Determine the devices on a network range.
netdeiscover -r 10.0.2.0/24 (Scans a /24 subnet of 10.0.2.0)
NMAP to determine the services on a host.
nmap x.x.x.x -sV -O -PN
Scan for vulnerable server packages.
nikto -h x.x.x.x
Use dirb to essentially brute force the directories that are accessible from a website.
Dirb has a built in word that is used to find directories.
Look a the services found from previous searches, then determine what exploits may exist if you do not already know of any.
searchsploit wordpress (| grep pdf) Add a grep command on to filter the returned results.
Sniffing should not be done from the hacking machine – As, it will just detect it’s own traffic.
Dirb is a great tool for finding hidden information within websites. It has features such as enumeration to scan through multiple directories and can generate a wordlist from a website before attempting to find directories with similar names.
Here’s a few commands:
dirb http://url.com/directory/(optional) /usr/share/wordlists/dirb/big.txt
dirb http://url.com/directory/(optional) (Will scan using the common wordlist)