You are previewing Kali Linux Network Scanning Cookbook.
O'Reilly logo
Kali Linux Network Scanning Cookbook

Book Description

Over 90 hands-on recipes explaining how to leverage custom scripts, and integrated tools in Kali Linux to effectively master network scanning

In Detail

Kali Linux Network Scanning Cookbook will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them.

What You Will Learn

  • Develop a network-testing environment that can be used to test scanning tools and techniques
  • Understand the underlying principles of network scanning technologies by building custom scripts and tools
  • Perform comprehensive scans to identify listening on TCP and UDP sockets
  • Examine remote services to identify type of service, vendor, and version
  • Evaluate denial of service threats and develop an understanding of how common denial of service attacks are performed
  • Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Kali Linux Network Scanning Cookbook
      1. Table of Contents
      2. Kali Linux Network Scanning Cookbook
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Disclaimer
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      9. 1. Getting Started
        1. Configuring a security lab with VMware Player (Windows)
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. Configuring a security lab with VMware Fusion (Mac OS X)
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Installing Ubuntu Server
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Installing Metasploitable2
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Installing Windows Server
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Increasing the Windows attack surface
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Installing Kali Linux
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Configuring and using SSH
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Installing Nessus on Kali Linux
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. Configuring Burp Suite on Kali Linux
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. Using text editors (VIM and Nano)
          1. Getting ready
          2. How to do it…
          3. How it works…
      10. 2. Discovery Scanning
        1. Using Scapy to perform layer 2 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. Using ARPing to perform layer 2 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Using Nmap to perform layer 2 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Using NetDiscover to perform layer 2 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Using Metasploit to perform layer 2 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Using ICMP ping to perform layer 3 discovery
          1. Getting ready
          2. How to do it...
          3. How it works…
        7. Using Scapy to perform layer 3 discovery
          1. Getting ready
          2. How to do it...
          3. How it works…
        8. Using Nmap to perform layer 3 discovery
          1. Getting ready
          2. How to do it...
          3. How it works…
        9. Using fping to perform layer 3 discovery
          1. Getting ready
          2. How to do it...
          3. How it works…
        10. Using hping3 to perform layer 3 discovery
          1. Getting ready
          2. How to do it...
          3. How it works…
        11. Using Scapy to perform layer 4 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        12. Using Nmap to perform layer 4 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
        13. Using hping3 to perform layer 4 discovery
          1. Getting ready
          2. How to do it…
          3. How it works…
      11. 3. Port Scanning
        1. UDP port scanning
        2. TCP port scanning
        3. UDP scanning with Scapy
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. UDP scanning with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. UDP scanning with Metasploit
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Stealth scanning with Scapy
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Stealth scanning with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Stealth scanning with Metasploit
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Stealth scanning with hping3
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. Connect scanning with Scapy
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. Connect scanning with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        12. Connect scanning with Metasploit
          1. Getting ready
          2. How to do it…
          3. How it works…
        13. Connect scanning with Dmitry
          1. Getting ready
          2. How to do it…
          3. How it works…
        14. TCP port scanning with Netcat
          1. Getting ready
          2. How to do it…
          3. How it works…
        15. Zombie scanning with Scapy
          1. Getting ready
          2. How to do it…
          3. How it works…
        16. Zombie scanning with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
      12. 4. Fingerprinting
        1. Banner grabbing with Netcat
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. Banner grabbing with Python sockets
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Banner grabbing with Dmitry
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Banner grabbing with Nmap NSE
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Banner grabbing with Amap
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Service identification with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Service identification with Amap
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Operating system identification with Scapy
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Operating system identification with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. Operating system identification with xProbe2
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. Passive operating system identification with p0f
          1. Getting ready
          2. How to do it…
          3. How it works…
        12. SNMP analysis with Onesixtyone
          1. Getting ready
          2. How to do it…
          3. How it works…
        13. SNMP analysis with SNMPwalk
          1. Getting ready
          2. How to do it…
          3. How it works…
        14. Firewall identification with Scapy
          1. Getting ready
          2. How to do it…
          3. How it works…
        15. Firewall identification with Nmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        16. Firewall identification with Metasploit
          1. Getting ready
          2. How to do it…
          3. How it works…
      13. 5. Vulnerability Scanning
        1. Vulnerability scanning with Nmap Scripting Engine
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. Vulnerability scanning with MSF auxiliary modules
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Creating scan policies with Nessus
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Vulnerability scanning with Nessus
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Command-line scanning with Nessuscmd
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Validating vulnerabilities with HTTP interaction
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Validating vulnerabilities with ICMP interaction
          1. Getting ready
          2. How to do it…
          3. How it works…
      14. 6. Denial of Service
        1. Fuzz testing to identify buffer overflows
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. Remote FTP service buffer overflow DoS
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Smurf DoS attack
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. DNS amplification DoS attack
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. SNMP amplification DoS attack
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. NTP amplification DoS attack
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. SYN flood DoS attack
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Sock stress DoS attack
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. DoS attacks with Nmap NSE
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. DoS attacks with Metasploit
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. DoS attacks with the exploit database
          1. Getting ready
          2. How to do it…
          3. How it works…
      15. 7. Web Application Scanning
        1. Web application scanning with Nikto
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. SSL/TLS scanning with SSLScan
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. SSL/TLS scanning with SSLyze
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Defining a web application target with Burp Suite
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Using Burp Suite Spider
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Using Burp Suite engagement tools
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Using Burp Suite Proxy
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Using the Burp Suite web application scanner
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Using Burp Suite Intruder
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. Using Burp Suite Comparer
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. Using Burp Suite Repeater
          1. Getting ready
          2. How to do it…
          3. How it works…
        12. Using Burp Suite Decoder
          1. Getting ready
          2. How to do it…
          3. How it works…
        13. Using Burp Suite Sequencer
          1. Getting ready
          2. How to do it…
          3. How it works…
        14. GET method SQL injection with sqlmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        15. POST method SQL injection with sqlmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        16. Requesting a capture SQL injection with sqlmap
          1. Getting ready
          2. How to do it…
          3. How it works…
        17. Automating CSRF testing
          1. Getting ready
          2. How to do it…
          3. How it works…
        18. Validating command injection vulnerabilities with HTTP traffic
          1. Getting ready
          2. How to do it…
          3. How it works…
        19. Validating command injection vulnerabilities with ICMP traffic
          1. Getting ready
          2. How to do it…
          3. How it works…
      16. 8. Automating Kali Tools
        1. Nmap greppable output analysis
          1. Getting ready
          2. How to do it…
          3. How it works…
        2. Nmap port scanning with targeted NSE script execution
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Nmap NSE vulnerability scanning with MSF exploitation
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Nessuscmd vulnerability scanning with MSF exploitation
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Multithreaded MSF exploitation with reverse shell payload
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Multithreaded MSF exploitation with backdoor executable
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Multithreaded MSF exploitation with ICMP verification
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Multithreaded MSF exploitation with admin account creation
          1. Getting ready
          2. How to do it…
          3. How it works…
      17. Index