Best thing of SPARTA GUI Toolkit it scans detects the service running on the target port.
Also, it provides Bruteforce attack for scanned open ports and services as a part of enumeration phase.
Also Read: Network Pentesting Checklist
Please clone the latest version of SPARTA from github:
git clone https://github.com/secforce/sparta.git
Alternatively, download the latest zip file here.
cd /usr/share/ git clone https://github.com/secforce/sparta.git Place the "sparta" file in /usr/bin/ and make it executable. Type 'sparta' in any terminal to launch the application.
The scope of Network Penetration Testing Work:
- Organizations security weaknesses in their network infrastructures are identified by a list of host or targeted host and add them to the scope.
- Select menu bar – File > Add host(s) to scope
- Above figures show target Ip is added to the scope.According to your network can add the range of IPs to scan.
- After adding Nmap scan will begin and results will be very faster.now scanning phase is done.
Open Ports & Services:
- Nmap results will provide target open ports and services.
- Above figure shows that target operating system, Open ports and services are discovered as scan results.
Brute Force Attack on Open ports:
- Let us Brute force Server Message Block (SMB) via port 445 to enumerate the list of users and their valid passwords.
- Right-click and Select option Send to Brute.Also, select discovered Open ports and service on target.
- Browse and add dictionary files for Username and password fields.
- Click Run to start the Brute force attack on the target.Above Figure shows Brute force attack is successfully completed on the target IP and the valid password is Found!
- Always think failed login attempts will be logged as Event logs in Windows.
- Password changing policy should be 15 to 30 days will be a good practice.
- Always recommended to use a strong password as per policy.Password lockout policy is a good one to stop brute force attacks (After 5 failure attempts account will be locked)
- The integration of business-critical asset to SIEM( security incident & Event Management) will detect these kinds of attacks as soon as possible.
SPARTA is timing saving GUI Toolkit for pentesters for scanning and enumeration phase.SPARTA Scans and Bruteforce various protocols.It has many more features! Happy Hacking.