Introduction To ToolBox Pentest With Nmap, Nikto & Nessus

•

0 j'aime•624 vues

Dann Lunlii'e

ToolBox

Technologie

ToolBox
You want to know nearly all your toolbox
dpkg list
You want to know if a specific tool is installed
dpkg –list | grep <tool name>

dwiseptianwardanaputra@gmail.com

Ethical
1. Information Gathering
2. Reconnaissance Scan
3. Gain
4. Maintaining

dwiseptianwardanaputra@gmail.com

Information Gathering
Pre pentest, Important Phase
Gathering All Information
# Internet Searches
# Social Engineering
# Hping
# Fierce

dwiseptianwardanaputra@gmail.com

ToolBox
Fierce ToolBox:
Scanning DNS
Zone transfer
Config Check DNS
# /pentest/enumeration/dns/fierce
# /fierce.pl –dns <www.target.com>
dwiseptianwardanaputra@gmail.com

Fierce

dwiseptianwardanaputra@gmail.com

Recon Scanning
Recon Tools :

Vulnerability Tools :

Nslookup

   Nessus
    Nikto

Whois

   Etc

Google
Enum Tools / Network Scanner :
    Nmap
    Netcraft
    Etc

dwiseptianwardanaputra@gmail.com

ToolBox
Nmap ToolBox is :
Free and Open Source
Cross platform
Simple to use
Nmap : http://www.nmap.org
Command : nmap p <ipaddr>
dwiseptianwardanaputra@gmail.com

ToolBox
Vulnerability Assessment Nikto :
Web Server Scanner
http://cirt.net/nikto2
/pentest/scanners/nikto
./nikto.pl host <websiteip>:<port>

dwiseptianwardanaputra@gmail.com

Nessus
Vulnerability Assessment :
Install
# dpkg i *.deb
# /opt/nessus/sbin/nessusadduser
# Reg : http://www.nessus.org/plugins/?view=registerinfo
# Start Nessus : /etc/init.d/nessusd start
https://localhost:8834
dwiseptianwardanaputra@gmail.com

Nessus

dwiseptianwardanaputra@gmail.com

Gain
Gain Access Point of a modernday attack
The usual goal is to either extract information
Gain Tools :
Metasploit
SET (Social Eng Toolkit)
Etc..
dwiseptianwardanaputra@gmail.com

ToolBox

dwiseptianwardanaputra@gmail.com

ToolBox
ToolBox Metasploit Interfaces :
# MSFconsole
# MSFcli
# MSFgui, MSFweb
# Armitage

dwiseptianwardanaputra@gmail.com

MSFconsole

dwiseptianwardanaputra@gmail.com

MSFcli

/fierce.pl –dns Target (like google.com)

dwiseptianwardanaputra@gmail.com

TERIMAKASIH
Dwi Septian Wardana putra
KOLAM – Komunitas Linux Arek Malang

dwiseptianwardanaputra@gmail.com

Contenu connexe

En vedette

Exploit Development with PythonThomas Gregory

CyborgsAkhil Kumar

iCrOSS 2013_PentestM.Syarifudin, ST, OSCP, OSWP

Mobile hacking, pentest, and malwareAmmar WK

backdooring workshopAmmar WK

Network Packet AnalysisAmmar WK

Backtrack 5 - network pentestDan H

Backtrack 5 - web pentestDan H

Web Hacking (basic)Ammar WK

Burp Suite StarterFadi Abdulwahab

Cross Site Scripting ( XSS)Amit Tyagi

Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP

En vedette (12)

Exploit Development with Python

Cyborgs

iCrOSS 2013_Pentest

Mobile hacking, pentest, and malware

backdooring workshop

Network Packet Analysis

Backtrack 5 - network pentest

Backtrack 5 - web pentest

Web Hacking (basic)

Burp Suite Starter

Cross Site Scripting ( XSS)

Pentest with Metasploit

Similaire à Introduction To ToolBox Pentest With Nmap, Nikto & Nessus

Planning for Debugginglokku

ION Islamabad - Deploying DNSSECDeploy360 Programme (Internet Society)

Technology for Your BusinessTegar Imansyah

Introduction to Windows Dictionary AttacksNetSPI

Django Deployment-in-AWSMindfire Solutions

Storage, Virtual, and Server Profiler TrainingSolarWinds

Reconnaissance - For pentesting and user awarenessLeon Teale

SeaSec East: Green Locks For You & MeWendy Knox Everette

Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert

Ubuntu And Parental Controlsjasonholtzapple

TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente

Red Team Methodology - A Naked LookJason Lang

MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...APNIC

Password Attack Sina Manavi

SplunkLive! Washington DC May 2013 - Splunk Security WorkshopSplunk

Establishing your district's relationship with googleTim Golden

technical-information-gathering-slides.pdfMarceloCunha571649

ION Djibouti: KENIC DNSSEC Case StudyDeploy360 Programme (Internet Society)

Hands-on getdns TutorialShumon Huque

Supply Chainsawscriptjunkie

Similaire à Introduction To ToolBox Pentest With Nmap, Nikto & Nessus (20)

Planning for Debugging

ION Islamabad - Deploying DNSSEC

Technology for Your Business

Introduction to Windows Dictionary Attacks

Django Deployment-in-AWS

Storage, Virtual, and Server Profiler Training

Reconnaissance - For pentesting and user awareness

SeaSec East: Green Locks For You & Me

Penetration Testing Boot CAMP

Ubuntu And Parental Controls

TTL Alfresco Product Security and Best Practices 2017

Red Team Methodology - A Naked Look

MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...

Password Attack

SplunkLive! Washington DC May 2013 - Splunk Security Workshop

Establishing your district's relationship with google

technical-information-gathering-slides.pdf

ION Djibouti: KENIC DNSSEC Case Study

Hands-on getdns Tutorial

Supply Chainsaw

Dernier

TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey

SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal

Anypoint Exchange: It’s Not Just a Repo!Manik S Magar

"ML in Production",Oleksandr BaganFwdays

Artificial intelligence in cctv survelliance.pptxhariprasad279825

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero

Advanced Computer Architecture – An IntroductionDilum Bandara

CloudStudio User manual (basic edition):comworks

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

How to write a Business Continuity PlanDatabarracks

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati

Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited

Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge

"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays

DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy

Dernier (20)

TeamStation AI System Report LATAM IT Salaries 2024

SAP Build Work Zone - Overview L2-L3.pptx

Anypoint Exchange: It’s Not Just a Repo!

"ML in Production",Oleksandr Bagan

Artificial intelligence in cctv survelliance.pptx

DevEX - reference for building teams, processes, and platforms

SIP trunking in Janus @ Kamailio World 2024

Advanced Computer Architecture – An Introduction

CloudStudio User manual (basic edition):

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

How to write a Business Continuity Plan

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day

Nell’iperspazio con Rocket: il Framework Web di Rust!

Scanning the Internet for External Cloud Exposures via SSL Certs

Ensuring Technical Readiness For Copilot in Microsoft 365

Developer Data Modeling Mistakes: From Postgres to NoSQL

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

Designing IA for AI - Information Architecture Conference 2024

"Debugging python applications inside k8s environment", Andrii Soldatenko

DevoxxFR 2024 Reproducible Builds with Apache Maven