API tools faq
paste
Mukezh

Network Security Analysis

Mukezh
Nov 26th, 2018
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.98 KB | None | 0 0
raw download clone embed print report
  1. GRADE 2 Session 6
  2. =================
  3.  
  4. NSA --> Network Security Analysis
  5. =================================
  6.  
  7. Information Gathering
  8. ---------------------
  9. When ever we perform or we try to exploit any device, which is coonected in the network, then, we need to have some specific information. We cannot exploit the target just by using target's IP address. So we need to perform Network Security Analysis.
  10.  
  11. We have two types of Information Gathering
  12. 1. Normal Information Gathering
  13. 2. Intelligent|Advance Information Gathering
  14.  
  15. 1. Normal Information Gathering
  16. -------------------------------
  17. It is the informatin Gathering in which we get IP addresses, MAC addresses, Vendor name and device name only. Which is again a good part but not enough for exploiting.
  18. Microsoft OS --> Cain & Able
  19. Angry IP Scanner
  20. Advance IP Scanner
  21. Softperfect Network Scanner
  22. Linux Based OS --> netdiscover
  23. arp-scan
  24.  
  25. 2. Intelligent|Advance Information Gathering
  26. --------------------------------------------
  27. This is deep informatin Gathering. In this type of informatin Gathering, we receive much more information as compare to Normal Information Gathering.
  28. The Information we receive:
  29. IP Address
  30. MAC Address
  31. Services
  32. Port Numbers,
  33. OS
  34. Build Number
  35. Version
  36. Service Pack
  37. Endpoint Protection Enabled/Disabled
  38. Subnets
  39. Trace Route - Hops
  40. Protocols
  41. Base Protocol - TCP,UDP
  42. Vulnerabilities with CVE and CVSS.
  43.  
  44. Best tool ever for network informatin Gathering
  45. NMAP --> CLI --> Command Line Interface
  46. ZENMAP -> GUI --> Graphical User Interface
  47.  
  48. NMAP --> Network Mapping
  49. ====
  50. It is the best network scanning tool with multiple types of scan. It is network discovery tool and exploring tool. It is already installed in Kali Linux.
  51. Scans
  52. -----
  53. 1. To scan the whole network.
  54. -----------------------------
  55. #nmap 192.168.195.1/24
  56. #nmap 192.168.195.1-255
  57.  
  58. PORT STATE SERVICE
  59. Port Number OPEN Protocol|Service
  60. CLOSED
  61. FILTERED
  62. OPEN --> Open means that an application on the target machine
  63. is listening for connections/packets on that port.
  64. CLOSED -> Closed ports have no application listening on them, though they could open up at any time.
  65. FILTERED --> There is either of the things deployed
  66. Firewall
  67. IPS
  68. IDS
  69. WAF
  70. OPEN|FILTERED
  71. CLOSED|FILTERED
  72. 2. To scan a specific IP Address
  73. --------------------------------
  74. #nmap 192.168.195.192
  75. nmap <IP Address>
  76.  
  77. 3. To get the services
  78. ----------------------
  79. #nmap -sS 192.168.195.192
  80. -s --> To run a script
  81. script = -sS (SYN) Scan / Half Reply Scan
  82. Services running in a machine
  83.  
  84.  
  85. 4. To scan the version of the services
  86. --------------------------------------
  87. #nmap -sS -sV 192.168.195.192
  88.  
  89. -sS (SYN) Scan / Half Reply Scan
  90. Services running in a machine
  91. -sV (Verbose)
  92. Versions with all the metadata
  93. -sC (Concatenation)
  94. Grouping of data into systematic hierarchy
  95.  
  96. 5. To gather other minute information about the services
  97. --------------------------------------------------------
  98. #nmap -sS -sC -sV 192.168.195.192
  99. C --> to gether other information completely
  100.  
  101. 6. OS Detection Only
  102. --------------------
  103. #nmap -O 192.168.195.192
  104.  
  105. 7. Aggressive Scan
  106. ------------------
  107. #nmap -A -T4 192.168.195.192
  108. -A --> Aggressive Scan
  109. -T --> Time duration between two consecutive packets
  110. 4
  111.  
  112. 8. To detect a firewall
  113. -----------------------
  114. #nmap -f 192.168.195.192
  115.  
  116. 9. To do fast|quick scan
  117. ------------------------
  118. #nmap -F 192.168.195.192
  119.  
  120. 10. When Firewall is up
  121. -----------------------
  122. #nmap -Pn 192.168.195.192
  123. #nmap -Pn -sS -sC -sV -O 192.168.195.192
  124.  
  125. 11. To scan a specific port
  126. ---------------------------
  127. #nmap 192.168.195.192 -p 80,3306 --> scan port 80 and 3306
  128. #nmap 192.168.195.192 -p 80-3306 --> scan a range of port from 80-3306
  129.  
  130.  
  131. 12. Vulnerability Script
  132. --------------------------
  133. # nmap --script vuln IPADDRESS
  134.  
  135. 13. MIgrating SCans
  136.  
  137. #nmap -Pn -p80 -sS -sV -sC 192.168.195.192
  138.  
  139. ZENMAP
  140. ======
  141. Graphical representation of NMAP. Data in this scanning is not accurate and it generates the noise in the network.
  142. IP Address
  143. Type Of scan
  144. Click on scan
  145. Enjoy :)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!