Tool Tuesday – nmap
One tool which should be installed on every pentester PC is nmap. This command line tool is the Swiss army knive for penetration tests on network level, but also used regularly by system administrators.
nmap scans one or more target systems for open ports. Such ports are used to offer services running on the computer to users on the network.
In a network or system level pentest, nmap often finds ports which are not necessary for a productive environment with end users. If the software running behind such ports is poorly configured or outdated, vulnerabilities potentially can be exploited.
Generally, the attack surface of every server should be kept as small as possible. Only services which are actually required to be reachable from the outside should be exposed – for a web application this means only ports for HTTP: 80 and 443.
Do you want us to check the attack surface of your servers? Please feel free to contact us!
Recent posts
mgm sp @ Dresden
Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!
mgm sp @ Heise DevSec
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.
Pentest FAQ – #7 and #8 – What is a penetration test? And what is it not?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: : Questions #7 and #8 – What is a penetration test? And what is it not?
The Big Application Security Penetration Testing FAQ for Clients
Have you ever wondered what a pentest is exactly or how such a test works? Our Big Application Security Penetration Test FAQ for clients answers these questions and much more.
mgm sp @ Munich
Our head office is located in the heart of Bavaria, since the time of SecureNet. Come have a look!
