Breaking

SPACE FOR ADS

Sunday, 28 January 2018

SPARTA - Network Penetration Testing Kali Linux





SPARTA is a python GUI application that simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to their toolkit and by displaying all tool output in a convenient way. If less time is spent setting up commands and tools, more time can be spent focusing on analysing results.
Source: http://sparta.secforce.com/
SPARTA Homepage | Kali sparta Repo
  • Author: SECFORCE (Antonio Quina and Leonidas Stavliotis)
  • License: GPLv3 
Best thing of SPARTA GUI  Toolkit it scans detects the service running on the target port.
Also, it provides Bruteforce attack for scanned open ports and services as a part of enumeration phase.


Installation

 git clone https://github.com/secforce/sparta.git


 Alternatively, download the latest zip file here.

cd /usr/share/
git clone https://github.com/secforce/sparta.git

Place the "sparta" file in /usr/bin/ and make it executable.
Type 'sparta' in any terminal to launch the application.


When SPARTA is first launched, either via the Kali Applications menu or by running sparta at the command line, the main interface will open, presenting you with your workspace. Initially, the hosts pane will be empty so you can either import an Nmap scan results file or, as this example shows, click in the pane on the text “Click here to add host(s) to scope“.
After clicking “Add to scope“, the Nmap scan will begin and we are presented with a progress indicator in the Log pane.

The default Nmap scan is quite thorough and will take some time to complete. Once SPARTA has some hosts and ports to work with, it proceeds to run additional tools against the discovered services such as nikto, smbenum, snmpcheck, and more.

Open Ports & Services:

  • Nmap results will provide target open ports and services.



  • Above figure shows that target operating system, Open ports and services are discovered as scan results.

Brute Force Attack on Open ports:

  • Let us Brute force Server Message Block (SMB) via port 445 to enumerate the list of users and their valid passwords.

  • Right-click and Select option Send to Brute.Also, select discovered Open ports and service on target.
  • Browse and add dictionary files for Username and password fields.

 Click Run to start the Brute force attack on the target.Above Figure shows Brute force attack is successfully completed on the target IP and the valid password is Found!

Points to remember 
  • Always think failed login attempts will be logged as Event logs in Windows.
  • Password changing policy should be 15 to 30 days will be a good practice.
  • Always recommended to use a strong password as per policy.Password lockout policy is a good one to stop brute force attacks (After 5 failure attempts account will be locked)
  •  The integration of business-critical asset to SIEM( security incident & Event Management) will detect these kinds of attacks as soon as possible.
 

6 comments:

  1. Hmm it seems like your website ate my first comment (it was super long) so I guess I'll just sum it up what I submitted and say, I'm thoroughly enjoying your blog. I too am an aspiring blog blogger but I'm still new to everything. Do you have any tips and hints for beginner blog writers? I'd definitely appreciate it. amazon prime subscription

    ReplyDelete
  2. Penetration Testing Services Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though.

    ReplyDelete
  3. Nice content. Testing is a very important part in software development. Secure software can give best outcome to the end user. Penetration testing is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Know more here about penetration testing services and how it helps your business.

    ReplyDelete
  4. which because of the absence of a total graphical climate is ideal, appropriate for Linux specialists, developers, and different clients that feel comfortable around an order brief. https://onohosting.com/

    ReplyDelete
  5. It is a great website.. The Design looks very good.. Keep working like that.External Penetration Testing

    ReplyDelete
  6. What a wonderful post you have written! It will come to great help of the beginners like me! This list is very clear, precise and descriptive really! Thank you so much Anil. Keep writing for us like this.:)

    Digital Era

    ReplyDelete