![]() It then pings once (-n 1) looping through each value and appending them to the end of the subnet being pinged (192.168.1) in order to sweep all possible hosts. The batch script below increments the variable (a) by 1 starting at the number 1 and ending at 254. That’s a very simple script that will do the job on a Linux machine, but what if you’re on Windows? We can pretty much accomplish the same thing with a simple batch script. It removes all of the data from the ping response and only displays all live IP addresses. Once the shell script is run, the output looks like the following. ![]() Then I set another delimiter, this time the :, and grab the first value, which happens to be the IP address. By using a space as a delimiter, I grab the fourth value. Next, I send out a single ping and grep out the “bytes from” text, because this would be part of the response from a live host. This script loops through the sequence of numbers from 1 – 254, appending each to the end of the IP subnet address. ![]() Below is a shell script I wrote on a Linux PC. These are all handy tools, but what if you’re on a system and have no access to any of these tools? Well, in that case, build your own. I even have the option to crawl the site.Ĭrawling one of the discovered sites provides web pages, scripts, etc (as seen below). If I right-click on the discovered HTTP port more information about the service is displayed. As you can see, for one of the PCs the web server version was detected.īy right-clicking on the discovered FTP port, I am given the option to attempt a brute force attack against the server. Below I entered my local subnet and scanned for open TCP ports. Netifera also performs machine discovery, port scanning, remote OS detection, banner grabbing, web crawling, and brute force. Below I ran the same scan as above, but scanned only for port 80 (HTTP).įinally, we have a nice Linux GUI app called Netifera (nmap has a GUI as well, it’s called Zenmap). Below is the output from a basic full subnet scan.īy appending a : and the port number or a range of port numbers, we can search for specific open ports. Like nmap, this tool can also run several types of scans (Null, Fin, Xmas, Ack, Syn, etc). This tool allows you to scan for live hosts and open ports, but it can also perform service banner grabbing and active/passive OS detection. Unicornscan comes with several options, and I suggest spending some time playing around to become more familiar with them. Next up is another Linux tool, unicornscan. There are also a few other options including passive mode, which will help you remain stealth by passively listening for hosts on the subnet. Simply run this tool against your interface and (using ARP requests) it will scan the local subnet that you are attached to – you can also set it to scan a specific subnet. This is quick and dirty and gets the job done. One really simple Linux-based tool that I like to use is netdiscover. This is a handy scanner with some nice features. This tool can also be configured to gather remote registry, service, and file system info, and it can gather remote info via WMI. The tool also dumps the currently logged on user’s name as well as the MAC address, which I blacked out of the image. If I click the signs before the discovered IPs it would display and shares found (both hidden and public). Below, I configured the scanner to scan my local subnet and look for open web and netbios TCP ports. SoftPerfect Network Scanner is a simple Windows scanner that can discover live hosts and open ports as specified in the configuration. There are lots of scanning tools available, but here are a few that I find to be useful. There are many ways to do this outside of Nmap, and even though Nmap is the tool of choice for the previously mentioned activities, I thought it would be good to briefly cover some of the other tools we don’t hear about as often. It even has a scripting engine that can be used to automate tasks and dig further for information about remote systems. Nmap can be used to identify live hosts on a network, scan for open ports, enumerate service info, and fingerprint the OS. ![]() Pick up just about any decent book on IS security, hacking, pentesting, etc and you’re sure to have a section devoted to Nmap. Nmap is the most popular multipurpose reconnaissance and enumeration tool available, and best of all…it’s free.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |