June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Active information gathering – services enumeration
This phase is all about identifying the live hosts and the services running on those hosts. Remember, in this phase, we're still gathering information to use in order to understand our target. Some people in enterprise environments just skip this test and go straight to the vulnerability assessment by executing fancy scanners, such as Nessus or Nexpose. I don't like this approach myself, unless you're on a low budget for your tests (it's better than nothing).
This phase has four steps:
- Getting IP addresses/ranges from your client or employer (if it's an internal project, the project manager will help with this matter)
- Identifying live hosts
- Listing the open ports/services on each host