advanced network scanning with nmap 6
play

Advanced network scanning with Nmap 6 Henri Doreau - PowerPoint PPT Presentation

Mar 17, 2024 •483 likes •844 views

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012 Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction

  1. Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

  2. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 2/33

  3. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 3/33

  4. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nmap Security Scanner Full-featured Network scanner Port scanner Version and OS fingerprinting Lua scripting engine Companion tools (zenmap, ncat, nping, ndiff...) 4/33

  5. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nmap Security Scanner Vibrant community Fingerprint DBs CPEs Scripts and NSE libraries 5/33

  6. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nmap Security Scanner Hollywood movie star 6/33

  7. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 7/33

  8. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Introduction Built-in lua scripting engine Network exploration Sophisticated version detection Vulnerability detection Scan results post-processing 8/33

  9. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion NSE development Script collection growth 9/33

  10. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Script phases NSE Pre-scan Host enumeration 1 Host discovery 2 Four execution modes Reverse DNS resolution 3 Prerules Port scan 4 Service Version detection / RPC grind 5 OS fingerprinting 6 Host Traceroute 7 Postrules Script scan 8 Output 9 NSE Post-scan 10/33

  11. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Script structure When to run? h o s t r u l e = f u n c t i o n ( host ) r e t u r n host . d i r e c t l y c o n n e c t e d end p o r t u l e = s h o r t p o r t . http ⇒ script can have several rule and action functions 11/33

  12. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Sample output Nmap scan r e p o r t f o r scanme . nmap . org ( 7 4. 20 7. 244 .2 21 ) PORT STATE SERVICE VERSION 22/ tcp open ssh OpenSSH 5.3 p1 Debian 3ubuntu7 80/ tcp open http Apache httpd 2 . 2 . 1 4 (( Ubuntu )) | http − t i t l e : Go ahead and ScanMe ! S e r v i c e I n f o : OS: Linux ; CPE: cpe :/ o : l i n u x : k e r n e l Host s c r i p t r e s u l t s : | f i r e w a l k : | HOP HOST PROTOCOL BLOCKED PORTS | 0 192.168.0.15 tcp 139 | 10 6 4 . 6 2 . 2 5 0 . 6 tcp 135 ,445 12/33

  13. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Design NSE parallelism Single nmap thread lua coroutines ⇒ Lightweight and efficient non-blocking mechanism ⇒ Script writers get parallelism for free ⇒ No concurrent memory access concerns ever 13/33

  14. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Adaptive workflow Two ways to invoke scripts Point and shoot nmap −− s c r i p t samba − vuln − cve − 2012 − 1182 < target > nmap −− s c r i p t +mongodb − i n f o − p80 < target > ⇒ No silent dependencies Aim oriented nmap −− s c r i p t ” http −∗ and not brute ” < target > 14/33

  15. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Script categories Grouped by categories default intrusive external ... see http://nmap.org/nsedoc 15/33

  16. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 16/33

  17. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Full IPv6 support Long standing wish All features (provided it makes any sense) All supported platforms 17/33

  18. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Full IPv6 support Long standing wish All features (provided it makes any sense) All supported platforms YEAH!!! 17/33

  19. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Brand new OS fingerprinting engine Innovative approach: machine learning techniques Reduced dataset Increased adaptiveness Very accurate ⇒ See http://nmap.org/book/osdetect 18/33

  20. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion IPv6 support Honestly, who cares? 19/33

  21. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion IPv6 support Honestly, who cares? The future is already there! 19/33

  22. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Enhanced performances Three main axis of improvement Memory footprint High performance and scalable I/O notification facities Application-specific optimizations (NSE) cf. Scanning the Internet , by Fyodor 20/33

  23. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nping Reimplementation of the venerable hping2 Modern, high performance tool Leverages nmap libraries Provides new packet crafting classes to nmap 21/33

  24. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nping Echo mode Replacement for ping+tcpdump 1 nping in server mode on target 2 client probes the target 3 server returns captured probes to the client(s) as encrypted payloads 22/33

  25. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Zenmap tologoy tab Finally: actual network maps from the network mapper! 23/33

  26. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Better web scanning Big focus on web technologies Pipelining Built-in web crawler Caching Web-specific security checks 24/33

  27. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion NSE frameworks Implemented as NSE libraries brute Parallel network authentication vulns cracking module. Consistent vulnerability reports and credentials efficient post-processing. Leverage and report discovered credentials. 25/33

  28. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 26/33

  29. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Upcoming: web scanning Continued effort on HTTP Implement latest performance-related protocols and paradigms WebSocket mode to ncat 27/33

  30. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Upcoming: extend NSE Expand the role and features of NSE Leveraging native libraries from lua NSE-based port scanning Re-implementing older code within NSE Adapting NSE to the companion tools 28/33

  31. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Upcoming: misc but also... Combining IP v4/v6 scans Improving scalability Scanning through proxies Remote checks through authenticated SSH connections Updater 29/33

  32. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Get involved! Your own awesome idea! ...and code? ;) 30/33

  33. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Development Increasing development pace 2011 was the most active year ever in the project history! ( ohloh.net ). 8 th consecutive Google Summer of Code 31/33

  34. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Happy birthday nmap! 15 th birthday this year (Sept. 1 st ) 32/33

  35. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Questions? http://nmap.org nmap-dev@insecure.org (it’s cool, join!) 33/33

Recommend

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon Lyon Features Host discovery Port scanning Version detecting OS detection Scriptable interaction with the target Uses of

339 views • 10 slides
Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16

Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16

Insecure.Org Insecure.Org Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16 August 8, 2008; 4PM Insecure.Org Insecure.Org Scan Goals Collect empirical data and use it to enhance Nmap

558 views • 45 slides
Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th

Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th

Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th 2015 Only perform scans and exploitations after receiving permission from the owner of the machine/device. Nmap Purpose Scan a

671 views • 30 slides
Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY February 22. 2019 whoami AND HOW DID I GET HERE? Cecillia Tran Kelly Albrink External network pen testing &amp; web Network pen testing,

882 views • 31 slides
The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA

The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA

Insecure.Org Insecure.Org The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA Insecure.Org Insecure.Org Nmap Scripting Engine (NSE) # nmap -A -PN -T4 www.ebay.com Starting Nmap ( http://nmap.org

792 views • 32 slides
Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin uses nmap in Who Am I - No System is Safe to compromise the local power company, causing a brief blackout Lisbeth uses nmap in the film The

710 views • 26 slides
Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty

Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty

Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty auditors Agenda Information gathering Footprinting tools Port scanning with nmap Nmap scripts Footprinting for securty

880 views • 61 slides
Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen, Andrei Gurtov Institutionen fr

Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen, Andrei Gurtov Institutionen fr

Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that did not have

400 views • 29 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Advanced Radiological Scanning and Sorting of CNLs Whiteshell Laboratories Experimental Cesium

Advanced Radiological Scanning and Sorting of CNLs Whiteshell Laboratories Experimental Cesium

Advanced Radiological Scanning and Sorting of CNLs Whiteshell Laboratories Experimental Cesium Pond Effluent Soils Steven D. Rima, CHP, CPM Michael P. McDonald, CHP, RRPT Amec Foster Wheeler Whiteshell Laboratories Near Pinawa, Manitoba

446 views • 21 slides
Australian Centre for Advanced Photovoltaics Fellow UNSW, Australia CONTENTS 1. Introduction to

Australian Centre for Advanced Photovoltaics Fellow UNSW, Australia CONTENTS 1. Introduction to

Scanning Probe Microscope: A powerful Tool for Imaging Nanoscale Charge Transport Properties Jae Sung Yun Australian Centre for Advanced Photovoltaics Fellow UNSW, Australia CONTENTS 1. Introduction to Scanning Probe Microscopy 2. Atomic Force

1.04k views • 34 slides
Scanning Tunneling Microscopy Wenbin Wang Instructor: Dagotto Advanced Solid State Physics II

Scanning Tunneling Microscopy Wenbin Wang Instructor: Dagotto Advanced Solid State Physics II

Scanning Tunneling Microscopy Wenbin Wang Instructor: Dagotto Advanced Solid State Physics II April 16, 2009 Outline Introduction Theory of STM Working principle Modes of operation Instrument Application

475 views • 24 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives After reading this chapter and completing the exercises, you will be able to: Describe port scanning and types of port scans Describe

368 views • 5 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 8 Scanning Topics Scanning fundamentals Nessus installation &amp; examination 04/13

235 views • 21 slides
Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy:

Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy:

Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy: use an IDS/IPS snort, suricata, commercial appliances Perform live traffic analysis, or from PCAPs @packetjay IDS scan can easily result

380 views • 7 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH - BODY SCANNING - REAL-TIME INTEGRATION MODELLING/TEXTURING - LIGHTING + RENDERING - CAMERA ANIMATION - MODELLING - HEAD TRACKING -

728 views • 42 slides
Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

3/12/20 Cases &amp; Straps Mounts, stands, clamps. Types of Scanning 1 Switch Automatic Step/Dwell Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan) Switches SG SGD Sc Scan an

270 views • 4 slides
Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR Scanning Overview Scanning background Applications Strengths Weaknesses Scanning Examples Fisher Associates LiDAR = light

610 views • 20 slides
Network Security: Scan Seungwon Shin, KAIST some slides from Dr. Brett Tjaden More about Scan

Network Security: Scan Seungwon Shin, KAIST some slides from Dr. Brett Tjaden More about Scan

Network Security: Scan Seungwon Shin, KAIST some slides from Dr. Brett Tjaden More about Scan Scan Techniques Network scanning where is a target? which service is available on a target? can I have more information? Vulnerability scanning

675 views • 30 slides
FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath

FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath

FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath Nielson nielsonhe@ldschurch.org Digitizing Microfilm Scan as efficiently as possible At 30 minutes a roll, it would require a single scanner

471 views • 21 slides
Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as

Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as

1 Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as large as a ping-pong ball... ...the tip would have the size of the L. J. Heyderman Matterhorn! 3 Magnetic Force Microscopy Stray field

147 views • 14 slides
Mastering the Nmap Scripting Engine by Fyodor and David Fifield

Mastering the Nmap Scripting Engine by Fyodor and David Fifield

Insecure.Org Insecure.Org Mastering the Nmap Scripting Engine by Fyodor and David Fifield http://insecure.org/presentations/BHDC10/ Black Hat Briefings Las Vegas Defcon 18 July 28; 4:45 PM; Augustus 5+6 July 30; 5:00 PM; Track One

539 views • 4 slides

More recommend