Service enumeration

As I mentioned earlier, the application will enumerate the HTTP and FTP services after running the Nmap TCP scan (if the ports are open):

For FTP enumeration using Nmap, use the following:

nmap_ftp_tool_name = 'NMAP FTP Enum'

def execute_nmap_ftp_enum(ip_address, port_number):
 command = "nmap -sV -p %s --script=ftp* %s" % (port_number, ip_address)
 return execute_cmd (nmap_ftp_tool_name, command)

For HTTP, I used Nmap for script scanning and gobuster to find hidden URLs:

nmap_tool_name = 'NMAP HTTP Enum'
crawler_tool_name = 'Gobuster'

# Description: Execute an Nmap HTTP enum command
# Return: The output after command execution
def execute_nmap_http_enum(ip_address, port_number):
    command = "nmap -sV -p %s --script=http-enum,http-vuln*  %s" % (port_number, ip_address)
    return execute_cmd (nmap_tool_name, command)

# Description: Execute an HTTP browsing enum command
# Return: The output after command execution
def execute_directories_http_enum(ip_address, port_number):
    command = "gobuster -u http://%s:%s -w /usr/share/wordlists/dirb/common.txt -s '200,204,301,302,307,403,500' -e" % (
        ip_address, port_number)
    return execute_cmd (crawler_tool_name, command)

Table of Contents for Service enumeration

Create new playlist

Sign In

Sign Up

Table of Contents for
Service enumeration