Additional Scanning Tools

Nessus

Vulnerability Scanner. We use it quite frequently when we are working as a penetration tester. Let's say that we are doing an external assessment. Chances are that you are going to use Nessus in that assessment.

We sent emails that hey the scans are about to start.
While those scan runs (they takes some time) we can do our information gathering, look for the breached credentials.

Then we are gonna come back later on and see the scan results. Same thing with the internal assessment.

`Masscan`

To scan the entire Internet really fast. Options are quite similar to Nmap. So, its a really fast port scanner.

masscan -p1-65535 192.168.57.134

`msfconsole`

Metasploit can also be used for scanning. It's Slow.

<aside> 💡 Let's say we are in the victim machine through a shell. What we usually do is we download Nmap or any other tool in the victim machine then run port scan which is a lot of task to do. But we can run Metasploit through the shell that we have on the victim machine. So, we can run port scan through that shell already. That makes life a lot easier.

</aside>

search portscan
use 4

We choose the SYN scan it's like a Stealth scan of Nmap.

options
set RHOSTS 192.168.57.134
set PORTS 1-65535
run