Identifying the external network infrastructure
Once the tester's identity is protected, identifying the devices on the internet-accessible portion of the network is the next critical first step in scanning a network.
Attackers and penetration testers use this information to do the following:
- Identify devices that may confuse (load balancers) or eliminate (firewalls and packet inspection devices) test results
- Identify devices with known vulnerabilities
- Identify the requirement for continuing to implement stealthy scans
- Gain an understanding of the target's focus on secure architecture and on security in general
traceroute provides basic information on packet filtering abilities; some other applications on Kali include the following:
Application | Description |
| Uses two DNS and HTTP-based techniques to detect load balancers (shown in the following screenshot) |
| Identifies universal plug-and-play and UPNP devices |
| Detects devices and determines the operating systems and their version |
Shodan | Web... |
