Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page

Automating VAPT and Secure Code Development

NMap Offers this (Automating VAPT) :

Scans in Nmap and their role:-

1. Intense scan: This scans top 1000 commonly used ports and then tries to find what exact service and version of that service is running in an open port. This scan also helps in detecting the type of operating system.

2. Intense scan + UDP: Normal intense scan only scans TCP ports and using this scan, we can also scan UDP ports too.

3. Intense scan all ports: Instead of scanning only the 1000 common ports, this will scan all the possible ports 0-65535 (As it scans all the ports, this scan takes a lot of time to complete).

4. Intense scan no ping: This scan is used where firewalls are placed at the target.

5. Ping scan: This scan only checks if the host is reachable or not. The scan doesn’t scan any port.

6. Quick scan: This scans lesser ports and does no service version detection. It is faster than intense scan but can be a bit unreliable.

7. Quick scan plus: It scans fewer ports (same as the quick scan) but does version detection. The scan is much more aggressive and hence can put a little stress on the network and be a bit unreliable.

8. Regular scan: Runs Nmap with default options i.e. simple port scanning and no service version detection.

9. Slow comprehensive scan: It is an extremely slow scan that does deep level scanning with the highest accuracy and least stress on the network.

PreviousJoomla CMSNextinformation gathering

Last updated 1 year ago