Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying KALI LINUX NETWORK SCANNING COOKBOOK
  • Table Of Contents Toc
  • Feedback & Rating feedback
KALI LINUX NETWORK SCANNING COOKBOOK

KALI LINUX NETWORK SCANNING COOKBOOK

By : Justin Hutchens
4.7 (20)
Buy this Book
close
close
KALI LINUX NETWORK SCANNING COOKBOOK

KALI LINUX NETWORK SCANNING COOKBOOK

4.7 (20)
By: Justin Hutchens
Buy this Book

Overview of this book

Kali Linux Network Scanning Cookbook is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience.
Table of Contents (10 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
1. Getting Started
chevron up
Icon
1. Getting Started
Icon
Configuring a security lab with VMware Player (Windows)
Icon
Configuring a security lab with VMware Fusion (Mac OS X)
Icon
Installing Ubuntu Server
Icon
Installing Metasploitable2
Icon
Installing Windows Server
Icon
Increasing the Windows attack surface
Icon
Installing Kali Linux
Icon
Configuring and using SSH
Icon
Installing Nessus on Kali Linux
Icon
Configuring Burp Suite on Kali Linux
Icon
Using text editors (VIM and Nano)
2
2. Discovery Scanning
Icon
2. Discovery Scanning
Icon
Using Scapy to perform layer 2 discovery
Icon
Using ARPing to perform layer 2 discovery
Icon
Using Nmap to perform layer 2 discovery
Icon
Using NetDiscover to perform layer 2 discovery
Icon
Using Metasploit to perform layer 2 discovery
Icon
Using ICMP ping to perform layer 3 discovery
Icon
Using Scapy to perform layer 3 discovery
Icon
Using Nmap to perform layer 3 discovery
Icon
Using fping to perform layer 3 discovery
Icon
Using hping3 to perform layer 3 discovery
Icon
Using Scapy to perform layer 4 discovery
Icon
Using Nmap to perform layer 4 discovery
Icon
Using hping3 to perform layer 4 discovery
3
3. Port Scanning
Icon
3. Port Scanning
Icon
UDP port scanning
Icon
TCP port scanning
Icon
UDP scanning with Scapy
Icon
UDP scanning with Nmap
Icon
UDP scanning with Metasploit
Icon
Stealth scanning with Scapy
Icon
Stealth scanning with Nmap
Icon
Stealth scanning with Metasploit
Icon
Stealth scanning with hping3
Icon
Connect scanning with Scapy
Icon
Connect scanning with Nmap
Icon
Connect scanning with Metasploit
Icon
Connect scanning with Dmitry
Icon
TCP port scanning with Netcat
Icon
Zombie scanning with Scapy
Icon
Zombie scanning with Nmap
4
4. Fingerprinting
Icon
4. Fingerprinting
Icon
Banner grabbing with Netcat
Icon
Banner grabbing with Python sockets
Icon
Banner grabbing with Dmitry
Icon
Banner grabbing with Nmap NSE
Icon
Banner grabbing with Amap
Icon
Service identification with Nmap
Icon
Service identification with Amap
Icon
Operating system identification with Scapy
Icon
Operating system identification with Nmap
Icon
Operating system identification with xProbe2
Icon
Passive operating system identification with p0f
Icon
SNMP analysis with Onesixtyone
Icon
SNMP analysis with SNMPwalk
Icon
Firewall identification with Scapy
Icon
Firewall identification with Nmap
Icon
Firewall identification with Metasploit
5
5. Vulnerability Scanning
Icon
5. Vulnerability Scanning
Icon
Vulnerability scanning with Nmap Scripting Engine
Icon
Vulnerability scanning with MSF auxiliary modules
Icon
Creating scan policies with Nessus
Icon
Vulnerability scanning with Nessus
Icon
Command-line scanning with Nessuscmd
Icon
Validating vulnerabilities with HTTP interaction
Icon
Validating vulnerabilities with ICMP interaction
6
6. Denial of Service
Icon
6. Denial of Service
Icon
Fuzz testing to identify buffer overflows
Icon
Remote FTP service buffer overflow DoS
Icon
Smurf DoS attack
Icon
DNS amplification DoS attack
Icon
SNMP amplification DoS attack
Icon
NTP amplification DoS attack
Icon
SYN flood DoS attack
Icon
Sock stress DoS attack
Icon
DoS attacks with Nmap NSE
Icon
DoS attacks with Metasploit
Icon
DoS attacks with the exploit database
7
7. Web Application Scanning
Icon
7. Web Application Scanning
Icon
Web application scanning with Nikto
Icon
SSL/TLS scanning with SSLScan
Icon
SSL/TLS scanning with SSLyze
Icon
Defining a web application target with Burp Suite
Icon
Using Burp Suite Spider
Icon
Using Burp Suite engagement tools
Icon
Using Burp Suite Proxy
Icon
Using the Burp Suite web application scanner
Icon
Using Burp Suite Intruder
Icon
Using Burp Suite Comparer
Icon
Using Burp Suite Repeater
Icon
Using Burp Suite Decoder
Icon
Using Burp Suite Sequencer
Icon
GET method SQL injection with sqlmap
Icon
POST method SQL injection with sqlmap
Icon
Requesting a capture SQL injection with sqlmap
Icon
Automating CSRF testing
Icon
Validating command injection vulnerabilities with HTTP traffic
Icon
Validating command injection vulnerabilities with ICMP traffic
8
8. Automating Kali Tools
Icon
8. Automating Kali Tools
Icon
Nmap greppable output analysis
Icon
Nmap port scanning with targeted NSE script execution
Icon
Nmap NSE vulnerability scanning with MSF exploitation
Icon
Nessuscmd vulnerability scanning with MSF exploitation
Icon
Multithreaded MSF exploitation with reverse shell payload
Icon
Multithreaded MSF exploitation with backdoor executable
Icon
Multithreaded MSF exploitation with ICMP verification
Icon
Multithreaded MSF exploitation with admin account creation
9
Index
Icon
Index

Installing Metasploitable2

Metasploitable2 is an intentionally vulnerable Linux distribution and is also a highly effective security training tool. It comes fully loaded with a large number of vulnerable network services and also includes several vulnerable web applications.

Getting ready

Prior to installing Metasploitable2 in your virtual security lab, you will first need to download it from the Web. There are many mirrors and torrents available for this. One relatively easy method to acquire Metasploitable is to download it from SourceForge at the following URL: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.

How to do it…

Installing Metasploitable2 is likely to be one of the easiest installations that you will perform in your security lab. This is because it is already prepared as a VMware virtual machine when it is downloaded from SourceForge. Once the ZIP file has been downloaded, you can easily extract the contents of this file in Windows or Mac OS X by double-clicking on it in Explorer or Finder respectively. Have a look at the following screenshot:

How to do it…

Once extracted, the ZIP file will return a directory with five additional files inside. Included among these files is the VMware VMX file. To use Metasploitable in VMware, just click on the File drop-down menu and click on Open. Then, browse to the directory created from the ZIP extraction process and open Metasploitable.vmx as shown in the following screenshot:

How to do it…

Once the VMX file has been opened, it should be included in your virtual machine library. Select it from the library and click on Run to start the VM and get the following screen:

How to do it…

After the VM loads, the splash screen will appear and request login credentials. The default credential to log in is msfadmin for both the username and password. This machine can also be accessed via SSH, as addressed in the Configuring and using SSH recipe later in this section.

How it works…

Metasploitable was built with the idea of security testing education in mind. This is a highly effective tool, but it must be handled with care. The Metasploitable system should never be exposed to any untrusted networks. It should never be assigned a publicly routable IP address, and port forwarding should not be used to make services accessible over the Network Address Translation (NAT) interface.

End of Section 5
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY