As all of you know, reconnaissance is critical to being successful in a Penetration Testing or hack. Recon is where we gather all the information we need to determine the best strategy for Hacking. Without good recon, we are likely to waste many hours and be unsuccessful. Professional hackers know that good recon is key to success.
In Codec Networks Blog, I’d like to demonstrate another recon/enumeration tool named Sparta a Python Script that integrates several recons and enumeration tools into a single, simple to use GUI.
Sparta is built into Kali 2.0, but if you don’t have it, you can get it from the Kali repo by typing:
kali> apt-get install Sparta
Step 1:>Open Kali Linux Machine.
The first step is to fire up kali. In this case, I will be using Kali 2.0 as Sparta is already built in. Go to Applications -> Information Gathering -> Sparta.
When you click on it, a GUI like that below will open.
Step 2:> Add the Hosts.
To get started with Sparta, we need to provide it with hosts to scan and enumerate. If we click on the space that says “Click here to add a host(s) to scope,” it opens a window where we can add the IP addresses or the range of IP addresses to scan. We are also able to use CIDR notation to indicate an entire subnet such as 192.168.181.0/24.
After adding our IP host range in the Window, click “Add to scope.” Sparta will start scanning your hosts now.
STEP 3:>Sparta Results
When Sparta is done scanning, it will provide you results like that below. My subnet had only two machines on it. As you can see, Sparta identified those two IP addresses and provided OS fingerprinting, identifying one as Linux and one as Windows. When I highlight the Windows system IP, it provides details of all the ports it found open and the services running.
STEP 4:>More information Gathering
If we go the “Information” tab, we can get more detailed information on the particular highlighted system. Notice at the bottom of this screen that we get more specific information on the operating system of the target.
Interestingly, Sparta also runs a Nikto scan on the system if it finds port 80 open. We can click on the “Nikto” tab to see results of the Nikto web app vulnerability scan.
STEP 5:>Integrated tools in Sparta.
One of the beauties of Sparta is that it integrates so many tools into this one single GUI. When we click on the “Tools” tab, Sparta displays numerous tools that we can apply to this target system including:
- Mysql-default
- Nikto
- SNMP-enum
- Smtp-enum-vrfy
- SNMP-default
- SNMP-check
Step 6:>Brute Force Attack Option.
Sparta can also brute-force passwords. Using Hydra, you can specify the IP, port, and service, then brute-force it.
For those who want a single scanning and enumeration tool with an easy-to-use GUI, Sparta is the perfect reconnaissance tool.
And it is best on the market right now. And you can also explore more additional Features of Sparta.
Codec Networks is a leading Information Security Service provider in a B2B domain which uses Penetration testing for The Web, Networking and Application Security Testing. SQLMAP is extensively used by Web Application Security Specialists in Codec Networks as a part of deep Penetration Testing.
we also provide a Professional IT Training platform where young collegiate and Entry level executives are being groomed with latest practical tools and deep Cyber Security expertise and knowledge to get groomed at par with our Industry professionals.