As a Linux system administrator, do you often feel that the security audit process is cumbersome, time-consuming and labor-intensive? At this time, an efficient security audit tool may be able to solve your urgent need. Today we will introduce to you a highly acclaimed Linux system management tool-Sparta. Through in-depth study and application of Sparta, you can get twice the result with half the effort in security auditing and easily deal with complex security issues.
SPARTA is a GUI application developed in Python and is a network penetration testing tool built into Kali Linux. It simplifies the scanning and enumeration phases and gets results faster. What the SPARTA GUI tool suite does best is scan and discover target ports and running services. Additionally, as part of the enumeration phase, it provides brute force attacks on open ports and services.
Install
Please clone the latest version of SPARTA from GitHub:
git clone https://github.com/secforce/sparta.git
Alternatively, download the latest version Zip file from here.
cd /usr/share/ git clone https://github.com/secforce/sparta.git
Put the sparta file in the /usr/bin/ directory and grant runnable permissions. Type ‘sparta’ in any terminal to launch the application.
Scope of network penetration testing
Add a target host or list of target hosts to the test scope to discover security weaknesses in an organization's network infrastructure.
Select the menu bar – “File” -> “Add host(s) to scope”
Network Penetration Testing
Depending on the specific conditions of your network, you can add a range of IP addresses to scan. After the scan range is added, Nmap will start scanning and soon get the results and the scanning phase is over.
Opened ports and services
Nmap scan results provide open ports and services on the target.
Network Penetration Testing
Performing a brute force attack on an open port
Let’s brute force the list of users and their valid passwords through the Server Message Block (SMB) protocol on port 445. Right click and select the “Send to Brute” option. You can also choose to discover open ports and services on the target. Browse and add the dictionary file in the Username and Password box.
Click “Run” to initiate a brute force attack on the target. The image above shows a successful brute force attack on the target IP address, resulting in the discovery of a valid password. Failed login attempts in Windows are always logged to the event log. The policy of changing passwords every 15 to 30 days is a good practice. It is highly recommended to use a strong password policy. A password lockout policy is one of the best ways to stop this brute force attack (account will be locked after 5 failed login attempts).
Integrating critical business assets into SIEM (Security Conflict & Incident Management) will detect these types of attacks as quickly as possible.
SPARTA is a time-saving GUI tool suite for the scanning and enumeration phases of penetration testing. SPARTA can scan and brute force various protocols. It has many functions! Good luck with your testing!
“
In short, Sparta is an extremely powerful and efficient Linux system management tool. It assists administrators in conducting security audits in an intelligent way, greatly reducing the time and cost of security audits. Sparta is not only powerful but also easy to use. It is an indispensable security audit tool for all types of enterprises and organizations. We believe that by learning and making full use of Sparta, you will be able to solve security problems more efficiently and make your Linux system management work more efficient!
”
The above is the detailed content of Linux system management tool Sparta makes security audit easier. For more information, please follow other related articles on the PHP Chinese website!