Vulnerability Scanning


Determine the devices on a network range.

netdeiscover -r (Scans a /24 subnet of


NMAP to determine the services on a host.

nmap x.x.x.x -sV -O -PN


Scan for vulnerable server packages.

nikto -h x.x.x.x


Use dirb to essentially brute force the directories that are accessible from a website.

dirb http://x.x.x.x/

Dirb has a built in word that is used to find directories.


Look a the services found from previous searches, then determine what exploits may exist if you do not already know of any.

searchsploit wordpress (| grep pdf) Add a grep command on to filter the returned results.


Sniffing should not be done from the hacking machine – As, it will just detect it’s own traffic.


Dirb is a great tool for finding hidden information within websites. It has features such as enumeration to scan through multiple directories and can generate a wordlist from a website before attempting to find directories with similar names.

Here’s a few commands:

dirb /usr/share/wordlists/dirb/big.txt

dirb (Will scan using the common wordlist)