Kali Linux Network Scanning Cookbook - Second Edition
eBook - ePub

Kali Linux Network Scanning Cookbook - Second Edition

  1. 634 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Kali Linux Network Scanning Cookbook - Second Edition

About this book

Over 100 practical recipes that leverage custom scripts and integrated tools in Kali Linux to help you effectively master network scanningAbout This Book• Learn the fundamentals behind commonly used scanning techniques• Deploy powerful scanning tools that are integrated into the Kali Linux testing platform• The practical recipes will help you automate menial tasks and build your own script libraryWho This Book Is ForThis book is for information security professionals and casual security enthusiasts alike. It provides foundational principles if you're a novice, but will also introduce scripting techniques and in-depth analysis if you're more advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this book will help you both understand and ultimately master many of the most powerful and useful scanning techniques in the industry. It is assumed that you have some basic security testing experience.What You Will Learn• Develop a network-testing environment to test scanning tools and techniques• Understand the principles of network-scanning tools by building scripts and tools• Identify distinct vulnerabilities in web apps and remote services and learn how they are exploited• Perform comprehensive scans to identify listening on TCP and UDP sockets• Get started with different Kali desktop environments--KDE, MATE, LXDE, and Xfce• Use Sparta for information gathering, port scanning, fingerprinting, vulnerability scanning, and more• Evaluate DoS threats and learn how common DoS attacks are performed• Learn how to use Burp Suite to evaluate web applicationsIn DetailWith the ever-increasing amount of data flowing in today's world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools.Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and has new and updated scripts for automating scanning and target exploitation. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. You will cover the latest features of Kali Linux 2016.2, which includes the enhanced Sparta tool and many other exciting updates.This immersive guide will also encourage the creation of personally scripted tools and the skills required to create them.Style and approachThis step-by-step guide is full of recipes that will help you use integrated scanning tools in Kali Linux and develop custom scripts to make new and unique tools of your own.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Information

Publisher
Packt Publishing
Year
2017
eBook ISBN
9781787285019
Edition
2
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Discovery

This chapter will include the following recipes:
  • Using Scapy to perform host discovery (layers 2/3/4)
  • Using Nmap to perform host discovery (layers 2/3/4)
  • Using ARPing to perform host discovery (layer 2)
  • Using netdiscover to perform host discovery (layer 2)
  • Using Metasploit to perform host discovery (layer 2)
  • Using ICMP to perform host discovery
  • Using fping to perform host discovery
  • Using hping3 to perform host discovery (layers 3/4)

Introduction

Discovery scanning is the process of identifying live hosts on a network. In the context of
penetration testing, this is usually performed to identify potential targets for attack. The
objective here is not to exhaust resources in gathering information about targets, but instead, to merely find out where the targets are logically located. The final product of our discovery should be a list of IP addresses that we can then use for further analysis. In this chapter, we will discuss how to discover hosts on a network by using protocols operating at layer 2, layer 3, and layer 4 of the OSI model.

Knowing the OSI model

Prior to addressing each of the scanning techniques specifically, we should address a few underlying principles. The Open Systems Interconnection (OSI) model is an International Organization for Standardization (ISO) standard that defines how networked systems communicate. This model is divided into seven layers that define how application content can be sent by one system and/or received by another. The upper layers (5-7) of the OSI model primarily function to interact with the user, whereas the lower layers (1-4) deal with encoding, formatting, and transmission. These layers consist of the following:
OSI model Layer description Protocols
Layer 7: Application
This layer involves the application software that is sending and receiving data
 HTTP, FTP,
and Telnet
Layer 6: Presentation This layer defines how data is formatted or organized ASCII, JPEG, PDF, PNG, and DOCX
Layer 5: Session This layer involves application session control, management, synchronization, and termination NetBIOS, PPTP, RPC, and SOCKS
Layer 4: Transport This layer involves end-to-end communication services TCP and UDP
Layer 3: Network This layer involves logical system addressing IPv4, IPv6, ICMP, and IPSec
Layer 2: Data link This layer involves physical system addressing ARP
Layer 1: Physical This layer involves the data stream that is passed over the wire
The lower layers of the OSI model are largely used to ensure that network traffic successfully arrives at its intended destination. Many of the commonly used protocols at these lower layers necessitate a response from the destination system and, as such, can be leveraged by potential attackers to identify live systems. Techniques discussed in the remainder of this section will leverage protocols used in layers 2, 3, and 4 to discover live network systems. Prior to addressing each of the specific recipes, we will briefly discuss the protocols used and how they can be leveraged for discovery.
The pros and cons of layer 2 discovery with ARP are as follows:
  • Pros:
    • Very fast
    • Highly reliable
  • Cons:
    • Cannot discover remote systems (non-routable protocol)
Layer 2 discovery scanning is performed using Address Resolution Protocol (ARP) traffic. ARP is a layer 2 protocol that primarily serves the function of translating logical layer 3 IP addresses to physical layer 2 MAC addresses. When a system needs to locate the physical address that corresponds to a destination IP address, it will broadcast an ARP request packet on the local network segment. This ARP request simply asks the entire network, "Who has this IP address?" The system with the specified IP address will then directly respond to the inquiring system with an ARP reply that contains its layer 2 MAC address. The inquiring system will update its ARP cache, which is a temporary record of IP address and MAC address associations, and will then initiate its communications with the host. ARP can be useful in discovering live hosts on a network, because it does not employ any form of identification or authorization prior to responding to requests.
As a result of this, it is possible and even trivial for an intruder to connect to a local network and enumerate live hosts. This can be performed by sending a series of ARP requests for a comprehensive list of IP addresses and then recording a list of queried IP addresses for which responses were received. ARP discovery has both advantages and disadvantages. It is useful in discovery scanning because it is the fastest and most reliable discovery protocol. Unfortunately, it is also a non-routable protocol and can only be used to discover hosts on the local subnet.
The pros and cons of layer 3 discovery with ICMP are as follows:
  • Pros:
    • Can discover remote systems (routable protocol)
    • Still relatively fast
  • Cons:
    • Slower than ARP discovery
    • Often filtered by firewalls
Layer 3 discovery is probably the most commonly known and used discovery technique among network administrators and technicians. The famous ping command-line utility, which is found natively on both Windows and *nix systems, uses layer 3 discovery. This form of discovery makes use of Internet Control Message Protocol (ICMP). While ICMP has several functions, one that can be particularly useful to identify live systems is the use of echo request and echo response messages. An ICMP echo request is the technical equivalent of one system asking another system, "Are you there?" An ICMP echo response is how the receiving system can answer, "Yes I am." To determine whether a host exists at a particular IP address, a system can send an ICMP echo request to that address. If there is a host with that IP address and everything works as desired, the host will then return an ICMP echo reply. This protocol can be leveraged in the host discovery by performing this sequence in a loop for a comprehensive list of IP addr...

Table of contents

  1. Title Page
  2. Copyright
  3. Credits
  4. About the Authors
  5. About the Reviewer
  6. www.PacktPub.com
  7. Customer Feedback
  8. Preface
  9. Getting Started
  10. Reconnaissance
  11. Discovery
  12. Port Scanning
  13. Fingerprinting
  14. Vulnerability Scanning
  15. Denial of Service
  16. Working with Burp Suite
  17. Web Application Scanning
  18. Attacking the Browser with BeEF
  19. Working with Sparta
  20. Automating Kali Tools

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Kali Linux Network Scanning Cookbook - Second Edition by Michael Hixon, Justin Hutchens in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.