Nmap network exploration and security auditing cookbook : a complete guide to mastering Nmap and its scripting engine, covering practical tasks for penetration testers and system administrators
Over 100 practical recipes related to network and application security auditing using the powerful Nmap About This Book Learn through practical recipes how to use Nmap for a wide range of tasks for system administrators and penetration testers. Learn the latest and most useful features of Nmap and t...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England ; Mumbai, [India] :
Packt Publishing
2017.
|
| Edición: | Second edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630185406719 |
Tabla de Contenidos:
- Cover
- Copyright
- Credits
- About the Author
- Acknowledgments
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Table of Contents
- Preface
- Chapter 1: Nmap Fundamentals
- Introduction
- Building Nmap's source code
- Getting ready
- How to do it...
- How it works...
- There's more...
- Experimental branches
- Updating your local working copy
- Customizing the building process
- Precompiled packages
- Finding live hosts in your network
- How to do it...
- How it works...
- There's more...
- Tracing routes
- Running the Nmap Scripting Engine during host discovery
- Exploring more ping scanning techniques
- Listing open ports on a target host
- How to do it...
- How it works...
- There's more...
- Privileged versus unprivileged
- Scanning specific port ranges
- Selecting a network interface
- More port scanning techniques
- Fingerprinting OS and services running on a target host
- How to do it...
- How it works...
- There's more...
- Increasing version detection intensity
- Aggressive detection mode
- Configuring OS detection
- OS detection in verbose mode
- Submitting new OS and service fingerprints
- Using NSE scripts against a target host
- How to do it...
- How it works...
- There's more...
- NSE script arguments
- Script selection
- Debugging NSE scripts
- Adding new scripts
- Reading targets from a file
- How to do it...
- How it works...
- There's more...
- Excluding a host list from your scans
- Scanning an IP address ranges
- How to do it...
- How it works...
- There's more...
- CIDR notation
- Scanning random targets on the Internet
- How to do it...
- How it works...
- There's more...
- Legal issues with port scanning
- Collecting signatures of web servers
- How to do it...
- How it works...
- There's more.
- Monitoring servers remotely with Nmap and Ndiff
- Getting ready
- How to do it...
- How it works...
- There's more...
- Monitoring specific services
- Crafting ICMP echo replies with Nping
- How to do it...
- How it works...
- There's more...
- Managing multiple scanning profiles with Zenmap
- How to do it...
- How it works...
- There's more...
- Zenmap scanning profiles
- Editing or deleting a scan profile
- Running Lua scripts against a network connection with Ncat
- How to do it...
- How it works...
- There's more...
- Other ways of executing external commands with Ncat
- Discovering systems with weak passwords with Ncrack
- Getting ready
- How to do it...
- How it works...
- There's more...
- Configuring authentication options
- Pausing and resuming attacks
- Launching Nmap scans remotely from a web browser using Rainmap Lite
- Getting ready
- How to do it...
- How it works...
- There's more...
- Custom arguments
- Chapter 2: Network Exploration
- Introduction
- Discovering hosts with TCP SYN ping scans
- How to do it...
- How it works...
- There's more...
- Privileged versus unprivileged TCP SYN ping scan
- Firewalls and traffic filtering
- Discovering hosts with TCP ACK ping scans
- How to do it...
- How it works...
- There's more...
- Privileged versus unprivileged TCP ACK ping scans
- Selecting ports in TCP ACK ping scans
- Discovering hosts with UDP ping scans
- How to do it...
- How it works...
- There's more...
- Selecting ports in UDP ping scans
- Discovering hosts with ICMP ping scans
- How to do it...
- How it works...
- There's more...
- Local versus remote networks
- ICMP types
- Discovering hosts with SCTP INIT ping scans
- How to do it...
- How it works...
- There's more...
- Unprivileged SCTP INIT ping scans
- Selecting ports in SCTP INIT ping scans.
- Discovering hosts with IP protocol ping scans
- How to do it...
- How it works...
- There's more...
- Setting alternate IP protocols
- Generating random data for the IP packets
- Supported IP protocols and their payloads
- Discovering hosts with ARP ping scans
- How to do it...
- How it works...
- There's more...
- MAC address spoofing
- IPv6 scanning
- Performing advanced ping scans
- How to do it...
- How it works...
- There's more...
- Ping probe effectiveness
- Discovering hosts with broadcast ping scans
- How to do it...
- How it works...
- There's more...
- Broadcast ping options
- Target library
- Scanning IPv6 addresses
- How to do it...
- How it works...
- There's more...
- IPv6 fingerprinting
- Discovering new IPv6 targets
- Gathering network information with broadcast scripts
- How to do it...
- How it works...
- There's more...
- Script selection
- Target library
- Scanning through proxies
- How to do it...
- How it works...
- There's more...
- Proxychains
- Spoofing the origin IP of a scan
- Getting ready
- How to do it...
- How it works...
- There's more...
- Choosing your zombie host wisely
- The IP ID sequence number
- Chapter 3: Reconnaissance Tasks
- Introduction
- Performing IP address geolocation
- Getting ready
- How to do it...
- How it works...
- There's more...
- Submitting a new geolocation provider
- Getting information from WHOIS records
- How to do it...
- How it works...
- There's more...
- Selecting service providers
- Ignoring referral records
- Disabling cache
- Obtaining traceroute geolocation information
- How to do it...
- How it works...
- There's more...
- Querying Shodan to obtain target information
- Getting ready
- How to do it...
- How it works...
- There's more...
- Saving the results in CSV files
- Specifying a single target.
- Checking whether a host is flagged by Google Safe Browsing for malicious activities
- Getting ready
- How to do it...
- How it works...
- There's more...
- Collecting valid e-mail accounts and IP addresses from web servers
- How to do it...
- How it works...
- There's more...
- Discovering hostnames pointing to the same IP address
- How to do it...
- How it works...
- There's more...
- Discovering hostnames by brute forcing DNS records
- How to do it...
- How it works...
- There's more...
- Customizing the dictionary
- Adjusting the number of threads
- Specifying a DNS server
- Using the NSE library target
- Obtaining profile information from Google's People API
- Getting ready
- How to do it...
- How it works...
- There's more...
- Matching services with public vulnerability advisories
- Getting ready
- How to do it...
- How it works...
- There's more...
- Chapter 4: Scanning Web Servers
- Introduction
- Listing supported HTTP methods
- How to do it...
- How it works...
- There's more...
- Interesting HTTP methods
- Checking whether a web server is an open proxy
- How to do it...
- How it works...
- There's more...
- Discovering interesting files and folders in web servers
- How to do it...
- How it works...
- There's more...
- Using a Nikto database
- Abusing mod_userdir to enumerate user accounts
- How to do it...
- How it works...
- There's more...
- Brute forcing HTTP authentication
- How to do it...
- How it works...
- There's more...
- Brute modes
- Brute forcing web applications
- How to do it...
- How it works...
- There's more...
- Brute forcing WordPress installations
- Brute forcing WordPress installations
- Detecting web application firewalls
- How to do it...
- How it works...
- There's more...
- Detecting possible XST vulnerabilities
- How to do it...
- How it works.
- There's more...
- Detecting XSS vulnerabilities
- How to do it...
- How it works...
- There's more...
- Finding SQL injection vulnerabilities
- How to do it...
- How it works...
- There's more...
- Detecting web servers vulnerable to slowloris denial of service attacks
- How to do it...
- How it works...
- There's more...
- Finding web applications with default credentials
- How to do it...
- How it works...
- There's more...
- Detecting web applications vulnerable to Shellshock
- How to do it...
- How it works...
- There's more...
- Executing commands remotely
- Spidering web servers to find vulnerable applications
- Detecting insecure cross-domain policies
- How to do it...
- How it works...
- There's more...
- Finding attacking domains available for purchase
- Detecting exposed source code control systems
- How to do it...
- How it works...
- There's more...
- Obtaining information from subversion source code control systems
- Auditing the strength of cipher suites in SSL servers
- How to do it...
- How it works...
- There's more...
- Scrapping e-mail accounts from web servers
- How to do it…
- How it works…
- There's more…
- Chapter 5: Scanning Databases
- Introduction
- Listing MySQL databases
- How to do it...
- How it works...
- There's more...
- Listing MySQL users
- How to do it...
- How it works...
- There's more...
- Listing MySQL variables
- How to do it...
- How it works...
- There's more...
- Brute forcing MySQL passwords
- How to do it...
- How it works...
- There's more...
- Finding root accounts with an empty password in MySQL servers
- How to do it...
- How it works...
- There's more...
- Detecting insecure configurations in MySQL servers
- How to do it...
- How it works...
- There's more...
- Brute forcing Oracle passwords
- How to do it...
- How it works.
- There's more.
