Book Image

Kali Linux Network Scanning Cookbook - Second Edition

By : Michael Hixon, Justin Hutchens
Book Image

Kali Linux Network Scanning Cookbook - Second Edition

By: Michael Hixon, Justin Hutchens

Overview of this book

With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools. Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and has new and updated scripts for automating scanning and target exploitation. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. You will cover the latest features of Kali Linux 2016.2, which includes the enhanced Sparta tool and many other exciting updates. This immersive guide will also encourage the creation of personally scripted tools and the skills required to create them.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Network Scanning Cookbook - Second Edition
Michael Hixon | Justin Hutchens
May, 2017 | 634 pages
Small book image
Network Scanning Cookbook
Sairam Jetty
Sep, 2018 | 304 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Table of Contents (13 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Reader feedback
Customer support
Free Chapter
1
Getting Started
Getting Started
Introduction
Configuring a security lab with VMware Player (Windows)
Configuring a security lab with VMware Fusion (macOS)
Installing Ubuntu Server
Installing Metasploitable2
Installing Windows Server
Increasing the Windows attack surface
Installing Kali Linux
Using text editors (Vim and GNU nano)
Keeping Kali updated
Managing Kali services
Configuring and using SSH
Installing Nessus on Kali Linux
2
Reconnaissance
Reconnaissance
Introduction
Using Google to find subdomains
Finding e-mail addresses using theHarvester
Enumerating DNS using the host command
Enumerating DNS using DNSRecon
Enumerating DNS using the dnsenum command
3
Discovery
Discovery
Introduction
Using Scapy to perform host discovery (layers 2/3/4)
Using Nmap to perform host discovery (layers 2/3/4)
Using ARPing to perform host discovery (layer 2)
Using netdiscover to perform host discovery (layer 2)
Using Metasploit to perform host discovery (layer 2)
Using hping3 to perform host discovery (layers 3/4)
Using ICMP to perform host discovery
Using fping to perform host discovery
4
Port Scanning
Port Scanning
Introduction
UDP port scanning
TCP port scanning
Port scanning with Scapy (UDP, stealth, connect, and zombie)
Port scanning with Nmap (UDP, stealth, connect, zombie)
Port scanning with Metasploit(UDP, stealth, and connect)
Port scanning with hping3 (stealth)
Port scanning with DMitry (connect)
Port scanning with Netcat (connect)
Port scanning with masscan (stealth)
5
Fingerprinting
Fingerprinting
Introduction
Banner grabbing with Netcat
Banner grabbing with Python sockets
Banner grabbing with DMitry
Banner grabbing with Nmap NSE
Banner grabbing with Amap
Service identification with Nmap
Service identification with Amap
Operating system identification with Scapy
Operating system identification with Nmap
Operating system identification with xprobe2
Passive operating system identification with p0f
SNMP analysis with Onesixtyone
SNMP analysis with SNMPwalk
Firewall identification with Scapy
Firewall identification with Nmap
Firewall identification with Metasploit
6
Vulnerability Scanning
Vulnerability Scanning
Introduction
Vulnerability scanning with the Nmap Scripting Engine
Vulnerability scanning with MSF auxiliary modules
Creating scan policies with Nessus
Vulnerability scanning with Nessus
Vulnerability scanning with OpenVAS
Validating vulnerabilities with HTTP interaction
Validating vulnerabilities with ICMP interaction
7
Denial of Service
Denial of Service
Introduction
Fuzz testing to identify buffer overflows
Remote FTP service buffer-overflow DoS
Smurf DoS attack
DNS amplification DoS attacks
SNMP amplification DoS attack
SYN flood DoS attack
Sock stress DoS attack
DoS attacks with Nmap NSE
DoS attacks with Metasploit
DoS attacks with the exploit database
8
Working with Burp Suite
Working with Burp Suite
Introduction
Configuring Burp Suite on Kali Linux
Defining a web application target with Burp Suite
Using Burp Suite Spider
Using Burp Suite Proxy
Using Burp Suite engagement tools
Using the Burp Suite web application scanner
Using Burp Suite Intruder
Using Burp Suite Comparer
Using Burp Suite Repeater
Using Burp Suite Decoder
Using Burp Suite Sequencer
Using Burp Suite Extender
Using Burp Suite Clickbandit
9
Web Application Scanning
Web Application Scanning
Introduction
Web application scanning with Nikto
SSL/TLS scanning with SSLScan
SSL/TLS scanning with SSLyze
GET method SQL injection with sqlmap
POST method SQL injection with sqlmap
Requesting a capture SQL injection with sqlmap
Automating CSRF testing
Validating command-injection vulnerabilities with HTTP traffic
Validating command-injection vulnerabilities with ICMP traffic
10
Attacking the Browser with BeEF
Attacking the Browser with BeEF
Hooking the browser withBeEF
Collecting information with BeEF
Creating a persistent connection with BeEF
Integrating BeEF and Metasploit
Using the BeEF autorule engine
11
Working with Sparta
Working with Sparta
Information gathering with Sparta
Creating custom commands for Sparta
Port scanning with Sparta
Fingerprinting with Sparta
Vulnerability scanning with Sparta
Web application scanning with Sparta
12
Automating Kali Tools
Automating Kali Tools
Introduction
Nmap greppable output analysis
Port scanning with NMAP NSE execution
Automate vulnerability scanning with NSE
Automate web application scanning with Nikto
Multithreaded MSF exploitation with reverse shell payload
Multithreaded MSF exploitation with backdoor executable
Multithreaded MSF exploitation with ICMP verification
Multithreaded MSF exploitation with admin account creation

Installing Metasploitable2

Metasploitable2 is an intentionally vulnerable Linux distribution and is also a highly effective security training tool. It comes fully loaded with a large number of vulnerable network services and also includes several vulnerable web applications.

Getting ready

How to do it...

Installing Metasploitable2 is likely to be one of the easiest installations that you will perform in your security lab. This is because it is already prepared as a VMware virtual machine when it is downloaded from SourceForge.

  1. Once the ZIP file has been downloaded, you can easily extract its contents on Windows or macOS by double-clicking on it in Explorer or Finder, respectively. Have a look at the following screenshot:
  1. Once extracted, the ZIP file will return a directory with five additional files inside. Included among these files is the VMware VMX file. To use Metasploitable2 in VMware, just click on the File drop-down menu and click on Open. Then, browse to the directory created from the ZIP extraction process, and open Metasploitable.vmx, as shown in the following screenshot:
  1. Once the VMX file has been opened, it should be included in your virtual machine library. Select it from the library and click on Run to start the VM and get the following screen:
  1. After the VM loads, the splash screen will appear and request login credentials. The default credentials are msfadmin for both the username and password. This machine can also be accessed via SSH, as addressed in the Configuring and using SSH recipe later in this recipe.

How it works...

Metasploitable was built with the idea of security testing education in mind. This is a highly effective tool, but it must be handled with care. The Metasploitable system should never be exposed to any untrusted networks. It should never be assigned a publicly routable IP address, and port forwarding should not be used to make services accessible over the Network Address Translation (NAT) interface.

Previous Section
End of Section 6
Next Section