Information Gathering is a very important step before starting penetration testing. Mostly, Pen Testers begin their work by collecting information and this requires a lot of patience and effort. The information Gathering category has many tools that work differently, but the sole purpose is to gather information. The major tools are MSFConsole, dnsenum, dnmap, dnsmap, DNSRecon, dnswalk, dnstracer, Miranda, Fierce, Firewalk, SPARTA, hping3, iSMTP, Maltego Teeth, masscan, Faraday, DMitry, nbtstat nbtscan, Nikto, Nmap, Ghost Phisher, theHarvester, and many more. In this article, we will only study the tool Sparta.
Vulnerability Analysis: You can perform vulnerability analysis with lots of tools available in Kali Linux. This category has a few subcategories such as Cisco tools, stress testing, fuzzing tools, and others. The major tools are Sparta, BED, BBQSQL, cisco-global- exploiter, cisco-auditing-tool, cisco-ocs, cisco-torch, copy-router-config, DBPwAudit, jSQL Injection, Nmap, Oscanner, openvas, Powerfuzzer, sfuzz, SidGuesser, SIPArmyKnife, sqlmap, Sqlninja, sqlsus, THC-IPV6, Yersini, and many more.
Sparta: Sparta is a python GUI application that automates scanning, vulnerability assessment, and information gathering. It allows the tester to save a lot of time by having quick and direct access to their toolkit, and it can display the output of various tools in a very easy way.
Installing Sparta: You don’t have to install Sparta in Kali Linux as Sparta is pre-installed in most versions of Kali Linux. If you are using the Light version of Kali then install Sparta by following the below command.
apt-get update && apt-get install sparta python-requests
After the complete execution of the above command, you can start the Sparta tool from any terminal with the “Sparta” command. If you are using Kali Linux 2020.1 or up. Then instead of Sparta, Kali Linux comes with the Legion, fork version of Sparta with improved features. We will learn about Legion in another article.
Scan Networks and Web Apps with Sparta: Sparta can be used to scan a range of IP addresses on a network and website domain names. Once you know the range of IP addresses on the network or about the web app you want to check, click on the “Click here to add a host(s) to scope” option available under the “Scan” tab. If you want to scan a web app instead, enter its URL or IP address. Hit the “Add to Scope” option when ready to scan.
Analyze the Results: Once the scanning of a web app is done, you can see various services reported within seconds of the scan. The thing to notice in this web app is that SSH service is on port 22222. There is very little chance that the administrator changed the default SSH port from 22. This attempt of hiding the SSH service is called “security through obscurity” and is considered a bad security practice. The administrator believes that changing the port number to something non-standard will make it harder for the hackers or attackers to find the service. As we can now understand that this is not true — Sparta still detected the SSH service in its scanning.
If you want to perform more actions, simply right-click on the service. You’ll have a list of options in front of you to perform.
- Send to Brute
- Grab banner
- Mark as checked
- Open with telnet
- Run nikto
- Open with netcat
- Launch dirbuster
- Open in browser
- Take screenshot
- Run whatweb
- Run nmap (scripts) on port
- Launch webslayer
- Open with ssh client (as root)
Saving Your Sparta Progress: In Sparta, click “File” in the menu bar, then “Save As.” Select a save location, name it, and click “Save”. The saved results can be re-opened in Sparta whenever you want to.