Private Notes of Zishan Ahamed Thandar
- Identify live hosts
- Scan for open ports
- Identify services and versions
- Tools: Nmap, Masscan
- Passive Reconnaissance
- WHOIS Lookup
- Shodan
- OSINT Tools: Recon-ng, Maltego
- Active Reconnaissance
- Subdomain Enumeration
- Directory Enumeration: Dirbuster, Gobuster
- Tools: Nikto, Wappalyzer
- Identify vulnerabilities
- CVE Search
- Vulnerability Scanners: Nessus, OpenVAS
- Use exploit frameworks
- Metasploit
- Exploit-DB
- Custom Exploits
- Write or modify exploits for specific vulnerabilities.