SPARTA INTRO :-
Sparta is the GUI (Graphical User Interface) Kali application used in information gathering of the target. This application is written in python. If the target is in attackers network. Attacker can scan IP range and can gather information in sparta. Sparta gives different services and all the tools which are used in scanning of the victim. It offers different features like – hydra, nikto, nmap, mysql. Attacker can also use this tool to bruteforce on the scanned IP ranges.
This tool comes pre-installed in Kali-Linux. For using the sparta simply type sparta in linux terminal and sparta will start in GUI as shown below.
USAGE OF SPARTA :-
- After starting sparta, click on the “click here to add host(s) to scope“
- enter the IP ranges 192.168.1.1/24 or you can enter your own IP ranges.
- After entering the IP ranges click on “Add to Scope“
- After clicking, sparta will start the scan on the given IP ranges and list host will appear in the host list as shown below.
- In the above screenshot, sparta has scanned 5 host. From here different tools can be used to gather information of the target.
- In the above screenshot, below it shows the progress of the no. of scans which sparta is using.
- By default sparta runs nmap scan on IP ranges and try to gathers information such as open ports.
- Open ports can be used to attack on particular services that are bind with such ports.
- Click on information tab.
- By clicking on the information tab, sparta gathers information like IPv4 or mac address. This information can be used in other hacking activities.
- Sparta uses nikto with port 80 to scan the IP 192.168.1.1. It shows the router company and showing XSS header is not set which means XSS script attack can be done.
- The above screen shot shows SSL info. This information can be used in other hacking activities.
- Separate scanning can also be done by sparta. Sparta offers different methods which is used in pentesting and as well as in information gathering.
- Open router IP in browser to check router default page.
- Sparta also offers to send listed IP to brute. Using brute, it will use dictionary attack to gaining access to the target IP.
- The above information can be used in other hacking activities because sparta offers many penstesting tool in simple GUI.
- The sparta can also be used to bruteforce the the IP. From the above list of active hosts. We have taken one of the IP to bruteforce.
- For bruteforcing on selected IP. Go to open ports. Right click on port 445 and then click on send to brute.
- Then go to brute tab.
- Enter the details username and password assuming username and password and click on run.
- You can also use wordlist of your choice or generate one using crunch in cracking the username & password.
- After clicking on run Sparta has found one password of the following IP. This tool can be used to bruteforce and gather information.
- Sparta also uses enum4linux to enumerate the target and tries to gather information as possible.
DICTIONARY ATTACK :-
- Dictionary attack can also be done using sparta as it offers to choose list of dictionary or you can create your own wordlist using crunch & use your own list also of your choice as shown below.
- Simply click on Browse and select the list to use.
- Then click on run.
- In the above screen shot, dictionary attack has cracked the password of the target IP.
Ethical hacking researcher of international institute of cyber security say that sparta offers many features which can be used in information gathering and pentesting.