Once access to a network has been gained and the systems within that network have been identified, the next step is establishing a foothold and persistent access. There are several tools that are available to help identify and exploit systemic vulnerabilities, but we will be focusing only on three of them in this chapter:
- OpenVAS (http://www.openvas.org)
- Nessus (https://www.tenable.com/products/nessus-vulnerability-scanner)
- Nexpose (https://www.rapid7.com/info/nexpose-community/)