Table of Contents Scan a network Advanced Scans Basic Network Scans Launch A Scan Results Exports Executive Report Technical Report Scan a network Target: 192.168.1.0/24 Nessus provides a set of ready-to-use templates. For general scans, the (1) Advanced Scan and (2) Basic Network Scan would work. The differences are the Advanced Scan supports the Compliance and Plugins which can be used to fine-tune the compliance checks (credentials are required) and plugins.

Table of Contents Introduction nDPI Build and install ndpi-netfilter Realtime capture Iptables/netfilter SSH Youtube Social Networks Introduction Port-independent, P2P, and encrypted protocols and packets have made the conventional network traffics analysis that based on packet header (transport protocol and application ports) obsolete. Deep Packet Inspection (DPI) technology can be used to identify and classify these encrypted, port-independent, P2P protocols.

Table of Contents Scan large IP block Exclude IP blocks of sensitive part of the Internet Include IP blocks for targeted IP blocks Transmission Rates Specify ports and ranges Pull the services and banners Output formats Manage config for different scanning strategies The base system used to perform the scans: root@192.168.1.11:~# uname -a Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.13-1kali2 (2017-03-07) x86_64 GNU/Linux Scan large IP block Scan the entire 175.

Table of Contents Introduction Enabling knockd Port-knocking Open the port Close the port Using Hping3 / Nmap Open the port Close the port Alternatives Introduction Port-knocking is a stealth method to open ports that the firewall keeps closed by default. A port-knock server listens to all traffic on an ethernet (or PPP) interface, looking for a special “knock” sequences of port-hits.

In the Nmap Network Scanning book, chapter 15 , section Port Specification and Scan Order , to quote “By default, Nmap scans the most common 1,000 ports for each protocol.” [1] However, the documentation did not mention the list of 1000 ports. So, how to identify and show those 1000 ports ? --top-ports n: the n highest-ratio ports found in nmap-services. n must be 1 or greater -v: verbose level, to print the -oG: grepable output - : output to stdout $ nmap --top-ports 1000 -v -oG - localhost Note: refer to /usr/share/nmap/nmap-services file for the service name and protocol.

Table of Contents Nmap Ndiff Scan and interpret the results/diffs Automation Nmap Ndiff Ndiff is a tool to aid in the comparison of Nmap scans. Ndiff, like the standard diff utility, compares two scans at a time. It takes two Nmap XML output files and prints the differences between them. The differences observed are: Host states (e.g. up to down) Port states (e.

Table of Contents Scan a Network/Subnet Host Discovery Scan a large public network Scan a private network: 192.168.1.0/24 Scan a Single Target Remote OS and Service Detection Host and Port State Reason List of Examples Scan a Network/Subnet Host Discovery HOST DISCOVERY: -sL: List Scan - simply list targets to scan, without sending any packets to the target hosts, useful to generate list of target hosts and dns resolution.

Table of Contents Scan for vulnerability Create a HTTP request file Scan the target Explore the vulnerable target’s databases and system Dictionary attack against password hashes and dump full credentials OS Shell Access Behind the scene Speedup the process and specify custom injection payloads Capture and decode the payload with Ngrep with Wireshark Decode the payload Scan for vulnerability Create a HTTP request file Use -r option instead of passing long parameters of --url, --user-agent, etc.

Table of Contents Quick drill into errors and connection issues Identify the protocols with high traffic Get the connection speed to a site Get the time spent in waiting for a response Identify the bad packets (TCP errors) ratio Generate the statistic:- runs wireshark and starts capturing the network packets until the statistic builds. Quick drill into errors and connection issues Navigates to 'Analyze' → 'Expert Info' , a high number of errors and warnings indicates problems.

Table of Contents Quick peek Sorts out unique User-Agent (devices) Monitor the occurrence of the keywords Monitor HTTP GET | POST traffic by IP addresses DNS Quick peek Monitor activities on device eth0 port 80: -W byline: linefeeds (LF) are printed as linefeeds, more readable. -qt: quiet mode and print human-readable timestamp. # ngrep -d eth0 -W byline -qt port 80 Sorts out unique User-Agent (devices) In corporate environment, desktop/laptop OS build is often standardized.