Footprinting and Scanning | eJPT

Mapping Network

Understanding the landscape through network mapping is a crucial phase in the eLearnSecurity Junior Penetration Tester (eJPT) certification.

Wireshark

Dive into network traffic analysis with:

sudo wireshark # Launch Wireshark for detailed network traffic analysis

ARP Scan

Identify hosts on the network using:

sudo arp-scan -I eth0 -g 10.0.2.15/24 # Perform ARP scan to discover hosts

Ping Hosts

Confirm the availability of a host:

ping 10.0.2.15 # Ping a host to check for its availability

Fping Network

Ping all hosts within the netmask:

fping -I -g 10.0.2.0/24 # Ping all hosts within the specified netmask

Port Scanning

Efficient port scanning is a fundamental skill for penetration testers.

Nmap Scan

Scan hosts for open ports:

sudo nmap -sn 10.0.2.0/24 # Perform a quick scan to identify live hosts

Nmap Scan from List

Scan open ports for hosts listed in a file:

sudo nmap -iL IPs.txt # Perform port scanning for hosts listed in the file IPs.txt

Service and OS Detection

Enhance your scan with service and OS detection:

sudo nmap -iL IPs.txt -sV -O # Conduct an in-depth scan with service and OS detection

TFTP Connection

Connect to FTP if it's open:

tftp 10.10.10.10 -p 143 # Connect to FTP server using TFTP protocol

Aggressive UDP Scan

Run an aggressive scan with basic scripts:

nmap 10.10.10.10 -T4 -sU -p 161 -A # Perform an aggressive UDP scan with detailed information

Explore these commands to master the art of footprinting and scanning, an integral part of the eJPT certification.

Check out: Vulnerability Assessment | eJPT