Hack Like a Pro: Using Sparta for Reconnaissance

Using Sparta for Reconnaissance

Welcome back, my novice hackers!

As all of you know, reconnaissance is critical to being successful in a pentest or hack. Recon is where we gather all the information we need to determine the best strategy for hacking. Without good recon, we are likely to waste many hours and be unsuccessful. Professional hackers know that good recon is key to success.

In this tutorial, I'd like to demonstrate another recon/enumeration tool named Sparta—a Python script that integrates several recon and enumeration tools into a single, simple to use GUI. Sparta integrates the following tools, many of which we have already used throughout this series on recon:

Sparta is built into Kali 2.0, but if you don't have it, you can get it from the Kali repository by typing:

kali > apt-get install sparta

Step 1: Fire Up Kali

Of course, the first step is to fire up Kali. In this case, I will be using Kali 2.0 as Sparta is already built in. Go to Applications -> Information Gathering -> sparta.

When you click on it, a GUI like that below will open.

Step 2: Add Hosts

To get started with Sparta, we need to provide it with hosts to scan and enumerate. If we click on the space that says "Click here to add host(s) to scope," it opens a window where we can add the IP addresses or the range of IP addresses to scan. We are also able to use CIDR notation to indicate an entire subnet such as 192.168.181.0/24.

After adding our IP host range in the Window, click "Add to scope." Sparta will start scanning your hosts now.

Step 3: Sparta Results

When Sparta is done scanning, it will provide you results like that below. My subnet had only two machines on it. As you can see, Sparta identified those two IP addresses and provided OS fingerprinting, identifying one as Linux and one as Windows. When I highlight the Windows system IP, it provides details of all the ports it found open and the services running.

Step 4: More Information

If we go the "Information" tab, we can get more detailed information on the particular highlighted system. Notice at the bottom of this screen that we get more specific information on the operating system of the target.

Interestingly, Sparta also runs a Nikto scan on the system if it finds port 80 open. We can click on the "nikto" tab to see results of the nikto web app vulnerability scan.

Step 5: Tools

One of the beauties of Sparta is that it integrates so many tools into this one single GUI. When we click on the "Tools" tab, Sparta displays numerous tools that we can apply to this target system including:

  • Mysql-default
  • Nikto
  • Snmp-enum
  • Smtp-enum-vrfy
  • Snmp-default
  • Snmp-check

Step 6: Brute-Force Passwords

Sparta can also brute-force passwords. Using Hydra, you can specify the IP, port, and service, then brute-force it.

For those who want a single scanning and enumeration tool with an easy-to-use GUI, Sparta is the perfect reconnaissance tool.

In this tutorial, I introduced you to the basics of this tool, but because it integrates so many tools into one, it will require additional tutorials to demonstrate all its capabilities. On the other hand, because it is relatively intuitive, many of you should be able to decipher its capabilities by just playing with it a bit. In any case, Sparta is one more excellent tool in our reconnaissance toolset.

Keep coming back, my novice hackers, as we explore the tools and techniques of the most important skill set of the 21st century—hacking!

18 Comments

its pretty cool but its just the same as the auto-exploiter i made in one of my tutorials, i never heard bout this tool before but i could easily make a similar one, buy anyway nice sharing..

hacked by Mr_Nakup3nda

@OTW

Off topic though but was about to post a thread on this. Ok so I basically cannot send messages and its because my email is not verified which is another problem because I don't exactly remember the last time I requested for an email update after verifing it for the first time but all the same, the verification link after I request a new one to verify my account is always between the wonderhowto domain and my email server, it never gets to my account. Can you please help me out on this ?

I have plenty of messages that I need reply. Thanks

# Sergeant

Your best bet would be to contact Bryan, because OTW only has authority on Null Byte.

-Phoenix750

Does he have some kind of email or social account I can message him on?

# Sergeant

The name is kind of ironic, considering that Spartans used to charge into the battlefields without really knowing their enemy.

OTW, just a general question: I thought you didn't like Kali 2.0 (just like me), but you're using it in this tutorial. Has your opinion changed?

-Phoenix750

Phoenix:

I still don't like Kali 2.0, but so many of our newcomers are using it. I will be using it occasionally until it is fixed. In this case, the tool is not in Kali 1.0, so I chose to show it in Kali 2.0. This particular tool is well-suited to the beginner with its nice GUI and multi-tool integration.

its still cool tutorial but personally i dont like the fact that the master OTW most of the time promote or motivate the use of GUI tools, specially for beginners, its better when they start messing with the commands line, terminal tools run faster and if not all, the majority are open source..when they learn to hack by simple clicks they become lazy(i experienced it)..

hacked by Mr_Nakup3nda

I agree with you, but as you said, you started using a GUI. Most of my tutorials are command line, but with the influx of newcomers, I have offered some GUI based tools when they work well.

why exactly don't you like kali 2.0?

This is quite the coincidence, I was just messing around with Sparta for the first time a few days ago. I'm glad to see it's worth the time!

-Defalt

@Defalt:

Please message me. I wanna discuss something with you.

# Sergeant

Alright. I'll send you an invite.

-Defalt

I noticed in the sparta.conf that there are 6 different types of nmap scans listed. Any ideas what Sparta uses by default? Also, is Sparta recommended for when you're already in a network or when you're investigating a potential target? Or does it matter?

Sparta uses the TCP connect scan by default (-sT).

I tried Sparta to scan a unknown device (which was my internet radio) but sparta didn't show me any results.
It just said all five scans are completed and then there was no result.
With my main pc, sparta had no problem.

Any workaround for internet radios?
Or are these "no results" a sign for a internet radio?

Cheers

P.S. Happy new year ;)

Remember that Sparta is a tool for convenience, simply incorporating several tools into a single GUI. It is likely that the nmap ping is being blocked. Try scanning it with nmap and suppress the ping (PN).

Thanks :)
What would I do without you :D

Anyway, happy new year ;)

When I try to run Sparta against a server that I know for a fact is running a Linux distribution the OS comes back as Oracle Virtualbox with an accuracy of 98. In fact so far any system I've scanned with either Sparta or Nmap comes back with similar results. Now I'm running the scan from Kali set up inside Virtualbox so I'm wondering , is it possible that is somehow compromising the results? Also no MAC address is being returned

Share Your Thoughts

  • Hot
  • Latest