Free CompTIA PenTest+ PT0-002 Practice Question
During a penetration test, you perform an initial port scan using Nmap against the target web server. The scan results show that ports 80 (http) and 443 (https) are open. To expedite the testing process, which script should be executed next to further examine these services and look for potential vulnerabilities, while maintaining a degree of stealth?
Run the Nmap script engine (NSE) with the http-enum script to locate directories that might reveal the web server's configuration and content.
Launch a brute force attack on the SSH service using Hydra to identify weak credentials that may be used to access the system.
Execute an aggressive Nessus vulnerability scan on the entire target network to identify all potential vulnerabilities regardless of service.
Use the sqlmap tool to automatically attempt SQL injection attacks on the web server's database services.
