Information Gathering

⭐ Vulnerability Assessment - Recon & Enumeration ⭐ Web Application VAPT: Find out the Technologies, frameworks, frontend servers, programming languages used, CMS, Server name, Operating System, Mechanisms used in that site, Crawling endpoints, API used in it, find subdomains, scan for open ports on that website, and many. Commonly used tools: Burpsuite, Nmap, wappalyzer, Acunetix, Nikto, OWASP Zap, and many. Network Infrastructure VAPT: Find all live hosts in a network, scan for open ports, and find vulnerable or outdated services running in each and every port. Scan using different Protocols like TCP, UDP, SYN, ACK, FIN, remember always check UDP ports where many VOIP devices, VPN are get connected. Commonly used tools: Nessus, Nmap, Sparta, Metasploit, and many.

⭐ Common Steps carried out during Security Assessments ⭐ 1) Find open ports Commonly used Tools: Nmap, Zenmap, masscan, RustScan, and many. 2) Find services running on that port - by performing enumerations (use this link) 3) If the service and its exact version found (check for existing CVE exploits for that service's version or check for new exploits) Places to check CVE details: 1) CVEdetails 2) CVE Mitre 3) National Vulnerability Database Places to get Exploits for Existing CVE's: Note: Cant give assurance for getting all exploits for all CVE's. If security researchers released their CVE exploits in public we can use that. Below are some sites where you can find public exploits: 1) Exploit-DB & SearchSploit 2) Packet Storm Security 3) Oday Today 4) CXSECURITY 5) Vulnerability Lab 6) SecurityFocus 7) CVEdetails 8) SecuriTeam & Many. Below are some Google Dorks to find publicly exploits using Google Search Engine: site:*.* intext:"CVE-2019-1234" "exploit" "poc" (Replace your CVE ID which you want to search)