+ Use datasploit equally a Recon framework
+ Run spider web scanners
+ Check for SMB vulnerabilities
We don't desire to run smb-brute or smb-flood because they mightiness lock out accounts or drive a DoS to the services
https://github.com/DataSploit/datasploit
+ Run spider web scanners
dirb http{s}://<ip_address>:<port> /usr/share/wordlist/dirb/{common/small/vulns}.txt gobuster -u http://10.11.1.71/ -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e gobuster -u http://10.11.1.71/ -w /usr/share/seclists/Discovery/Web_Content/cgis.txt -s '200,204,301,302,307,403,500' -e gobuster -u http://10.11.1.71/ -w /usr/share/seclists/Discovery/Web_Content/cgis.txt -s '200,204,403,500' -e nikto -port {web ports} -host <ip_address> -o <output file.txt>Use /usr/share/seclists/Discovery for around proficient give-and-take lists
+ Check for SMB vulnerabilities
We don't desire to run smb-brute or smb-flood because they mightiness lock out accounts or drive a DoS to the services
nmap -p139,445 -T4 -oN smb_vulns.txt -Pn --script non fauna too non dos too smb-* -vv -d 10.11.1.1-254
