In this chapter, we will be discussing an overview and the techniques of scanning. If we recall from Chapter 2, Understanding the Phases of Pentesting Process, scanning is the second phase of hacking. What is scanning? It enables a penetration tester to identify devices that are online/live within a network, and identify open and closed services ports, service versions, and vulnerabilities; these are just a few of its benefits. Nmap and hping3 are a couple of well-known scanning tools.
Furthermore, penetration testers usually need to extract information to quickly identify the attack points on a target system. Information can be network shares, routing tables from devices, users and groups, and DNS records. This way of extracting information is known as enumeration. A couple of powerful and simple-to-use tools for enumeration are nbtstat...