CompTIA PenTest+ Certification For Dummies
Book image
Explore Book Buy On Amazon
The first category of tools that appears in the CompTIA PenTest+ objectives is scanners. A number of different types of scanners exist—some scanners will scan for open ports, while other scanners are designed to find vulnerabilities within a system.


Nmap is a common network scanner used by pentesters to locate systems on the network and determine the ports that are open on those systems. You can also use Nmap to identify the software running on the ports and the type of operating system being used. You need to know the Nmap syntax for the PenTest+ certification exam!

Nikto and w3af

Nikto is an open-source web application vulnerability scanner. When you run it against a website or web application, Nikto performs a number of tests to determine if the web application is vulnerable to different types of attacks.

To perform a Nikto scan against a system, you would use the following command:

nikto -h <IP_or_FQDN>

For example, to perform a web vulnerability scan on the system with the internet protocol (IP) address, you could use the command, nikto -h, as shown. If the web application was using SSL, you could use the following command to scan a HTTPS site: nikto -h -ssl.

Using Nikto Using Nikto to do a web application vulnerability scan

Another example of an open-source web application vulnerability scanner is w3af, which is labeled as a web application attack and audit framework to assess the security of your web servers. You can download w3af, or it comes preinstalled on Kali Linux where you can access it from Applications | Web Application Analysis. With w3af you can select the different types of vulnerabilities to check for by selecting the appropriate plugins and then starting the scan.

Using w3af Using w3af to perform different types of vulnerability checks on a web application

Note that the CompTIA objectives list w3af under the credential testing tools, but I have placed it in the “Scanners” section as that is what the tool is best known for.


Nessus is a commercial tool used for vulnerability scanning of systems on the network. Not only will Nessus scan for a wide range of vulnerabilities, but it will also scan a number of different types of devices for those vulnerabilities. Nessus also offers a downloadable free edition that is limited to scanning 16 devices, which is a perfect learning tool!


OpenVAS is an open-source vulnerability scanner. OpenVAS can perform the vulnerability scan in a number of different ways, including authenticated and unauthenticated testing.


SQLmap is a program you can download to help automate SQL injection attacks against the web application you are authorized to test in your penetration test. SQLmap comes preinstalled on Kali Linux. If you want to perform an automated test with SQLmap, you need to pass in the URL to be tested, such as sqlmap -u This means the request to the page accepts parameters as input, and SQLmap will try a number of malicious input on the ID parameter.

Using SQLmap to automate SQL injection attacks. Using SQLmap to automate SQL injection attacks

For the PenTest+ certification exam, remember that Nikto is a web application vulnerability scanner; SQLmap is an automated SQL injection attack tool; and Nessus is a system vulnerability scanner used to identify weaknesses in a product.

About This Article

This article can be found in the category: