During a penetration test, you perform an initial port scan using Nmap against the target web server. The scan results show that ports 80 (http) and 443 (https) are open. To expedite the testing process, which script should be executed next to further examine these services and look for potential vulnerabilities, while maintaining a degree of stealth?
Launch a brute force attack on the SSH service using Hydra to identify weak credentials that may be used to access the system.
Execute an aggressive Nessus vulnerability scan on the entire target network to identify all potential vulnerabilities regardless of service.
Use the sqlmap tool to automatically attempt SQL injection attacks on the web server's database services.
Run the Nmap script engine (NSE) with the http-enum script to locate directories that might reveal the web server's configuration and content.
The correct option automates testing for common vulnerabilities on web servers after an initial port scan shows that web services are available. The script provided by Nmap for http-enum can be used to enumerate potential files and directories on the web server, which is a logical next step when ports 80 and 443 are open. The incorrect options either are not designed for analyzing web vulnerabilities directly (such as a DNS enumeration script or a brute force attack script on an SSH service), or they do not maintain a degree of stealth (like launching a full-scale aggressive vulnerability scan which can be noisy and alert a network's intrusion detection systems).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Nmap and how does it work?
Open an interactive chat with Bash
What are Nmap scripts and what is the NSE?
Open an interactive chat with Bash
Why is the http-enum script preferred for stealth during a penetration test?