KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Kali Linux Network Scanning Cookbook

Kali Linux Network Scanning Cookbook

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Disclaimer

Preface

Free Chapter

Getting Started

Getting Started

Configuring a security lab with VMware Player (Windows)

Configuring a security lab with VMware Fusion (Mac OS X)

Installing Ubuntu Server

Installing Metasploitable2

Installing Windows Server

Increasing the Windows attack surface

Installing Kali Linux

Configuring and using SSH

Installing Nessus on Kali Linux

Configuring Burp Suite on Kali Linux

Using text editors (VIM and Nano)

Discovery Scanning

Discovery Scanning

Using Scapy to perform layer 2 discovery

Using ARPing to perform layer 2 discovery

Using Nmap to perform layer 2 discovery

Using NetDiscover to perform layer 2 discovery

Using Metasploit to perform layer 2 discovery

Using ICMP ping to perform layer 3 discovery

Using Scapy to perform layer 3 discovery

Using Nmap to perform layer 3 discovery

Using fping to perform layer 3 discovery

Using hping3 to perform layer 3 discovery

Using Scapy to perform layer 4 discovery

Using Nmap to perform layer 4 discovery

Using hping3 to perform layer 4 discovery

Port Scanning

UDP port scanning

TCP port scanning

UDP scanning with Scapy

UDP scanning with Nmap

UDP scanning with Metasploit

Stealth scanning with Scapy

Stealth scanning with Nmap

Stealth scanning with Metasploit

Stealth scanning with hping3

Connect scanning with Scapy

Connect scanning with Nmap

Connect scanning with Metasploit

Connect scanning with Dmitry

TCP port scanning with Netcat

Zombie scanning with Scapy

Zombie scanning with Nmap

Fingerprinting

Banner grabbing with Netcat

Banner grabbing with Python sockets

Banner grabbing with Dmitry

Banner grabbing with Nmap NSE

Banner grabbing with Amap

Service identification with Nmap

Service identification with Amap

Operating system identification with Scapy

Operating system identification with Nmap

Operating system identification with xProbe2

Passive operating system identification with p0f

SNMP analysis with Onesixtyone

SNMP analysis with SNMPwalk

Firewall identification with Scapy

Firewall identification with Nmap

Firewall identification with Metasploit

Vulnerability Scanning

Vulnerability Scanning

Vulnerability scanning with Nmap Scripting Engine

Vulnerability scanning with MSF auxiliary modules

Creating scan policies with Nessus

Vulnerability scanning with Nessus

Command-line scanning with Nessuscmd

Validating vulnerabilities with HTTP interaction

Validating vulnerabilities with ICMP interaction

Denial of Service

Denial of Service

Fuzz testing to identify buffer overflows

Remote FTP service buffer overflow DoS

Smurf DoS attack

DNS amplification DoS attack

SNMP amplification DoS attack

NTP amplification DoS attack

SYN flood DoS attack

Sock stress DoS attack

DoS attacks with Nmap NSE

DoS attacks with Metasploit

DoS attacks with the exploit database

Web Application Scanning

Web Application Scanning

Web application scanning with Nikto

SSL/TLS scanning with SSLScan

SSL/TLS scanning with SSLyze

Defining a web application target with Burp Suite

Using Burp Suite Spider

Using Burp Suite engagement tools

Using Burp Suite Proxy

Using the Burp Suite web application scanner

Using Burp Suite Intruder

Using Burp Suite Comparer

Using Burp Suite Repeater

Using Burp Suite Decoder

Using Burp Suite Sequencer

GET method SQL injection with sqlmap

POST method SQL injection with sqlmap

Requesting a capture SQL injection with sqlmap

Automating CSRF testing

Validating command injection vulnerabilities with HTTP traffic

Validating command injection vulnerabilities with ICMP traffic

Automating Kali Tools

Automating Kali Tools

Nmap greppable output analysis

Nmap port scanning with targeted NSE script execution

Nmap NSE vulnerability scanning with MSF exploitation

Nessuscmd vulnerability scanning with MSF exploitation

Multithreaded MSF exploitation with reverse shell payload

Multithreaded MSF exploitation with backdoor executable

Multithreaded MSF exploitation with ICMP verification

Multithreaded MSF exploitation with admin account creation

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 3. Port Scanning

Identifying open ports on a target system is the next step to defining the attack surface of a target. Open ports correspond to the networked services that are running on a system. Programming errors or implementation flaws can make these services vulnerable to attack and can sometimes lead to total system compromise. To determine the possible attack vectors, one must first enumerate the open ports on all of the remote systems within the project's scope. These open ports correspond to services that may be addressed with either UDP or TCP traffic. Both TCP and UDP are transport protocols. Transmission Control Protocol (TCP) is the more commonly used of the two and provides connection-oriented communication. User Datagram Protocol (UDP) is a nonconnection-oriented protocol that is sometimes used with services for which speed of transmission is more important than data integrity. The penetration testing technique used to enumerate these services is called port scanning...