KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Kali Linux Network Scanning Cookbook

Kali Linux Network Scanning Cookbook

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Disclaimer

Preface

Free Chapter

Getting Started

Getting Started

Configuring a security lab with VMware Player (Windows)

Configuring a security lab with VMware Fusion (Mac OS X)

Installing Ubuntu Server

Installing Metasploitable2

Installing Windows Server

Increasing the Windows attack surface

Installing Kali Linux

Configuring and using SSH

Installing Nessus on Kali Linux

Configuring Burp Suite on Kali Linux

Using text editors (VIM and Nano)

Discovery Scanning

Discovery Scanning

Using Scapy to perform layer 2 discovery

Using ARPing to perform layer 2 discovery

Using Nmap to perform layer 2 discovery

Using NetDiscover to perform layer 2 discovery

Using Metasploit to perform layer 2 discovery

Using ICMP ping to perform layer 3 discovery

Using Scapy to perform layer 3 discovery

Using Nmap to perform layer 3 discovery

Using fping to perform layer 3 discovery

Using hping3 to perform layer 3 discovery

Using Scapy to perform layer 4 discovery

Using Nmap to perform layer 4 discovery

Using hping3 to perform layer 4 discovery

Port Scanning

UDP port scanning

TCP port scanning

UDP scanning with Scapy

UDP scanning with Nmap

UDP scanning with Metasploit

Stealth scanning with Scapy

Stealth scanning with Nmap

Stealth scanning with Metasploit

Stealth scanning with hping3

Connect scanning with Scapy

Connect scanning with Nmap

Connect scanning with Metasploit

Connect scanning with Dmitry

TCP port scanning with Netcat

Zombie scanning with Scapy

Zombie scanning with Nmap

Fingerprinting

Banner grabbing with Netcat

Banner grabbing with Python sockets

Banner grabbing with Dmitry

Banner grabbing with Nmap NSE

Banner grabbing with Amap

Service identification with Nmap

Service identification with Amap

Operating system identification with Scapy

Operating system identification with Nmap

Operating system identification with xProbe2

Passive operating system identification with p0f

SNMP analysis with Onesixtyone

SNMP analysis with SNMPwalk

Firewall identification with Scapy

Firewall identification with Nmap

Firewall identification with Metasploit

Vulnerability Scanning

Vulnerability Scanning

Vulnerability scanning with Nmap Scripting Engine

Vulnerability scanning with MSF auxiliary modules

Creating scan policies with Nessus

Vulnerability scanning with Nessus

Command-line scanning with Nessuscmd

Validating vulnerabilities with HTTP interaction

Validating vulnerabilities with ICMP interaction

Denial of Service

Denial of Service

Fuzz testing to identify buffer overflows

Remote FTP service buffer overflow DoS

Smurf DoS attack

DNS amplification DoS attack

SNMP amplification DoS attack

NTP amplification DoS attack

SYN flood DoS attack

Sock stress DoS attack

DoS attacks with Nmap NSE

DoS attacks with Metasploit

DoS attacks with the exploit database

Web Application Scanning

Web Application Scanning

Web application scanning with Nikto

SSL/TLS scanning with SSLScan

SSL/TLS scanning with SSLyze

Defining a web application target with Burp Suite

Using Burp Suite Spider

Using Burp Suite engagement tools

Using Burp Suite Proxy

Using the Burp Suite web application scanner

Using Burp Suite Intruder

Using Burp Suite Comparer

Using Burp Suite Repeater

Using Burp Suite Decoder

Using Burp Suite Sequencer

GET method SQL injection with sqlmap

POST method SQL injection with sqlmap

Requesting a capture SQL injection with sqlmap

Automating CSRF testing

Validating command injection vulnerabilities with HTTP traffic

Validating command injection vulnerabilities with ICMP traffic

Automating Kali Tools

Automating Kali Tools

Nmap greppable output analysis

Nmap port scanning with targeted NSE script execution

Nmap NSE vulnerability scanning with MSF exploitation

Nessuscmd vulnerability scanning with MSF exploitation

Multithreaded MSF exploitation with reverse shell payload

Multithreaded MSF exploitation with backdoor executable

Multithreaded MSF exploitation with ICMP verification

Multithreaded MSF exploitation with admin account creation

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Firewall identification with Metasploit

Metasploit has a scanning auxiliary module that can be used to perform multithreaded analysis of network ports to determine if those ports are filtered, based on SYN/ACK probe-response analysis.

Getting ready

To use Metasploit to perform firewall identification, you will need to have a remote system that is running network services. Additionally, you will need to implement some type of filtering mechanism. This can be done with an independent firewall device or with host-based filtering such as Windows firewall. By manipulating the filtering settings on the firewall device, you should be able to modify the results of the scans.

How to do it…

To use the Metasploit ACK scan module to perform firewall and filtering identification, you must first launch the MSF console from a terminal in Kali Linux and then select the desired auxiliary module with the use command:

root@KaliLinux:~# msfconsole
# cowsay++
 ____________
< metasploit >
 ------------
   ...