📡Active

Scanning or active enumeration is the phase where the attacker begins to “touch” the systems and possibly leaving some traces behind. however there is no way to do this without leaving any footprints behind.

The active recon chain is somehow pretty obvious, you find the target ( might have done this in the passive recon phase), trace the route to target IP or network and try to map the network as best as you can, search for open ports and services, if its a web app try using it and viewing the source code or use browser extensions that can give you some info about the technologies and apps behind it, finally move on to the next phase ( threat modeling or vulnerability assessment ).

Useful Resources

Recon Everything
payload all the things
Hacking Tricks
Nmap.org
Nmap Cookbook

Vulnerability Scanners

Although using vulnerability scanners is not usual in advanced pentesting or red team engagements, its useful to know about different vulnscanners out there

Nessus ( Commertial/Free Trial )
Nexpose ( Commertial/Free Trial )
OpenVAS (Free)
Nmap NSE scripts (Free)
Nikto (Free)
BurpSuite Scanner ( Free and commertial )
OWASP Zaproxy scanner (Free)
Acunetix ( Commertial/Free Trial )
Netsparker ( Commertial/Free Trial )

PreviousLinkedIn NextHost Discovery / Network Mapping

Last updated 5 months ago