Table of Contents Scan large IP block Exclude IP blocks of sensitive part of the Internet Include IP blocks for targeted IP blocks Transmission Rates Specify ports and ranges Pull the services and banners Output formats Manage config for different scanning strategies The base system used to perform the scans:
root@192.168.1.11:~# uname -a Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.13-1kali2 (2017-03-07) x86_64 GNU/Linux Scan large IP block Scan the entire 175.
Table of Contents Introduction Enabling knockd Port-knocking Open the port Close the port Using Hping3 / Nmap Open the port Close the port Alternatives Introduction Port-knocking is a stealth method to open ports that the firewall keeps closed by default. A port-knock server listens to all traffic on an ethernet (or PPP) interface, looking for a special “knock” sequences of port-hits.
Table of Contents Quick peek Sorts out unique User-Agent (devices) Monitor the occurrence of the keywords Monitor HTTP GET | POST traffic by IP addresses DNS Quick peek Monitor activities on device eth0 port 80:
-W byline: linefeeds (LF) are printed as linefeeds, more readable.
-qt: quiet mode and print human-readable timestamp.
# ngrep -d eth0 -W byline -qt port 80 Sorts out unique User-Agent (devices) In corporate environment, desktop/laptop OS build is often standardized.
Table of Contents DNSCrypt Install Select a resolver Modify resolv.conf Start systemd service Verify the DNS traffic is encrypted DNSCrypt can be used to increase web browsing privacy and thwart DNS traffic sniffing. It enables encryption and authentication on DNS traffic between the local computer and the remote DNS resolver. It helps to mask the domain resolution (sent in clear text) to the DNS server, before the HTTPS connection initiated to the target website.
Table of Contents dig & grep namebench dig & grep A straightforward way is by using the dig util from the dnsutils package and grep the results. This works well for quick debug on-the-go:
# apt-get install dnsutils $ dig @202.188.0.132 archive.org | grep "Query time:" ;; Query time: 356 msec $ dig @8.8.8.8 archive.org | grep "Query time:" ;; Query time: 48 msec Note: 202.
Table of Contents Tcpkill GDB Tcpkill enables priviledged user to kill TCP connections, it uses the tcpdump expression. It’s part of the dsniff package. The default degree of brute force to use in killing a connection is 3, fast connections may require a higher number in order to land a RST in the moving receive window.
tcpkill [-i interface] [-1...9] expression For example, to kill the established and also to prevent any connections from 192.