hello and welcome everybody to another episode of breaking stuff with Robert today, we're going to be looking at Sparta now. Sparta is a Python Gilly application that really makes fingerprinting but printing. You know, network infrastructure. Really, really quick.
I mean it. Really. What it does is it's taking a combination of tools like Nick, though, and it does some SMTP checks
and a few other things, and it's rose all that together in map scans, et cetera, And it gives you kind of a nice, simple gooey that you can look through each of the tabs and check everything out.
And it helps you to spend less time using each of those tools and more time analyzing those results.
Now, some targeted audiences for this tool are going to be network administrators that are looking to maybe see what ports of service is. We're communicating on a system or systems cyber defense analysts looking to evaluate some common tools and their patterns and how they're used on what they do and penetration testers looking too quickly fingerprint a large group of, uh,
systems or a single system in penetration testing.
Now, network scanning techniques would definitely be a good, fundamental knowledge teau have some of the different tools in ways that you can skin systems. But if you have those, those knowledge base is already you've probably heard of Sparta.
And then, of course, um, Callie Lennox command line utilization fundamentals here. So with those things in mind, let's go ahead and jump into our demo.
Here we are, everybody in the handy dandy demo environment. Now you may notice that we already have Sparta up and running, and there's some information here that has been populated starting from the beginning. For your reference, you can open a terminal
and type of Sparta,
and this opens up this gooey that you're looking at. Here. You can click here to add an I P range or single address to the scope, and then it will run Host Discovery and the staged and maps can right out the gate. Now again,
this tool is as advertised on the Cali site as a penetration testing tool, a network penetration testing tool.
But it's got some functionalities we were saying for network administrators, database administrators, that air testing a particular system. In this case, I've got a menace palatable box here that was scanned.
And as you can see, it keeps a nice log here at the bottom. So we know when we're doing certain things starting from stage one, scanning all the way up to the completion of the scan.
And as it finds thes open ports, it does some basic and admiration here. Um, so it gives you some information like it wouldn't end map. You can put your own notes here. So if you were keeping track of everything here on the left hand side, you can do so.
But you can see it Used Nick toe against a port that was open port 80. So it did some evaluation here
and provided some contextual information for us.
It gave us a screenshot of the page that it was able to pull Did some S M T P checks some enumeration, found some default passwords with my SQL and post Rescue. L so really default for FTP. So this tool is great
if you don't know what's going on with the system, if you're starting to do your kind of initial reconnaissance,
um, and you want to collect as much information as possible and kind of one go and then from there, figure out whether you want to, you know, open those directories that had to fall credentials. Or if you want to check some websites or whatever the case may be again, you can scan an entire range.
We can see the service is that were found.
And so, like in this case, I only have one, I p. But as you can see, it shows me
everything that was active here, the versions,
etcetera. So this tool is very powerful. I used it extensively when I was going through the O. S, C. P and the test. And I have to say that this tool really allowed me to rent my arms around each system kind of what was there initially and then allowed me to plan appropriately as I moved into the next phases of that test.
So with those things in mind, let's go ahead and jump back over to our slides.
Well, I hope you enjoyed that demo and getting toe learn about Sparta and what it does, and maybe some use cases for yourself again. Very flexible ability to scan single host wide range of host gives you the service's lays everything out in a nice tabbed manner.
One thing that we didn't go into with Sparta in the demo was the brute force tap, where you can actually do some brute forcing against interfaces and things of that nature. If you got a credential list or set of credentials, you wantto use.
But as you could see, it already does some testing for common credential sets, and we'll let you know if those things are available. So with those things in mind, I want to thank you for your time today and I look forward to seeing you again.