which of the following would most likely result in waste coverage? This is a topic that many people are looking for. bluevelvetrestaurant.com is a channel providing useful information about learning, life, digital marketing and online courses …. it will help you have an overview and solid multi-faceted knowledge . Today, bluevelvetrestaurant.com would like to introduce to you Sparta Scanning and Enumeration in Kali Linux – YouTube. Following along are instructions in the video below:
“Is sparta and how do you use it coming up right now music. What is is sparta sparta is a python gui application. Which simplifies network infrastructure. Penetration testing by the penetration tester in the scanning and enumeration phase.
It allows the tester to save time by having a point and click access to his toolkit and by displaying all tool output in a convenient way if a little time is spent setting up command and tools more time can be spent focusing on analyzing results. So some of the features of sparta is allows you to run in map from sparta or you can import in map. Xml output. It has transparent staged in map scans this allows you to get results quickly and achieve thorough coverage.
It has configure configurable context menus for each service this allows you to configure what to run on discovered services. This means you can setup. Any tool that can be run from a terminal can be run from sparta you can run any script or tool on a service across all hosts in a scope just with the click of a mouse you can define automated tasks for service excuse me for services such as run nikto on every http service. It also allows you to run default credential tech s for most common services and this can be configured you can identify the password reuse on the tested infrastructure.
This allows you to check if any username or passwords are found by hydra and then they are stored in an internal word list. Which can then be used on other targets in the same network. It allows the ability to mark hosts that you ve already worked on so that you don t waste time. Looking at them again.
And it also allows website screenshot takers. So that you don t waste time on less interesting web services. All right so let s go ahead and jump into sparta and start playing with it so there s a few ways you can open up sparta you can go to applications in cali go to information gathering and you will find sparta under the information gathering section. You can also load it by simply typing sparta from our command.
Prompt now if you don t have it installed simply apt install sparta and it will install sparta for you so. The first thing you want to do is add a host to scan. So you can double click in the host list and add your ip or add. An ip range.
So you can scan for multiple systems. So in this instance. I have a server set up at 1 33. I m gonna add this to the scope for scanning so i ll click add to scope and as you can see sparta has started an in map scan.
Now you can see sparta going through multiple stages of in map. Scans. And once it found a http server. It automatically started a nikto scan.
And it also took a screenshot of that web server. So here are the results from the nikto scan as you can see it s going through and testing. Multiple vulnerabilities and information. Gathering techniques and here is a screenshot of the web service.
As you can see this server is running metasploit able to not only that it found a smtp server and it began to enumerate user accounts this all happened automatically and in a moment. I m going to show you how you can configure. What happens when sparta finds specific services. But in this instance you can see we found several user accounts on this system by enumerate.
The smtp server not only that it found a my sequel server and then in this instance had also found login credentials in this instance. We also found login credentials for the postgres server and let s see what else it automatically scanned for we found an ftp service and here we found some credentials for the ftp service. We also found an ftp service on 21 21. However no valid credentials were found.
But we did discover a service on this port. Which is helpful. We were not able to grab a screenshot from the x11 connection and here s the nikto results on the second web service that we found on 8180 and the screenshot from that web service shows that it is the tomcat service. So as you can see sparta does a lot for you automatically to do this by hand would take some time under the services tab you can see all the services that sparta was able to locate the first one is the ftp service.
I found an ssh service. This this box also has telenet set up we got smtp on 25 dns. So on and so forth. So here you can see all these services that were found through our in map scans now for each of these service.
You can select one and then right click. And you will see you will have options now these options will change depending on the service that you are reviewing so for example. I get different options for ssh than i do for an ftp server so depending on the service that you are looking at you will have different. Context menus and you can also add your own options into here by editing the sparta config file.
And i ll show you where that is in just a moment so let s say that we have this http server and we want to try to find additional directories on that service. We can simply select launch der buster and as you can see down here the process starts and der buster opens giving us the option to now run the der buster on the http service. So from here. You would simply select your options click start and then begin the scan and then sparta will keep track of any services or rather directories that were found and you can do this for any service.
That has these options for example on smb you can run mbt scan now over here on the left. You will have all the hosts that were in your scope in this instance. We just scanned one server. So we only have one host in this list next is the services tab.
Which will show all these services that were found for all systems in the scope. So you can see we have the hosts. Which is the ip address the port of the current service. The protocol state so on and you can see we can click through however if we had multiple systems you could see multiple listings for example this server has two web servers running so when we select http.
We will see all the hosts that are running the http service. So this will give you a good kind of overview of all the servers that are running a specific service similar on the tools tab. This will give you the option to run or review the output from specific tools that were automatically ran on specific services and again this gives you an overhead view. So you can see okay.
What are all these systems that had ftp setup and then this will allow you to browse through the results for all the hosts. So these tabs are very useful. When you re scanning multiple systems on a network. Now once you have completed your scanning in enumeration.
You can then go to file save. As and save all your results as a sparta project. File that way you can open up the results and review them at a later time without having to rescan the network also here you have a route tab. Which allows you to do any sort of group forcing or dictionary attacks on any specific services.
So as you can see here are all these services that you can attack you would simply select your service. Make your options set up either a static. Username and password or use a username and password list set the number of threads and then run the attack and then any results will be saved and that s the basics of using sparta. So now i m going to show you how you can configure sparta.
So from a command. Prompt go ahead and open up sparta. Etsy. Sparta.
Comm. For the configuration file. And then this is a configuration for file for sparta and inside. Here.
Is where you ll find all of the various configuration options each section is named so you see you have your general settings. This is for all your route settings you can see all the services. So you can add you can take services away you can customize this to exactly how you would prefer if you want to change. The staged in map.
Scans you can do so. Here. So. Maybe you want to add additional ports to the first level scan.
Well you can simply just add that here here are your tool settings so if you want to add additional tools to sparta. It s very simple to just add in new tools. And here are your in map. Scans.
Here are all the context menu options that you have available on specific services. And you can simply add in any tools that you would like to use or take them away. If you don t want them. And that is it for the sparta configuration file all right guys.
That s gonna do it for today. If you d like this video. Please give me a thumbs up. If you have not subscribed go.
Ahead click. That subscribe button and tap that bell and remember i will see you on the other side. ” ..
Thank you for watching all the articles on the topic Sparta Scanning and Enumeration in Kali Linux – YouTube. All shares of bluevelvetrestaurant.com are very good. We hope you are satisfied with the article. For any questions, please leave a comment below. Hopefully you guys support our website even more.
Try out my Python Ethical Hacker Course: https://goo.gl/EhU58t
SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analyzing results.
Run nmap from SPARTA or import nmap XML output.
Transparent staged nmap: get results quickly and achieve thorough coverage.
Configurable context menu for each service. You can configure what to run on discovered services. Any tool that can be run from a terminal, can be run from SPARTA.
You can run any script or tool on a service across all the hosts in scope, just with a click of the mouse.
Define automated tasks for services (ie. Run nikto on every HTTP service, or sslscan on every ssl service).
Default credentials check for most common services. Of course, this can also be configured to run automatically.
Identify password reuse on the tested infrastructure. If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: sysadmins reuse passwords).
Ability to mark hosts that you have already worked on so that you don t waste time looking at them again.
Website screenshot taker so that you don t waste time on less interesting web servers.
Please clone the latest version of SPARTA from github:
git clone https://github.com/secforce/sparta.git
Alternatively, download the latest zip file here.
It is recommended that Kali Linux is used as it already has most tools installed, however SPARTA would most likely also work in Debian based systems.
apt-get install python-elixir
Ubuntu 12.04+ (untested)
apt-get install python-elixir python-qt4 xsltproc
Other than these, the following tools are required for SPARTA to have its minimum functionality:
nmap (for adding hosts)
hydra (for the brute tab)
cutycapt (for screenshots)
In Kali Linux these can be installed with:
apt-get install nmap hydra cutycapt
In Kali, to ensure that you have all the tools used by SPARTA s default configuration use:
apt-get install ldap-utils rwho rsh-client x11-apps finger
sparta, sparta scanning, sparta enumeration, sparta kali, sparta penetration, sparta testing, sparta tool, sparta network, sparta linux, how to use sparta, s…