SlideShare une entreprise Scribd logo

Network Scanning Phases and Supporting Tools

J
Joseph Bugeja

This presentation focuses on the network penetration scanning phase. It introduces tools and techniques that professional pen-testers and ethical hackers need to master to find target machines, openings on those targets and vulnerabilities.

Technologie
1  sur  16
Network Scanning Phases and Supporting Tools Joseph Bugeja Information Security Manager/Architect November 24, 2013
Scanning Phase Goals • Overall: Learn more about targets and find openings by interacting with the target environment – Determine network addresses of live hosts, firewalls, routers, etc. in the network – Determine network topology of target environment – Determine operating system types of discovered hosts – Determine open ports and network sevices in target environment – Determine list of potential vulnerabilities – Do these in a manner that minimizes risk of impairing host or service
Scan Types • Network Sweeping – Send a series of probe packets to identify live hosts at IP addresses in the target network • Network Tracing – Determine network topology and draw a map • Port Scanning – Determine listening TCP and UDP ports on target systems • OS Fingerprinting – Determine the target operating system type based on network behaviour
Scan Types • Version Scanning – Determine the version of services and protocols spoken by open TCP and UDP ports • Vulnerability Scanning – Determine a list of potential vulnerabilities (misconfigurations, unpatched services, etc.) in the target environment
Scanning Tip: While Scanning Run a Sniffer • Whenever you run a scan, run a sniffer so that you can monitor network activity – You do not have to capture all packets in the file system • – That would likely require huge storage space Instead, display them on the screen so you can visualize what is happening in the scan • Which sniffer to use? – – Any sniffer that shows packet headers will do, but you want something small, flexible and fast tcpdump is ideal for this purpose
Scanning Tip: Use TCPDump • Free, open source sniffer – – www.tcpdump.org Ported to Windows as WinDump at www.winpcap.org/windump/default.htm • Supports various filtering rules • While testing, you will likely have it display all packets leaving from and coming to your scanning machine • But, for specific issues, you may need to focus on specific packets • Often, just running tcpdump with no special options while scanning provides the information you need $ sudo tcpdump
Network Sweep Tools • Angry IP – – www.angryip.org GUI-based tool for Windows • • • • Ping sweep (via ICMP Echo Request) TCP port scan Gets MAC address for systems on same subnet NetBIOS name and workgroup gathering • ICMPQuery – – www.angio.net/security/icmpquery.c Command-line tool for Linux/UNIX • • Sends ICMP Timestamp (Type 13) and Address Mask Request (Type 17) messages to identify live hosts Useful for identifying hosts in a network that has firewalls which block ICMP Echo Request
Network Sweep Tools • HPing – Inspired by ping, but goes much further • • – – – Free at www.hping.org, runs on Linux, *BSD, Windows and MacOS X The latest version, Hping3, supports TCL scripting By default, sends TCP packets with no control bits set to target port 0 continuously, once per second • – Originally Hping, then Hping2...latest is Hping3 From man page: “Send (almost) arbirary TCP/IP packets to networks hosts” Possibly getting RESETs back Example: # hping3 10.10.10.20
Network Tracing Tools • Traceroute – – – – Discovers the route that packets take between two systems Helps a tester construct network architecture diagrams Included in most operating systems Sends packets to target with varying TTLs in the IP Header • Layer Four Traceroute (LFT) – Free at http://pwhois.org/lft – Runs on Linux and Unix – Supports a variety of Layer Four options for tracerouting
Network Tracing Tools • 3D Traceroute – – Runs on Widows, free at www.d3tr.de Graphical traceroute using ICMP Echo Request, updated/animated in real-time • Web-Based Traceroute Services – Instead of tracerouting from your address to the target, various websites allow you to traceroute from them to the target – Very useful in seeing if you are being shunned during a test!
Port Scanning Tools • Nmap – Written and maintained by Fyodor • – – Very popular, located at www.insecure.org Has been extended into a general-purpose vulnerability scanner via Nmap Scripting Engine(NSE) Run with --packet-trace to display summary of each packet before it is sent, with output that includes: • • • • • • • Nmap calls to the OS SENT/RCVD Protocol (TCP/UDP) Source IP:Port and Dest IP:Port Control Bits TTL Other header information
OS Fingerprinting Tools • Nmap – – Attempts to determine the operating system of target by sending various packet types and measures the response Different systems have different protocol behaviour that we can trigger and measure remotely • Xprobe2 – ofirarkin.wordpress.com/xprobe – Based on Ofir Arkin ICMP fingerprinting research – Applies fuzzy logic to calculate the probabilities of its operating system type • P0f2 – – Supports passive OS fingerprinting Free
Version Scanning Tools • Nmap – Version scan invoked with -sV - Or use -A to for OS fingerprinting and version scan (i.e, -A = -sV + -O) • THC Amap – Free from http://freeworld.thc.org/thc-amap – Amap can do a port scan itself or it can be provided with the output file from Nmap – It sends triggers to each open port – It looks for defined responses – A useful second opinion to the Nmap version scan
Vulnerability Scanning Tools • Nmap Scripting Engine (NSE) – – Scripts are written in the Lua programming language May some day rival Nessus and NASL as a general purpose, free, open source vulnerability scanner • Nessus Vulnerability Scanner – Maintained and distributed by Tenable Network Security • – – – www.nessus.org Free download Plugins measure flaws in target environment As new vulnerabilities are discovered, Tenable personnel release plugins
Vulnerability Scanning Tools • Commercial Solutions – SAINT – Retina Network Security Scanner – Lumension PatchLink Scanner – BiDiBLAH – CORE Impact • Scanning Services/Appliances – Foundscan – Qualys • Free Solutions – SARA – SuperScan
Thank You! Thanks for Listening! Joseph Bugeja bugejajoseph@yahoo.com

Recommandé

Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nmap
NmapNmap
NmapMegha Sahu
 

Recommandé

Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nmap
NmapNmap
NmapMegha Sahu
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Network scanning
Network scanningNetwork scanning
Network scanningMD SAQUIB KHAN
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
Network scanner
Network scannerNetwork scanner
Network scannerShrikrishna Parab
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Wi fi in arabic
Wi fi in arabicWi fi in arabic
Wi fi in arabichasan_399_81
 
Ce hv7 module 03 scanning networks
Ce hv7 module 03 scanning networksCe hv7 module 03 scanning networks
Ce hv7 module 03 scanning networksZuleima Parada
 

Contenu connexe

Tendances

Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 

Tendances (20)

NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Nmap
NmapNmap
Nmap
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Network scanner
Network scannerNetwork scanner
Network scanner
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Wireshark
Wireshark Wireshark
Wireshark
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 

En vedette

Ce hv7 module 03 scanning networks
Ce hv7 module 03 scanning networksCe hv7 module 03 scanning networks
Ce hv7 module 03 scanning networksZuleima Parada
 
تعليم محادثة اللغة الانجليزية
تعليم محادثة اللغة الانجليزيةتعليم محادثة اللغة الانجليزية
تعليم محادثة اللغة الانجليزيةegylearn
 
Policy Round table 2: Climate Change and Food Security
Policy Round table 2: Climate Change and Food Security Policy Round table 2: Climate Change and Food Security
Policy Round table 2: Climate Change and Food Security FAO
 
Elebda3.net 4395
Elebda3.net 4395Elebda3.net 4395
Elebda3.net 4395Riadh Briki
 
Faculty of Engineering - Tanta University- Programmong world
Faculty of Engineering - Tanta University- Programmong worldFaculty of Engineering - Tanta University- Programmong world
Faculty of Engineering - Tanta University- Programmong worldMostafa Elgamala
 
Cisco network security Chapter7
Cisco network security Chapter7Cisco network security Chapter7
Cisco network security Chapter7Khalid Al-wajeh
 
Cloud Computing الحوسبة السحابية
Cloud Computing الحوسبة السحابيةCloud Computing الحوسبة السحابية
Cloud Computing الحوسبة السحابيةIT.Amna Khdoum
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)Will Schroeder
 
Scanner presentation
Scanner presentationScanner presentation
Scanner presentationAniket Menon
 

En vedette (17)

Wi fi in arabic
Wi fi in arabicWi fi in arabic
Wi fi in arabic
 
Ce hv7 module 03 scanning networks
Ce hv7 module 03 scanning networksCe hv7 module 03 scanning networks
Ce hv7 module 03 scanning networks
 
Scan tool basics
Scan tool basicsScan tool basics
Scan tool basics
 
تعليم محادثة اللغة الانجليزية
تعليم محادثة اللغة الانجليزيةتعليم محادثة اللغة الانجليزية
تعليم محادثة اللغة الانجليزية
 
Policy Round table 2: Climate Change and Food Security
Policy Round table 2: Climate Change and Food Security Policy Round table 2: Climate Change and Food Security
Policy Round table 2: Climate Change and Food Security
 
Scanning Techniques
Scanning TechniquesScanning Techniques
Scanning Techniques
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Elebda3.net 4395
Elebda3.net 4395Elebda3.net 4395
Elebda3.net 4395
 
Faculty of Engineering - Tanta University- Programmong world
Faculty of Engineering - Tanta University- Programmong worldFaculty of Engineering - Tanta University- Programmong world
Faculty of Engineering - Tanta University- Programmong world
 
IT
ITIT
IT
 
Cisco network security Chapter7
Cisco network security Chapter7Cisco network security Chapter7
Cisco network security Chapter7
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Cloud Computing الحوسبة السحابية
Cloud Computing الحوسبة السحابيةCloud Computing الحوسبة السحابية
Cloud Computing الحوسبة السحابية
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
 
Scanner presentation
Scanner presentationScanner presentation
Scanner presentation
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Skimming & Scanning
Skimming & ScanningSkimming & Scanning
Skimming & Scanning
 

Similaire à Network Scanning Phases and Supporting Tools

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
Detecting Reconnaissance Through Packet Forensics by Shashank NigamDetecting Reconnaissance Through Packet Forensics by Shashank Nigam
Detecting Reconnaissance Through Packet Forensics by Shashank NigamOWASP Delhi
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueDianaWhitney4
 

Similaire à Network Scanning Phases and Supporting Tools (20)

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Chapter 3 footprinting
Chapter 3 footprintingChapter 3 footprinting
Chapter 3 footprinting
 
Network scan
Network scanNetwork scan
Network scan
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptx
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
 
Namp
Namp Namp
Namp
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
Detecting Reconnaissance Through Packet Forensics by Shashank NigamDetecting Reconnaissance Through Packet Forensics by Shashank Nigam
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
ManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical Overview
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
 

Dernier

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Dernier (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Network Scanning Phases and Supporting Tools

  • 1. Network Scanning Phases and Supporting Tools Joseph Bugeja Information Security Manager/Architect November 24, 2013
  • 2. Scanning Phase Goals • Overall: Learn more about targets and find openings by interacting with the target environment – Determine network addresses of live hosts, firewalls, routers, etc. in the network – Determine network topology of target environment – Determine operating system types of discovered hosts – Determine open ports and network sevices in target environment – Determine list of potential vulnerabilities – Do these in a manner that minimizes risk of impairing host or service
  • 3. Scan Types • Network Sweeping – Send a series of probe packets to identify live hosts at IP addresses in the target network • Network Tracing – Determine network topology and draw a map • Port Scanning – Determine listening TCP and UDP ports on target systems • OS Fingerprinting – Determine the target operating system type based on network behaviour
  • 4. Scan Types • Version Scanning – Determine the version of services and protocols spoken by open TCP and UDP ports • Vulnerability Scanning – Determine a list of potential vulnerabilities (misconfigurations, unpatched services, etc.) in the target environment
  • 5. Scanning Tip: While Scanning Run a Sniffer • Whenever you run a scan, run a sniffer so that you can monitor network activity – You do not have to capture all packets in the file system • – That would likely require huge storage space Instead, display them on the screen so you can visualize what is happening in the scan • Which sniffer to use? – – Any sniffer that shows packet headers will do, but you want something small, flexible and fast tcpdump is ideal for this purpose
  • 6. Scanning Tip: Use TCPDump • Free, open source sniffer – – www.tcpdump.org Ported to Windows as WinDump at www.winpcap.org/windump/default.htm • Supports various filtering rules • While testing, you will likely have it display all packets leaving from and coming to your scanning machine • But, for specific issues, you may need to focus on specific packets • Often, just running tcpdump with no special options while scanning provides the information you need $ sudo tcpdump
  • 7. Network Sweep Tools • Angry IP – – www.angryip.org GUI-based tool for Windows • • • • Ping sweep (via ICMP Echo Request) TCP port scan Gets MAC address for systems on same subnet NetBIOS name and workgroup gathering • ICMPQuery – – www.angio.net/security/icmpquery.c Command-line tool for Linux/UNIX • • Sends ICMP Timestamp (Type 13) and Address Mask Request (Type 17) messages to identify live hosts Useful for identifying hosts in a network that has firewalls which block ICMP Echo Request
  • 8. Network Sweep Tools • HPing – Inspired by ping, but goes much further • • – – – Free at www.hping.org, runs on Linux, *BSD, Windows and MacOS X The latest version, Hping3, supports TCL scripting By default, sends TCP packets with no control bits set to target port 0 continuously, once per second • – Originally Hping, then Hping2...latest is Hping3 From man page: “Send (almost) arbirary TCP/IP packets to networks hosts” Possibly getting RESETs back Example: # hping3 10.10.10.20
  • 9. Network Tracing Tools • Traceroute – – – – Discovers the route that packets take between two systems Helps a tester construct network architecture diagrams Included in most operating systems Sends packets to target with varying TTLs in the IP Header • Layer Four Traceroute (LFT) – Free at http://pwhois.org/lft – Runs on Linux and Unix – Supports a variety of Layer Four options for tracerouting
  • 10. Network Tracing Tools • 3D Traceroute – – Runs on Widows, free at www.d3tr.de Graphical traceroute using ICMP Echo Request, updated/animated in real-time • Web-Based Traceroute Services – Instead of tracerouting from your address to the target, various websites allow you to traceroute from them to the target – Very useful in seeing if you are being shunned during a test!
  • 11. Port Scanning Tools • Nmap – Written and maintained by Fyodor • – – Very popular, located at www.insecure.org Has been extended into a general-purpose vulnerability scanner via Nmap Scripting Engine(NSE) Run with --packet-trace to display summary of each packet before it is sent, with output that includes: • • • • • • • Nmap calls to the OS SENT/RCVD Protocol (TCP/UDP) Source IP:Port and Dest IP:Port Control Bits TTL Other header information
  • 12. OS Fingerprinting Tools • Nmap – – Attempts to determine the operating system of target by sending various packet types and measures the response Different systems have different protocol behaviour that we can trigger and measure remotely • Xprobe2 – ofirarkin.wordpress.com/xprobe – Based on Ofir Arkin ICMP fingerprinting research – Applies fuzzy logic to calculate the probabilities of its operating system type • P0f2 – – Supports passive OS fingerprinting Free
  • 13. Version Scanning Tools • Nmap – Version scan invoked with -sV - Or use -A to for OS fingerprinting and version scan (i.e, -A = -sV + -O) • THC Amap – Free from http://freeworld.thc.org/thc-amap – Amap can do a port scan itself or it can be provided with the output file from Nmap – It sends triggers to each open port – It looks for defined responses – A useful second opinion to the Nmap version scan
  • 14. Vulnerability Scanning Tools • Nmap Scripting Engine (NSE) – – Scripts are written in the Lua programming language May some day rival Nessus and NASL as a general purpose, free, open source vulnerability scanner • Nessus Vulnerability Scanner – Maintained and distributed by Tenable Network Security • – – – www.nessus.org Free download Plugins measure flaws in target environment As new vulnerabilities are discovered, Tenable personnel release plugins
  • 15. Vulnerability Scanning Tools • Commercial Solutions – SAINT – Retina Network Security Scanner – Lumension PatchLink Scanner – BiDiBLAH – CORE Impact • Scanning Services/Appliances – Foundscan – Qualys • Free Solutions – SARA – SuperScan
  • 16. Thank You! Thanks for Listening! Joseph Bugeja bugejajoseph@yahoo.com