Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
KALI LINUX NETWORK SCANNING COOKBOOK
Aug, 2014 | 452 pages
No titles found
Table of Contents (16 chapters)
Kali Linux Network Scanning Cookbook
Kali Linux Network Scanning Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Disclaimer
Disclaimer
Preface
Preface
Free Chapter
1
Getting Started
Getting Started
Configuring a security lab with VMware Player (Windows)
Configuring a security lab with VMware Fusion (Mac OS X)
Installing Ubuntu Server
Installing Metasploitable2
Installing Windows Server
Increasing the Windows attack surface
Installing Kali Linux
Configuring and using SSH
Installing Nessus on Kali Linux
Configuring Burp Suite on Kali Linux
Using text editors (VIM and Nano)
2
Discovery Scanning
Discovery Scanning
Using Scapy to perform layer 2 discovery
Using ARPing to perform layer 2 discovery
Using Nmap to perform layer 2 discovery
Using NetDiscover to perform layer 2 discovery
Using Metasploit to perform layer 2 discovery
Using ICMP ping to perform layer 3 discovery
Using Scapy to perform layer 3 discovery
Using Nmap to perform layer 3 discovery
Using fping to perform layer 3 discovery
Using hping3 to perform layer 3 discovery
Using Scapy to perform layer 4 discovery
Using Nmap to perform layer 4 discovery
Using hping3 to perform layer 4 discovery
3
Port Scanning
Port Scanning
UDP port scanning
TCP port scanning
UDP scanning with Scapy
UDP scanning with Nmap
UDP scanning with Metasploit
Stealth scanning with Scapy
Stealth scanning with Nmap
Stealth scanning with Metasploit
Stealth scanning with hping3
Connect scanning with Scapy
Connect scanning with Nmap
Connect scanning with Metasploit
Connect scanning with Dmitry
TCP port scanning with Netcat
Zombie scanning with Scapy
Zombie scanning with Nmap
4
Fingerprinting
Fingerprinting
Banner grabbing with Netcat
Banner grabbing with Python sockets
Banner grabbing with Dmitry
Banner grabbing with Nmap NSE
Banner grabbing with Amap
Service identification with Nmap
Service identification with Amap
Operating system identification with Scapy
Operating system identification with Nmap
Operating system identification with xProbe2
Passive operating system identification with p0f
SNMP analysis with Onesixtyone
SNMP analysis with SNMPwalk
Firewall identification with Scapy
Firewall identification with Nmap
Firewall identification with Metasploit
5
Vulnerability Scanning
Vulnerability Scanning
Vulnerability scanning with Nmap Scripting Engine
Vulnerability scanning with MSF auxiliary modules
Creating scan policies with Nessus
Vulnerability scanning with Nessus
Command-line scanning with Nessuscmd
Validating vulnerabilities with HTTP interaction
Validating vulnerabilities with ICMP interaction
6
Denial of Service
Denial of Service
Fuzz testing to identify buffer overflows
Remote FTP service buffer overflow DoS
Smurf DoS attack
DNS amplification DoS attack
SNMP amplification DoS attack
NTP amplification DoS attack
SYN flood DoS attack
Sock stress DoS attack
DoS attacks with Nmap NSE
DoS attacks with Metasploit
DoS attacks with the exploit database
7
Web Application Scanning
Web Application Scanning
Web application scanning with Nikto
SSL/TLS scanning with SSLScan
SSL/TLS scanning with SSLyze
Defining a web application target with Burp Suite
Using Burp Suite Spider
Using Burp Suite engagement tools
Using Burp Suite Proxy
Using the Burp Suite web application scanner
Using Burp Suite Intruder
Using Burp Suite Comparer
Using Burp Suite Repeater
Using Burp Suite Decoder
Using Burp Suite Sequencer
GET method SQL injection with sqlmap
POST method SQL injection with sqlmap
Requesting a capture SQL injection with sqlmap
Automating CSRF testing
Validating command injection vulnerabilities with HTTP traffic
Validating command injection vulnerabilities with ICMP traffic
8
Automating Kali Tools
Automating Kali Tools
Nmap greppable output analysis
Nmap port scanning with targeted NSE script execution
Nmap NSE vulnerability scanning with MSF exploitation
Nessuscmd vulnerability scanning with MSF exploitation
Multithreaded MSF exploitation with reverse shell payload
Multithreaded MSF exploitation with backdoor executable
Multithreaded MSF exploitation with ICMP verification
Multithreaded MSF exploitation with admin account creation
Index
Index

Stealth scanning with Scapy

One way to perform a TCP port scan is to perform a partial, TCP three-way handshake on target ports to identify whether the ports are accepting connections or not. This type of scan is referred to as a stealth scan, SYN scan, or half-open scan. This specific recipe will demonstrate how to use Scapy to perform a TCP stealth scan.

Getting ready

To use Scapy to perform a TCP stealth scan, you will need to have a remote system that is running accessible network services over TCP. In the examples provided, an instance of Metasploitable2 is used to perform this task. For more information on how to set up Metasploitable2, refer to Chapter 1, Getting Started. Additionally, this section will require a script to be written to the filesystem using a text editor, such as VIM or Nano. For more information on how to write scripts, refer to the Using text editors (VIM and Nano) recipe in Chapter 1, Getting Started.

How to do it…

To demonstrate how a SYN scan is performed, we craft...

Previous Section
End of Section 7
Next Section