This module focuses on scanning and enumeration on kioptrix

Scanning

ping <anything>: then look for the from ip (done on the machine itself)

arp-scan -l: net discovering

netdiscover -r <network>: net discovering, e.g. netdiscover -r 192.168.57.0/24

Nmap

nmap -T4 -p- -A 192.168.57.5

Of course it is important to look at the --help

-T4: speed

-p-: scan all port

• <not mentionned>: scan the most 10 000 common
• -p <port>: scan specific port

-A: Everything (version, fingerprint, etc)

-sn: ping scan

-Su: UDP scan

-O: OS detection (contains in -A)

Enumerate

Notes about kioptrix

nickto: tool for web vulnerabilities, often block on secured websites, use : nikto -h <url>

<aside> 📗 note on report what is outdated

</aside>