Hello. My name is Dustin, and welcome to pen test basics. Scanning networks before we get into it to farther is just quick disclaimer. This course is, of course, for learning purposes only. What we show use intent to expand your knowledge and skills were not responsible if you decide to break the law.
So learning objectives, we're going to learn one of the basics of pen testing and that is scanning networks. In order to perform a six successful pen tests, you'll need to know what's on the network to determine vulnerabilities he may be able to later exploit.
So the first learning objective of this module is, of course, what is scanning.
Then we'll learn about one of my favorite tools, the in order to do scanning that's N map.
After that, we're going to learn about the NSC or the end map scripting engine.
And then we're going to learn about H. Ping and what that can do for you.
So what is Scanning? Scanning refers to the using of a a scanning program on a network to gather information about that network,
so it's actively looking through the network to see what is running what service is air running? What kind of traffic can you see? Can you determine what type of hosts or operating systems on the network?
Scanning can be done for many reasons. Technicians can use network scanning tools to troubleshoot issues on the network, and it could also be used during legitimate security assessments, of course,
but it's also used by Attackers to gather more information about your network.
So what is en masse and maps stands for network mapper and is one of the most popular tools used by both professionals and Attackers. Determine what's on the network. It's free and open source,
and it provides the user with the ability to scan a network to discover hosts open ports. What service is air running? A lot of different things.
Zen map is the official and map security scanner with the gooey or graphical user interface. It's available on Lim IX, Windows and Mac. Again. It is free and open source, just like end map. And it's designed to make and map a little easier to use for
beginners while still providing the advanced features
and a gooey for even the most experienced and map users.
As I stated before the NSC is tthe e n map scripting engine, and that's what allows users to write and share scripts, toe autonomy, network tasks. It is really one of the most powerful things about a map, and it's got a ton of flexible features
you can with the NSC. You can do all of your standard network scans, and then it has advanced features that contact back doors like double pulse are. You can even use the NSC to exploit certain vulnerabilities. Cool thing about, um,
the map NSC and you can look over to the screen shot on the right. Here
is it sees a service that's running. It can actually perform, then advance
tasks based on that information.
So it's really an excellent resource to some of the most widely used scripts with N map, and you can see the scripts on end map dot org's slash nsc doc
Vissel list all the current scripts that are currently available to use with the NSC
and there you can actually see the script, the source code of the script, any arguments that may be required, the sample output and any requirements that it may have. So let's go ahead and we're going to actually look at that real quickly. Pull it up here.
All right, So this is, um, that website and map dot org's slash nsc, doc. And as you can see here, there's a ton of different scripts available in the arm broken down into categories broadcast on brute forcing, discovery ones, denial of service.
And then you've also got, like, what's deemed a a safe scan, so it's not gonna be very intrusive. So if you click any of those categories, it will tell you all of the scans that fit that. So if we look for, um,
trying to see if we can find that cool one here,
there's a ton to pick from.
So let's just look at the HD speak cookie flags so you can just click any of thes scripts and then it will tell you so The script Type it support rule script, the categories that it's an honor, your default category safe because it's not going to do anything that should break anything.
And then also, ah, vulnerability scanner
here gives you a little bit, um, about the script. So user summary. So it says that it examines Cookie set by the H G P service. It reports any session cookie set without the http only flag.
And then it reports any session Could you set over SSL without the secure flag?
And then it tells you that if it does have some 82 being numb
as well, it will also add any interesting past founded by any past found by.
So here it tells you a little bit more about that script and then looks like another one that's related.
Then we can go down. And here's the argument. So you can specify a cookie. You can specify a path.
Um, looks like a whole bunch of other stuff here. And then it does show you the example usage. And this is how you'd actually use this. And most of scripts are called with just the dashed *** script command and then the name of the script.
And then this one just have the target after that. And here you can see an example output.
And so this is what it will look like after you run. If it finds anything
and then it also tells you many requirements that I have. So it requires http short port
and then a couple other ones
also tells you the author as well.
So as you can see, there's a ton of scripts available. Looks like 598 already, and these air submitted and then tested by the developers of end mouth. So they try and test all these out and make sure they're in the right categories, and they have all the correct information in order to be used by end map.