Chapter 2. Information Gathering and Scanning

In this chapter, we will cover:

  • Passive information gathering
  • Port scanning – the Nmap way
  • Port scanning – the DNmap way
  • Using keimpx – an SMB credential scanner
  • Detecting SSH versions with the SSH version scanner
  • FTP scanning
  • SNMP sweeping
  • Vulnerability scanning with Nessus
  • Scanning with NeXpose
  • Working with OpenVAS – a vulnerability scanner


Information gathering is the first basic step toward penetration testing. This step is carried out in order to find out as much information about the target machine as possible. The more information we have, the better our chances will be of exploiting the target. During the information gathering phase, our main focus is to collect facts about the target machine, ...

Get Metasploit Penetration Testing Cookbook - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.