This is the most important step of penetration testing methodology; as I previously said, we spent nearly 70% of our time collecting information and 30% of our time targeting the target during penetration testing. Let’s start with vulnerability scanning since we’ve already covered how to port scan and enumerate. There are a variety of resources available on the internet that hackers and pen testers use to conduct vulnerability scans on the target; some are free and others are commercially available. You may click for more info
Tenable’s Nessus is a versatile free vulnerability scanner. Nessus may be used for any form of penetration testing, including black box testing, white box testing, and grey boxing. Nessus will search for vulnerabilities in Microsoft Windows, Linux machines, Macintosh computers, and even Cisco routers. A single host or even a subnet may be scanned. The report will be produced in XML, NBE, or PDF format.
What should I do now that I have a goal to pen test, that I have gathered information from search engines, that I have done port scanning with Nmap, and that I have done vulnerability scanning with Nessus? Here’s how it works: based on the Nessus report, I’d look for the security holes Nessus discovered in the target. For example, let’s say my Nessus report says the web server running on the target ip address has a high-level vulnerability. The version and hole of the web server, as well as the form of server running, can be seen in a Nessus article. I discovered that the Web server is IIS, which runs on port 80 and is version 5, and that there are several bugs in IIS 5.0 that I will not discuss here.
Now that I’ve identified the bugs I’d like to exploit, I can finish my testing on the target (be aware that your limitation for testing would be mentioned in SLA). It’s time to exploit, and depending on your pen testing abilities, you can write your own exploit or look for good exploits that are readily available, but this does not always work for you because we need zero days to successfully complete the pen test.