# Information Gathering & Enumeration

Steps:- #1Identify ip address 

\#2Begin a nmap scan with the sV,sC and O arguments and save it using oX in a xml format so that you can import it in msfconsole 

\#3 Enumerate open services found using Nmap 

\#4 Enumerate information regarding vulnerable services and groups,usernames,web servers,wampp servers

\#1) IDENTIFY IP ADDRESS:-

\-->\*Can be given in the target file

 \-->*Can be the next ip address of your current ip address* 

*-->* cat /etc/host is the command to show all the host on the device

\#2) NMAP SCAN:- Use argumets:- -sV=Service detection

                                                                   -sC=Basic nmap script 

                                                                    -O= OS detection 

                                                                     -oX= output into an xml file 

                                                                     -T1,2,3,4,5=speed of the scan 

                                                                      -Pn=Begin scan without pinging the host

\#3) Open ports:- There can be multiple ports open on the website which can be vulnerable or can help you out with some information 

<figure><img src="https://2323754756-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqOzKV4VHdQXzOvQKF5XH%2Fuploads%2F9grzJzjqO113R3bgKQ4M%2Fimage.png?alt=media&#x26;token=d4833911-9e4b-4c34-8500-1f0e5d1b74c1" alt="" width="563"><figcaption><p>This are the open ports and their default services that they run on</p></figcaption></figure>

NOTE:-services can be also be configured to run on different ports rather  than default ports

\#4) Enumerate services:- Use different nmap scripts or msf modules to enumerate as much as possible information about the target which can help us in our further exploitation phase

&#x20;  what type of information to gather:- -DNS records

&#x20;                                                                      -smb shares,usernames

&#x20;                                                                      -OS of the target

&#x20;                                                                       -services running on the system and their versions

&#x20;                                                                       -check whether the system is using firewall or any ids devices                  &#x20;