about them.

In the process, we’ll use bash to run security testing tools, parse their output, and write custom scripts to scale security testing across many URLs. We’ll fuzz with tools such as ffuf and Wfuzz, write custom security checks using the Nuclei templating system, extract personally identifiable information (PII) from the output ...