Netdiscover

Determine the devices on a network range.

netdeiscover -r 10.0.2.0/24 (Scans a /24 subnet of 10.0.2.0)

NMAP

NMAP to determine the services on a host.

nmap x.x.x.x -sV -O -PN

NIKTO

Scan for vulnerable server packages.

nikto -h x.x.x.x

DIRB

Use dirb to essentially brute force the directories that are accessible from a website.

dirb http://x.x.x.x/

Dirb has a built in word that is used to find directories.

Searchsploit

Look a the services found from previous searches, then determine what exploits may exist if you do not already know of any.

searchsploit wordpress (| grep pdf) Add a grep command on to filter the returned results.

Sniffing

Sniffing should not be done from the hacking machine – As, it will just detect it’s own traffic.

Dirb

Dirb is a great tool for finding hidden information within websites. It has features such as enumeration to scan through multiple directories and can generate a wordlist from a website before attempting to find directories with similar names.

Here’s a few commands:

dirb http://url.com/directory/(optional) /usr/share/wordlists/dirb/big.txt

dirb http://url.com/directory/(optional) (Will scan using the common wordlist)