CHAPTER 4
Looking for Vulnerabilities
After you perform reconnaissance activities and gather information about your tar‐
get, you normally move on to identifying entry points. You are looking for vulnerabil‐
ities in the organization, which can be open to exploitation. You can identify
vulnerabilities in various ways. Based on your reconnaissance, you may have even
identified one or two. These may be based on the different pieces of information you
obtained through open sources.
Vulnerabilities can be scanned for. Tools are available to look for them. Some of these
tools that Kali provides are designed to look across different types of systems and
platforms. Other tools, though, are designed to specifically look for vulnerabilities in
devices like routers and switches. It may not be much of a surprise that there are
scanners for Cisco devices.
Most of the tools we’ll look at will search for existing vulnerabilities. These are ones
that are known, and identifying them is something that can be done based on interac‐
tions with the system or its applications. Sometimes, though, you may want to iden‐
tify new vulnerabilities. Tools are available in Kali that can help generate application
crashes, which can become vulnerabilities. These tools are commonly called
fuzzers
.
This is a comparatively easy way of generating a lot of malformed data that can be
provided to applications to see how they handle that data.
To even start this process, though, you need to understand what a vulnerability is. It
can be easy to misunderstand vulnerabilities or confuse them with other concepts.
One important notion to keep in mind is that just because you have identified vulner‐
abilities does not mean they are going to be exploitable. Even if an exploit matches
the vulnerability you find, it doesn’t mean that the exploit will work. It’s hard to
understate the importance of this idea. Vulnerabilities do not necessarily lead to
exploitation.
