๐ก CEH Module 3: Scanning & Enumeration – Uncovering Open Doors in Networks
๐ก CEH Module 3: Scanning & Enumeration – Uncovering Open Doors in Networks
Welcome to Module 3 of the Certified Ethical Hacking (CEH) course — Scanning and Enumeration.
After gathering information in the Footprinting phase, it’s time to take it a step further: we now interact with the target system to find live hosts, open ports, and running services.
Let’s explore how hackers and security professionals detect what’s vulnerable before launching a real attack.
๐ What is Scanning?
Scanning involves using tools to actively probe the target system or network for open ports, services, and systems.
Three types of scanning:
-
Port Scanning – Detect open ports.
-
Network Scanning – Identify active devices and IPs.
-
Vulnerability Scanning – Find security loopholes or misconfigurations.
view
๐งฉ What is Enumeration?
Enumeration digs deeper. After identifying live systems, it retrieves specific data like:
-
Usernames
-
Network shares
-
System details
-
Active Directory data
It’s like opening the doors we found during scanning and checking what’s inside.
๐ ️ Essential Tools, Commands, and Websites
Let’s look at tools and their purpose in Scanning & Enumeration.
๐งช 1. Nmap – Network Mapper
๐น Command:
๐น Scan all ports:
๐น Website:
๐ https://nmap.org
๐น Purpose:
Detects open ports, services, and OS type. Also supports scripts for vulnerability detection.
๐ 2. Netdiscover – Live Host Finder
๐น Command:
๐น Purpose:
Detects live devices in a local network via ARP requests.
๐ 3. Nikto – Web Server Scanner
๐น Command:
๐น Website:
๐ https://cirt.net/Nikto2
๐น Purpose:
Scans for vulnerabilities in web servers such as outdated software, dangerous files, and misconfigurations.
⚙️ 4. Netcat – The Swiss Army Knife of Networking
๐น Command:
๐น Purpose:
Check if a port is open, send raw data, or even create reverse shells.
๐ก 5. Enum4linux – SMB Enumeration Tool
๐น Command:
๐น Purpose:
Enumerates Windows users, shares, group memberships, and more via SMB.
๐งฌ 6. Hping3 – Advanced TCP/IP Packet Tool
๐น Command:
๐น Purpose:
Performs stealth port scanning and firewall testing.
๐ 7. OpenVAS – Vulnerability Assessment System
๐น Website:
๐ https://www.greenbone.net/en/
๐น Purpose:
Powerful vulnerability scanner for scanning networks and identifying weaknesses.
๐ง 8. Xprobe2 – OS Fingerprinting Tool
๐น Command:
๐น Purpose:
Performs active OS fingerprinting to identify the operating system of a remote host.
๐ Quick Table Summary
| Tool | Function | Command Example |
|---|---|---|
| Nmap | Port/OS detection | nmap -sS -Pn example.com |
| Netdiscover | Live host discovery | netdiscover -r 192.168.1.0/24 |
| Nikto | Web server vulnerability scan | nikto -h http://example.com |
| Netcat | Manual port check & shell | nc -nv example.com 80 |
| Enum4linux | SMB enumeration on Windows | enum4linux -a 192.168.1.5 |
| Hping3 | Stealth scan / firewall testing | hping3 -S -p 80 -c 3 example.com |
| OpenVAS | Network vulnerability scanning | Web-based tool |
| Xprobe2 | OS fingerprinting | xprobe2 -v 192.168.1.10 |
⚠️ Legal Note
๐จ Use these tools only on systems you are authorized to scan. Unauthorized scanning is illegal and unethical.
๐ Conclusion
The Scanning and Enumeration phase is all about finding weaknesses before they’re exploited. As an ethical hacker, mastering this step helps you strengthen systems, audit networks, and report vulnerabilities responsibly.
๐ Next Module
In Module 4, we’ll dive into System Hacking, where we explore password cracking, privilege escalation, and backdoors.
๐ Stay Connected with Us
Looking for exciting tech content, ethical hacking guides, and helpful tools?
Make sure you’re following us everywhere!
๐บ YouTube Channel:
TechFusionPro09
๐ฅ Tutorials, Tips & Tech Insights — Subscribe Now!
๐ธ Instagram:
@blackops404
๐ฅ Behind-the-scenes content, updates, and community vibes!
๐ Official Website:
mannutanwar.odoo.com
๐ Explore all our blogs, tools, and free courses in one place.
Comments
Post a Comment