In earlier posts, I demonstrated various tools for active fingerprinting such as port scanning, banner grabbing, and operating system identification. In this post, I discuss SPARTA, a python application that integrates a variety of footprinting tools into a single, easy to use GUI. This “Swiss Army Knife” of intelligence gathering includes Nmap, Hydra, Nikto, CutyCapt, ftp-default, mysql-default, postgres-default, smpt-enum-enum, and xllscreen. Plus you can include your own:
Hydra very fast network logon cracker which support many different services (See https://www.thc.org/thc-hydra/). It is used for ftp-default, mysql-default, postgres-default, and brute force footprinting.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated (See https://cirt.net/Nikto2).
CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP. See IECapt for a similar tool based on Internet Explorer (See https://github.com/hoehrmann/CutyCapt).
ftp-default, mysql-default, and postgres-default
Check for default login credentials.
smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail). Enumeration is performed by inspecting the responses to VRFY, EXPN and RCPT TO commands (See http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum).
About the Author
David Zwickl, MSci., CISSP, CEH, has spent over 20 years in information assurance and cybersecurity for companies such as RSA Security and Cisco Systems in a variety of roles. Dave holds a Master’s degree in Information Assurance with a Cybersecurity Specialization from Regis University in Denver Colorado. Regis University’s School of Computer & Information Sciences, designated as a National Center of Excellence in Information Systems Security Education (CAE/IAE) by the National Security Agency (NSA) and the Department of Homeland Security (DHS). Dave is active in industry associations ISSA, OWASP, CSA, among others.