Scanning tools

Scanning Tools

A pen tester scans the target machine in order to find the weakness in the systems. The two major activities of the scanning phase are port scanning and vulnerability scanning.

Port scanning helps to identify a list of opened ports in the target and based on the list of ports you can determine what types of services are running in the system.

The second step in scanning is to run a vulnerability scan to identify specific weakness in the software and services running in the servers.

At the end of port scan you will have the following information:

• Number and type of opened ports
• Type of services running in the servers
• Vulnerabilities of the services and software

10. Nmap

If you have doubt about which tool to use for scanning, use Nmap. This tool creates a complete list of opened ports in your target. You can use is both in Windows and Linux environment. The graphical interface for Windows is called Zenmap, which you can run without learning any command. But, for greater control and granularity for the output, you need to learn the commands.

11. Nessus

Once you find the list of open ports, the next step is start looking for vulnerability in the servers. One of the efficient tools to vulnerability scan is Nessus. Remember that Nessus is not a free tool.

12. Nexpose: if you are looking for a free vulnerability scanner, you can use nexpose community edition from rapid7.

At the end of this phase you have information about IP addresses of target,open ports,vulnerability in system,services running on system,OS running on target system and the list goes on.
The next step is to take control over the Target system by exploiting the vulnerability in target system,that is done in exploitation phase.