KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Kali Linux Network Scanning Cookbook

Kali Linux Network Scanning Cookbook

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Disclaimer

Preface

Free Chapter

Getting Started

Getting Started

Configuring a security lab with VMware Player (Windows)

Configuring a security lab with VMware Fusion (Mac OS X)

Installing Ubuntu Server

Installing Metasploitable2

Installing Windows Server

Increasing the Windows attack surface

Installing Kali Linux

Configuring and using SSH

Installing Nessus on Kali Linux

Configuring Burp Suite on Kali Linux

Using text editors (VIM and Nano)

Discovery Scanning

Discovery Scanning

Using Scapy to perform layer 2 discovery

Using ARPing to perform layer 2 discovery

Using Nmap to perform layer 2 discovery

Using NetDiscover to perform layer 2 discovery

Using Metasploit to perform layer 2 discovery

Using ICMP ping to perform layer 3 discovery

Using Scapy to perform layer 3 discovery

Using Nmap to perform layer 3 discovery

Using fping to perform layer 3 discovery

Using hping3 to perform layer 3 discovery

Using Scapy to perform layer 4 discovery

Using Nmap to perform layer 4 discovery

Using hping3 to perform layer 4 discovery

Port Scanning

UDP port scanning

TCP port scanning

UDP scanning with Scapy

UDP scanning with Nmap

UDP scanning with Metasploit

Stealth scanning with Scapy

Stealth scanning with Nmap

Stealth scanning with Metasploit

Stealth scanning with hping3

Connect scanning with Scapy

Connect scanning with Nmap

Connect scanning with Metasploit

Connect scanning with Dmitry

TCP port scanning with Netcat

Zombie scanning with Scapy

Zombie scanning with Nmap

Fingerprinting

Banner grabbing with Netcat

Banner grabbing with Python sockets

Banner grabbing with Dmitry

Banner grabbing with Nmap NSE

Banner grabbing with Amap

Service identification with Nmap

Service identification with Amap

Operating system identification with Scapy

Operating system identification with Nmap

Operating system identification with xProbe2

Passive operating system identification with p0f

SNMP analysis with Onesixtyone

SNMP analysis with SNMPwalk

Firewall identification with Scapy

Firewall identification with Nmap

Firewall identification with Metasploit

Vulnerability Scanning

Vulnerability Scanning

Vulnerability scanning with Nmap Scripting Engine

Vulnerability scanning with MSF auxiliary modules

Creating scan policies with Nessus

Vulnerability scanning with Nessus

Command-line scanning with Nessuscmd

Validating vulnerabilities with HTTP interaction

Validating vulnerabilities with ICMP interaction

Denial of Service

Denial of Service

Fuzz testing to identify buffer overflows

Remote FTP service buffer overflow DoS

Smurf DoS attack

DNS amplification DoS attack

SNMP amplification DoS attack

NTP amplification DoS attack

SYN flood DoS attack

Sock stress DoS attack

DoS attacks with Nmap NSE

DoS attacks with Metasploit

DoS attacks with the exploit database

Web Application Scanning

Web Application Scanning

Web application scanning with Nikto

SSL/TLS scanning with SSLScan

SSL/TLS scanning with SSLyze

Defining a web application target with Burp Suite

Using Burp Suite Spider

Using Burp Suite engagement tools

Using Burp Suite Proxy

Using the Burp Suite web application scanner

Using Burp Suite Intruder

Using Burp Suite Comparer

Using Burp Suite Repeater

Using Burp Suite Decoder

Using Burp Suite Sequencer

GET method SQL injection with sqlmap

POST method SQL injection with sqlmap

Requesting a capture SQL injection with sqlmap

Automating CSRF testing

Validating command injection vulnerabilities with HTTP traffic

Validating command injection vulnerabilities with ICMP traffic

Automating Kali Tools

Automating Kali Tools

Nmap greppable output analysis

Nmap port scanning with targeted NSE script execution

Nmap NSE vulnerability scanning with MSF exploitation

Nessuscmd vulnerability scanning with MSF exploitation

Multithreaded MSF exploitation with reverse shell payload

Multithreaded MSF exploitation with backdoor executable

Multithreaded MSF exploitation with ICMP verification

Multithreaded MSF exploitation with admin account creation

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Nmap port scanning with targeted NSE script execution

Many of the Nmap Scripting Engine (NSE) scripts are only applicable if there is a service running on a given port. Consider the usage of the smb-check-vulns.nse script. This script will evaluate SMB services running on TCP port 445 for common service vulnerabilities. If this script were executed across an entire network, it would have to reaccomplish the task of determining whether port 445 is open and if the SMB service is accessible on each target system. This is a task that has probably already been accomplished during the scanning phase of the assessment. Bash scripting can be used to leverage existing Nmap greppable output files to run service-specific NSE scripts only against systems that are running those services. In this recipe, we will demonstrate how a script can be used to determine hosts that are running a service on TCP 445 from previous scan results and then run the smb-check-vulns.nse script against only those systems...