Custom Scan Profiles Part 2 - NM
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
7 hours 1 minute
So I'm gonna open up my email here.
This gets a little bit personal
and a lot of times in your junk mail, you'll see some strange stuff. So
I don't know who this review safety is. It's probably something that I looked up or bought at some point, but
your email clients gonna be different than this. Obviously,
I'll leave it up to you to decide. Oh, our determine how to get to your email headers. But in Microsoft Outlook,
you open up the email, click on file
and here's your email headers right here.
One of things I like to do
when doing email header analysis is come through
and look for
I p addresses
so we can see that
the centers I p address is this address right here.
So copy it.
We'll close out of my email
and we'll add that is the target.
All right, so let's find out information about this I p address.
Okay, so here's the scan results. You can see all the detail here,
the i. P address resolved to this name,
here you can see who the I P address is registered to
Organization in email address.
And so that's a pretty cool scan.
All right, so let's create another custom scan. This one is we're gonna call it.
We'll call this one who is domain.
I'm gonna clear out all these options.
And this one also is an NSC script.
Local gun scripting.
Start typing. Who is
she? Choose who is domain.
I'll uncheck. Who is I? P
and I'll leave all the other default options as they are.
And in the drop down list, there's the Who has domain.
Clear out our last target.
And again, I'm gonna open up my email.
We'll go into our junk mail folder again and do a little email header. Analysis
Do this. Ah, Trophy Depot.
All right, so this time we're gonna do who is on the domain itself instead of the I. P address.
We could just choose trophy depot dot com
clothes out of that again.
Make that our target.
And let's find out more information about trophy trophy depot dot com.
What the scandal do is return the information from the registrars who is database
again. The most important part about this is
not so much
what the skin does but the fact that
you can name your custom profiles and you can set all those options, so don't get too hung up in the in the other details.
here you can see that the registrar is that we're solutions.
Here's the abuse,
email and phone number,
and you could see that their D N s is hosted by Cloudflare.
So they have some Adidas protection.
let's do one more custom profile.
Clear out all these options.
Call this one
the less detection.
Okay, so the scan is pretty useful. I know the i p address of my server on this network, so I'm cheating a little bit because I already have that I'd be addressed. But,
um, again, when we're building out profiles, we leave the target blank, so this will work on any target.
So I'm first going to go to
we're gonna do an OS detection,
and here I'm gonna choose the timing template
that makes it work a lot faster, but it is more intrusive. So if you're doing this to an outside or unknown I p address or target,
it could be flagged by an I D s
One other really useful OS detection
option is NSC script,
so it will goto scripting, and we'll do it.
SMB OS Discovery s and B O s discovery works really, really well, especially against Windows hosts.
So I'll save that.
Go to quick, detailed OS detection. You can see it's built out right here.
Changed the target to a server on my network. And that is at 1 92.1 68.1 dot 10.
That's Ah, 2012 server
The scan for all it does actually works pretty quick. The timing template of a T four helps with that
so you can see
a lot of details. It actually is. Ah,
Windows Server 2012 R two essentials.
And that's thanks to the S and B. O s discovery and a C script
You see all the ports that were open on that server
you'll get the Mac address.
I know that it's Adele. That's accurate.
It says the warning right here. O s scan results may be unreliable because we could not find at least one open and one close port,
and that's what I was talking about how the dash capital oh, is sometimes sometimes yields
less than perfect results. It did figure out that it's probably server 2012 or 2012 r two.
But like I said, the S and B O s discovery got it exactly right.
All right, that's the end of this lab. Thanks a lot for going through with me
in this lesson. We talked about what a Customs can profile is in Zen map.
Next, we discussed why they're important.
And finally we went through a lab on creating them.
That completes our lessons on in Matt basics. From now on, we'll dive a bit deeper and will cover many more useful scans.
Thanks so much for working through this lesson with me, and I'll see you in the next one.