Here are some alternative methods for numerating for vulnerabilities in the high-value ports listed in the previous posts, without using Metasploit, along with some example queries:
Port 21: FTP (File Transfer Protocol)
- FTP Bounce Scanner: This tool allows you to scan for vulnerabilities in FTP servers by bouncing connections off of an intermediate server. To use FTP Bounce Scanner, you can run the following command:
ftpbouncescan.py [IP address of FTP server]- ftp-vuln-scan: This Python script can be used to scan for known vulnerabilities in FTP servers. To use ftp-vuln-scan, you can run the following command:
python ftp-vuln-scan.py [IP address of FTP server]Port 22: SSH (Secure Shell)
- Ncrack: This tool allows you to test for known vulnerabilities in SSH servers by performing brute-force attacks. To use Ncrack, you can run the following command:
ncrack -v --user [Username] -P [Password list] [IP address of SSH server]:22- ssh-audit: This Python script can be used to scan for known vulnerabilities in SSH servers. To use ssh-audit, you can run the following command:
python ssh-audit.py [IP address of SSH server]Port 23: Telnet
- Ncrack: This tool allows you to test for known vulnerabilities in Telnet servers by performing brute-force attacks. To use Ncrack, you can run the following command:
ncrack -v --user [Username] -P [Password list] [IP address of Telnet server]:23- Telnet Brute: This Python script can be used to perform brute-force attacks on Telnet servers. To use Telnet Brute, you can run the following command:
python telnet-brute.py -H [IP address of Telnet server] -u [Username] -F [Password list]Port 53: DNS (Domain Name System)
- Dnsrecon: This tool allows you to enumerate DNS servers and test for known vulnerabilities. To use Dnsrecon, you can run the following command:
dnsrecon -d [Domain name] -t std- dns-vuln-scan: This Python script can be used to scan for known vulnerabilities in DNS servers. To use dns-vuln-scan, you can run the following command:
python dns