Chapter 25. Identifying and Scanning Targets
We learned the basics of Metasploit in the Module 2, Chapter 1, Approaching a Penetration Test Using Metasploit. Let us now shift our focus to an essential aspect of every penetration test, that is, the scanning phase. One of the most critical aspects of penetration testing, the scanning phase involves identification of various software and services running on the target, hence, making it the most time consuming and the most crucial aspect of a professional penetration test. They say, and I quote, "If you know the enemy and know yourself, you need not fear the result of a hundred battles". If you want to gain access to the target by exploiting vulnerable software, the first step for you to take is to figure out if a particular version of the software is running on the target. The scanning and identification should be conducted thoroughly, so that you don't end up performing a DOS attack on the wrong version of the software.
In this chapter, we...
