Week 5: Scanning Tools & Tactics

Scanning Tactics - This lesson will cover common tools in-depth that are used for port scanning including Nmap, Nessus, and Metasploit. The section will introduce readers to using a wide toolset for scanning on penetration tests and provide a deeper understanding of what is going on behind the scenes. For example, the importance of TCP vs UDP scanning, the three-way TCP handshake, stealth scanning, and various Nmap switches. It will also provide the first introduction to Metasploit and its usage, which will be built upon throughout the course.


  • TCP

    • Connection-oriented

    • has a handshake

    • used on applications requiring high reliability

    • E.g. HTTP, FTP, Telnet

  • UDP

    • Connectionless

    • No handshake

    • used on applications requiring a fast connection

    • E.g. DNS, DHCP, SNMP

3-way handshake

SYN SYN ACK RST --reset packet

Don't get bogged down in web exploitation (password spraying, sql injection, XSS, credential stuffing) if they aren't paying for web exploitation.

Last updated