Category: Network

All about network security!

NMAP

Common nmap commands during Pentest

1. Discover live hosts nmap -n -sn -PE -oA live_hosts 192.168.1.0/24nmap -n -sn -PE -oA live_hosts 192.168.1.0/24 2. Discover open TCP ports nmap -sS -vv -p- -oA tcp_ports_65535 192.168.1.15nmap -sS -vv -p- -oA tcp_ports_65535 192.168.1.15 nmap -sS -vv -p- -Pn –reason –open -oA tcp_ports_65535 192.168.1.15nmap -sS -vv -p- -Pn –reason –open -oA tcp_ports_65535 192.168.1.15 nmap …

Nessus, NMAP

Import Nmap results into Nessus

Download the Nmap XML Import plugin from http://tenablesecurity.com/documentation/nmapxml.nasl Copy the nmapxml.nasl file into the Nessus plugins directory C:\ProgramData\Tenable\Nessus\nessus\plugins Run a command prompt as Administrator net stop "Tenable Nessus"net stop "Tenable Nessus" Load Nessus new plugins cd C:\Program Files\Tenable\Nessuscd C:\Program Files\Tenable\Nessus nessusd.exe -ynessusd.exe -y Start the Nessus service net start "Tenable Nessus"net start "Tenable Nessus" Under …

Enumeration, Footprinting

Enumerate subdomains through a wordlist

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. Usage knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain   positional arguments: domain specific target domain, like domain.com   optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST …

Linux

OpenSSH server installation

To install the OpenSSH server application on your Ubuntu server system: Installation sudo apt-get install openssh-serversudo apt-get install openssh-server Backup original configuration file sudo cp / etc/ssh/sshd_config / etc/ssh/sshd_config.originalsudo cp / etc/ssh/sshd_config / etc/ssh/sshd_config.original sudo chmod a-w / etc/ssh/sshd_config.originalsudo chmod a-w / etc/ssh/sshd_config.original Generate SSH keys During the process you will be prompted for a …

Brute-force, Enumeration, Information Gathering

SubBrute – fast subdomain enumeration tool

SubBrute is a DNS meta-query spider tool that enumerates DNS records, and subdomains. SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design …

Cracking, Wireless

Aircrack-ng capture handshake and save it to file

Enable monitor mode airmon-ng start wlan0airmon-ng start wlan0 List nearest WiFi networks and channels airodump-ng mon0airodump-ng mon0 Capture packets from your target network channel and save them to file airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface]airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface] Deauthenticate a client from the network aireplay-ng –deauth 2 …

DNS, Enumeration

Enumerate DNS hostnames using nmap

nmap dns-brute script – Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records. Script Arguments: dns-brute.threads Thread to use (default 5). dns-brute.srvlist The filename of a list of SRV records to try. Defaults to “nselib/data/dns-srv-names” dns-brute.hostlist The filename …

DNS, Enumeration

Trace a chain of DNS servers back to the source

dnstracer – determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer. dnstracer – Kali Linux Git repo Options and Usage: DNSTRACER version 1.8.1 – (c) Edwin Groothuis – http://www.mavetju.org Usage: dnstracer [options] [host] -c: disable local …

DNS, Enumeration, Network

Passive DNS network mapping

Dnsmap – Passive DNS network mapper a.k.a. subdomains bruteforcer. dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc … Subdomain brute-forcing is another technique that should …