Ditching PTF for Kali Light

After using the Penetration Testing Framework for several months I have decided to part ways with the platform. The primary reason is that it requires enabling updates from the unstable repository. Something that has made me uneasy for quite awhile and to the point that I’ve decided it is no good for production. Instead, for systems where I don’t want the full suite of Kali tools I have decided to go with Kali Light, which has just the basics installed. From there you can add what you want and keep everything tight and easy to maintain.




Nmap Scripting

Did you know that Nmap has a scripting language and can do things such as enumerating details on WordPress sites like usernames and installed plugins, check for vulnerabilities or do brute forcing? On the Security Weekly podcast episode 457 they brought up Nmap scripting and the fact that a ton of scripts come included with Nmap. I had no clue. On OSX the scripts directory for Nmap is located here /usr/local/share/nmap/scripts If you use another OS just do a search for *.nse and you will find the scripts directory.

Nmap script usage:

nmap --script <script name> <target>

Example of a script that enumerates visible folders and files on a web server:

nmap --script http-enum google.com