Nmap : network exploration and security auditing cookbook : a complete guide to mastering Nmap and its scripting engine, covering practical tasks for penetration testers and system administrators / Paulino Calderon.

Format:

Book

Author/Creator:

Calderon, Paulino, author.

Language:

English

Subjects (All):

Computer networks--Monitoring--Computer programs.

Computer networks.

Physical Description:

1 online resource (378 pages) : illustrations

Edition:

Second edition.

Place of Publication:

Birmingham, England ; Mumbai, [India] : Packt Publishing, 2017.

System Details:

text file

Biography/History:

Calderon Paulino: Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software. Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017. He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.

Summary:

Over 100 practical recipes related to network and application security auditing using the powerful Nmap About This Book Learn through practical recipes how to use Nmap for a wide range of tasks for system administrators and penetration testers. Learn the latest and most useful features of Nmap and the Nmap Scripting Engine. Learn to audit the security of networks, web applications, databases, mail servers, Microsoft Windows servers/workstations and even ICS systems. Learn to develop your own modules for the Nmap Scripting Engine. Become familiar with Lua programming. 100% practical tasks, relevant and explained step-by-step with exact commands and optional arguments description Who This Book Is For The book is for anyone who wants to master Nmap and its scripting engine to perform real life security auditing checks for system administrators and penetration testers. This book is also recommended to anyone looking to learn about network security auditing. Finally, novice Nmap users will also learn a lot from this book as it covers several advanced internal aspects of Nmap and related tools. What You Will Learn Learn about Nmap and related tools, such as Ncat, Ncrack, Ndiff, Zenmap and the Nmap Scripting Engine Master basic and advanced techniques to perform port scanning and host discovery Detect insecure configurations and vulnerabilities in web servers, databases, and mail servers Learn how to detect insecure Microsoft Windows workstations and scan networks using the Active Directory technology Learn how to safely identify and scan critical ICS/SCADA systems Learn how to optimize the performance and behavior of your scans Learn about advanced reporting Learn the fundamentals of Lua programming Become familiar with the development libraries shipped with the NSE Write your own Nmap Scripting Engine scripts In Detail This is the second edition of 'Nmap 6: Network Exploration and Security Auditing Cookbook'. A book aimed for anyone who wants to master Nmap and its scripting engine through practical tasks for system administrators and penetration testers. Besides introducing the most powerful features of Nmap and related tools, common security auditing tasks for local and remote networks, web applications, databases, mail servers, Microsoft Windows machines and even ICS SCADA systems are explained step by step with exact commands and argument explanations. The book starts with the basic usage of Nmap and related tools like Ncat, Ncrack, Ndiff and Z...

Contents:

Cover

Copyright

Credits

About the Author

Acknowledgments

About the Reviewer

www.PacktPub.com

Customer Feedback

Table of Contents

Preface

Chapter 1: Nmap Fundamentals

Introduction

Building Nmap's source code

Getting ready

How to do it...

How it works...

There's more...

Experimental branches

Updating your local working copy

Customizing the building process

Precompiled packages

Finding live hosts in your network

Tracing routes

Running the Nmap Scripting Engine during host discovery

Exploring more ping scanning techniques

Listing open ports on a target host

Privileged versus unprivileged

Scanning specific port ranges

Selecting a network interface

More port scanning techniques

Fingerprinting OS and services running on a target host

Increasing version detection intensity

Aggressive detection mode

Configuring OS detection

OS detection in verbose mode

Submitting new OS and service fingerprints

Using NSE scripts against a target host

NSE script arguments

Script selection

Debugging NSE scripts

Adding new scripts

Reading targets from a file

Excluding a host list from your scans

Scanning an IP address ranges

CIDR notation

Scanning random targets on the Internet

Legal issues with port scanning

Collecting signatures of web servers

There's more.

Monitoring servers remotely with Nmap and Ndiff

Monitoring specific services

Crafting ICMP echo replies with Nping

Managing multiple scanning profiles with Zenmap

Zenmap scanning profiles

Editing or deleting a scan profile

Running Lua scripts against a network connection with Ncat

Other ways of executing external commands with Ncat

Discovering systems with weak passwords with Ncrack

Configuring authentication options

Pausing and resuming attacks

Launching Nmap scans remotely from a web browser using Rainmap Lite

Custom arguments

Chapter 2: Network Exploration

Discovering hosts with TCP SYN ping scans

Privileged versus unprivileged TCP SYN ping scan

Firewalls and traffic filtering

Discovering hosts with TCP ACK ping scans

Privileged versus unprivileged TCP ACK ping scans

Selecting ports in TCP ACK ping scans

Discovering hosts with UDP ping scans

Selecting ports in UDP ping scans

Discovering hosts with ICMP ping scans

Local versus remote networks

ICMP types

Discovering hosts with SCTP INIT ping scans

Unprivileged SCTP INIT ping scans

Selecting ports in SCTP INIT ping scans.

Discovering hosts with IP protocol ping scans

Setting alternate IP protocols

Generating random data for the IP packets

Supported IP protocols and their payloads

Discovering hosts with ARP ping scans

MAC address spoofing

IPv6 scanning

Performing advanced ping scans

Ping probe effectiveness

Discovering hosts with broadcast ping scans

Broadcast ping options

Target library

Scanning IPv6 addresses

IPv6 fingerprinting

Discovering new IPv6 targets

Gathering network information with broadcast scripts

Scanning through proxies

Proxychains

Spoofing the origin IP of a scan

Choosing your zombie host wisely

The IP ID sequence number

Chapter 3: Reconnaissance Tasks

Performing IP address geolocation

Submitting a new geolocation provider

Getting information from WHOIS records

Selecting service providers

Ignoring referral records

Disabling cache

Obtaining traceroute geolocation information

Querying Shodan to obtain target information

Saving the results in CSV files

Specifying a single target.

Checking whether a host is flagged by Google Safe Browsing for malicious activities

Collecting valid e-mail accounts and IP addresses from web servers

Discovering hostnames pointing to the same IP address

Discovering hostnames by brute forcing DNS records

Customizing the dictionary

Adjusting the number of threads

Specifying a DNS server

Using the NSE library target

Obtaining profile information from Google's People API

Matching services with public vulnerability advisories

Chapter 4: Scanning Web Servers

Listing supported HTTP methods

Interesting HTTP methods

Checking whether a web server is an open proxy

Discovering interesting files and folders in web servers

Using a Nikto database

Abusing mod_userdir to enumerate user accounts

Brute forcing HTTP authentication

Brute modes

Brute forcing web applications

Brute forcing WordPress installations

Detecting web application firewalls

Detecting possible XST vulnerabilities

How it works.

There's more...

Detecting XSS vulnerabilities

Finding SQL injection vulnerabilities

Detecting web servers vulnerable to slowloris denial of service attacks

Finding web applications with default credentials

Detecting web applications vulnerable to Shellshock

Executing commands remotely

Spidering web servers to find vulnerable applications

Detecting insecure cross-domain policies

Finding attacking domains available for purchase

Detecting exposed source code control systems

Obtaining information from subversion source code control systems

Auditing the strength of cipher suites in SSL servers

Scrapping e-mail accounts from web servers

How to do it…

How it works…

There's more…

Chapter 5: Scanning Databases

Listing MySQL databases

Listing MySQL users

Listing MySQL variables

Brute forcing MySQL passwords

Finding root accounts with an empty password in MySQL servers

Detecting insecure configurations in MySQL servers

Brute forcing Oracle passwords

There's more.

Notes:

Includes index.

Includes bibliographical references.

Description based on online resource; title from PDF title page (ebrary, viewed June 23, 2017).

ISBN:

9781786461537

1786461536

OCLC:

990194769