SPARTA is a GUI network infrastructure penetration testing tool, authored by SECFORCE's Antonio Quina and Leonidas Stavliotis, and is available within Kali Linux. SPARTA automates the scanning, enumeration, and vulnerability assessment processes within one tool. Apart from its scanning and enumeration capabilities, SPARTA also has a built-in brute-force tool for cracking passwords.

To start SPARTA within Kali Linux 2018, click on Applications, then Vulnerability Analysis, then select SPARTA.

In the SPARTA 1.0.3 GUI, click on the left pane to add your host or hosts to the scope. This can also be done by clicking on File, then Add host(s) to scope, as shown here:

Once hosts are added, Nmap host discovery and staged Nmap scans are run against the targets, as these options were selected in the previous screenshot. The following screenshot shows the scans in progress:

Once the Nmap scan is complete, SPARTA provides several tabs in the main window, such as Services, Scripts, Information, Notes, Nikto, and Screenshot tabs, all with very useful information.

By default, we are first presented with a list of open ports and services under the Services tab, as shown here:

Clicking on the Information tab displays host information gathered, including IP information; number of ports open, closed, and filtered (if any); as well as the operating system and version with an accuracy rating:

With the target in this case being a Linux web server, the Nikto web scanning tool was also run as part of the process. Clicking the nikto (80/tcp) tab reveals a list of vulnerabilities found:

Many of the vulnerabilities found have the prefix OSVBD, which indicates that they can be searched for in databases such as the Common Vulnerabilites and Exposures (CVE) and Open Source Vulnerabilities Database (OSVDB) websites. A penetration tester could, for example, use a simple Google search for OSVDB-3268, which was revealed as a present vulnerability by SPARTA in the previous scan, to find more information about this vulnerability. They could then exploit this via various tools, such as Metasploit, as discussed in the following chapters of this book.

Looking at another Windows machine included in the scan (10.10.22.217), clicking on the Services tab reveals several open ports, as seen in the following screenshot:

As a Windows machine was detected, the smbenum tool was run by SPARTA to enumerate the Windows machine to check for NULL sessions and perform enumeration tasks, including a search for users and shares, as shown here:

SPARTA takes the scanning, enumeration, and vulnerability assessment another step further by allowing the penetration tester to actually perform various network penetration testing functions. In the Services tab, we can right-click on any of the open ports to perform these tasks.

In the following screenshot, right-clicking on open port 3306 presents options to attempt opening the port with Telnet, Netcat, or with a MySQL client (as root). There is also an option to Send to Brute to attempt to crack passwords by brute force:

Clicking on Send to Brute attempts a brute-force attack via the selected port using the THC Hydra password cracking tool. Username and password lists can also be used in the attempt, along with various options to try a blank password, try the login as a password, and others. After specifying your options, click on Run to attempt the attack:

These are by no means the only tools available in Sparta. For example, right-clicking on open port 445 on a Windows machine displays many more options available to the penetration tester, as seen here: