Book Image

Kali Linux Network Scanning Cookbook - Second Edition

By : Michael Hixon, Justin Hutchens
Book Image

Kali Linux Network Scanning Cookbook - Second Edition

By: Michael Hixon, Justin Hutchens

Overview of this book

With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools. Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and has new and updated scripts for automating scanning and target exploitation. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. You will cover the latest features of Kali Linux 2016.2, which includes the enhanced Sparta tool and many other exciting updates. This immersive guide will also encourage the creation of personally scripted tools and the skills required to create them.
Table of Contents (13 chapters)

Port scanning with Scapy (UDP, stealth, connect, and zombie)

Scapy is a tool that can be used to craft and inject custom packets into a network. We will begin by using Scapy to scan for active UDP services. This can be done by sending an empty UDP packet to destination ports and then identifying the ports that do not respond with an ICMP port-unreachable response.

Next, we will use Scapy to perform a TCP stealth scan. A TCP port stealth scan performs a partial, three-way TCP handshake on target ports to identify whether the ports are accepting connections or not. This type of scan is referred to as a stealth scan, SYN scan, or half-open scan.

Next, we will use Scapy to perform a TCP connect scan. Generally, TCP connect scanning is an easier process than SYN scanning. This is because TCP connect scanning does not require the elevated privileges that are needed to generate and inject the raw packets used in SYN scanning...