In the previous section, we enumerated the services aggressively. Some of the Nmap scripts will check for vulnerabilities—for example, when entering the option --script=http*, Nmap, in this case, will execute all the HTTP scripts, including the ones that check for vulnerabilities, for example, http-vuln-cve2010-2861.

In reality, in an enterprise environment, we would use automatic scanners, either Nessus or Nexpose. Nowadays, these companies offer scanners on the cloud as well—for example, the Nexpose equivalent in the cloud is called InsightVM. We heavily rely on these scanners to identify the vulnerabilities in the network infrastructure. Your role is to take the results and make sure that these flaws exist—in other words, that they're not false positives.