O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux Network Scanning Cookbook - Second Edition

Book Description

Over 100 practical recipes that leverage custom scripts and integrated tools in Kali Linux to help you effectively master network scanning

About This Book

  • Learn the fundamentals behind commonly used scanning techniques
  • Deploy powerful scanning tools that are integrated into the Kali Linux testing platform
  • The practical recipes will help you automate menial tasks and build your own script library

Who This Book Is For

This book is for information security professionals and casual security enthusiasts alike. It provides foundational principles if you’re a novice, but will also introduce scripting techniques and in-depth analysis if you’re more advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this book will help you both understand and ultimately master many of the most powerful and useful scanning techniques in the industry. It is assumed that you have some basic security testing experience.

What You Will Learn

  • Develop a network-testing environment to test scanning tools and techniques
  • Understand the principles of network-scanning tools by building scripts and tools
  • Identify distinct vulnerabilities in web apps and remote services and learn how they are exploited
  • Perform comprehensive scans to identify listening on TCP and UDP sockets
  • Get started with different Kali desktop environments--KDE, MATE, LXDE, and Xfce
  • Use Sparta for information gathering, port scanning, fingerprinting, vulnerability scanning, and more
  • Evaluate DoS threats and learn how common DoS attacks are performed
  • Learn how to use Burp Suite to evaluate web applications

In Detail

With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools.

Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and has new and updated scripts for automating scanning and target exploitation. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. You will cover the latest features of Kali Linux 2016.2, which includes the enhanced Sparta tool and many other exciting updates.

This immersive guide will also encourage the creation of personally scripted tools and the skills required to create them.

Style and approach

This step-by-step guide is full of recipes that will help you use integrated scanning tools in Kali Linux and develop custom scripts to make new and unique tools of your own.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Conventions
    6. Reader feedback
    7. Customer support
      1. Downloading the example code
      2. Downloading the color images of this book
      3. Errata
      4. Piracy
      5. Questions
  2. Getting Started
    1. Introduction
    2. Configuring a security lab with VMware Player (Windows)
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Configuring a security lab with VMware Fusion (macOS)
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Installing Ubuntu Server
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Installing Metasploitable2
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Installing Windows Server
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Increasing the Windows attack surface
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Installing Kali Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Using text editors (Vim and GNU nano)
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Keeping Kali updated
      1. Getting ready
      2. How to do it...
      3. How it works...
    11. Managing Kali services
      1. Getting ready
      2. How to do it...
      3. How it works...
    12. Configuring and using SSH
      1. Getting ready
      2. How to do it...
      3. How it works...
    13. Installing Nessus on Kali Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
  3. Reconnaissance
    1. Introduction
    2. Using Google to find subdomains
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Finding e-mail addresses using theHarvester
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Enumerating DNS using the host command
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Enumerating DNS using DNSRecon
      1. Getting ready
      2. How to do it...
        1. Standard DNS enumeration
        2. Reverse lookups
        3. Zone transfer
      3. How it works...
    6. Enumerating DNS using the dnsenum command
      1. Getting ready
      2. How to do it...
        1. Default settings
        2. Brute-force
      3. How it works...
  4. Discovery
    1. Introduction
      1. Knowing the OSI model
    2. Using Scapy to perform host discovery (layers 2/3/4)
      1. Getting ready
      2. How to do it...
        1. Layer 2 discovery - ARP
        2. Layer 3 discovery - ICMP
        3. Layer 4 discovery - TCP and UDP
      3. How it works...
    3. Using Nmap to perform host discovery (layers 2/3/4)
      1. Getting ready
      2. How to do it...
        1. Layer 2 discovery - ARP
        2. Layer 3 discovery - ICMP
        3. Layer 4 discovery - TCP and UDP
      3. How it works...
    4. Using ARPing to perform host discovery (layer 2)
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Using netdiscover to perform host discovery (layer 2)
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Using Metasploit to perform host discovery (layer 2)
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Using hping3 to perform host discovery (layers 3/4)
      1. Getting ready
      2. How to do it...
        1. Layer 3 discovery - ICMP
        2. Layer 4 discovery - TCP and UDP
      3. How it works...
    8. Using ICMP to perform host discovery
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Using fping to perform host discovery
      1. Getting ready
      2. How to do it...
      3. How it works...
  5. Port Scanning
    1. Introduction
    2. UDP port scanning
    3. TCP port scanning
    4. Port scanning with Scapy (UDP, stealth, connect, and zombie)
      1. Getting ready
      2. How to do it...
        1. UDP port scanning with Scapy
        2. Stealth scanning with Scapy
        3. Connect scanning with Scapy
        4. Zombie scanning with Scapy
      3. How it works...
    5. Port scanning with Nmap (UDP, stealth, connect, zombie)
      1. Getting ready
      2. How to do it...
        1. UDP scanning with Nmap
        2. Stealth scanning with Nmap
        3. Connect scanning with Nmap
        4. Zombie scanning with Nmap
      3. How it works...
    6. Port scanning with Metasploit(UDP, stealth, and connect)
      1. Getting ready
      2. How to do it...
        1. UDP scanning with Metasploit
        2. Stealth scanning with Metasploit
        3. Connect scanning with Metasploit
      3. How it works...
    7. Port scanning with hping3 (stealth)
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Port scanning with DMitry (connect)
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Port scanning with Netcat (connect)
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Port scanning with masscan (stealth)
      1. Getting ready
      2. How to do it...
      3. How it works...
  6. Fingerprinting
    1. Introduction
    2. Banner grabbing with Netcat
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Banner grabbing with Python sockets
      1. Getting ready
      2. How to do it....
      3. How it works...
    4. Banner grabbing with DMitry
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Banner grabbing with Nmap NSE
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Banner grabbing with Amap
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Service identification with Nmap
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Service identification with Amap
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Operating system identification with Scapy
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Operating system identification with Nmap
      1. Getting ready
      2. How to do it...
      3. How it works...
    11. Operating system identification with xprobe2
      1. Getting ready
      2. How to do it...
      3. How it works...
    12. Passive operating system identification with p0f
      1. Getting ready
      2. How to do it...
      3. How it works...
    13. SNMP analysis with Onesixtyone
      1. Getting ready
      2. How to do it...
      3. How it works...
    14. SNMP analysis with SNMPwalk
      1. Getting ready
      2. How to do it...
      3. How it works...
    15. Firewall identification with Scapy
      1. Getting ready
      2. How to do it...
      3. How it works...
    16. Firewall identification with Nmap
      1. Getting ready
      2. How to do it...
      3. How it works...
    17. Firewall identification with Metasploit
      1. Getting ready
      2. How to do it...
      3. How it works...
  7. Vulnerability Scanning
    1. Introduction
    2. Vulnerability scanning with the Nmap Scripting Engine
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Vulnerability scanning with MSF auxiliary modules
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Creating scan policies with Nessus
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Vulnerability scanning with Nessus
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Vulnerability scanning with OpenVAS
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Validating vulnerabilities with HTTP interaction
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Validating vulnerabilities with ICMP interaction
      1. Getting ready
      2. How to do it...
      3. How it works...
  8. Denial of Service
    1. Introduction
    2. Fuzz testing to identify buffer overflows
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Remote FTP service buffer-overflow DoS
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Smurf DoS attack
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. DNS amplification DoS attacks
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. SNMP amplification DoS attack
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. SYN flood DoS attack
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Sock stress DoS attack
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. DoS attacks with Nmap NSE
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. DoS attacks with Metasploit
      1. Getting ready
      2. How to do it...
      3. How it works...
    11. DoS attacks with the exploit database
      1. Getting ready
      2. How to do it...
      3. How it works...
  9. Working with Burp Suite
    1. Introduction
    2. Configuring Burp Suite on Kali Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Defining a web application target with Burp Suite
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Using Burp Suite Spider
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Using Burp Suite Proxy
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Using Burp Suite engagement tools
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Using the Burp Suite web application scanner
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Using Burp Suite Intruder
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Using Burp Suite Comparer
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Using Burp Suite Repeater
      1. Getting ready
      2. How to do it...
      3. How it works...
    11. Using Burp Suite Decoder
      1. Getting ready
      2. How to do it...
      3. How it works...
    12. Using Burp Suite Sequencer
      1. Getting ready
      2. How to do it...
      3. How it works...
    13. Using Burp Suite Extender
      1. Getting ready
      2. How to do it...
      3. How it works...
    14. Using Burp Suite Clickbandit
      1. Getting ready
      2. How to do it...
      3. How it works...
  10. Web Application Scanning
    1. Introduction
    2. Web application scanning with Nikto
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. SSL/TLS scanning with SSLScan
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. SSL/TLS scanning with SSLyze
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. GET method SQL injection with sqlmap
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. POST method SQL injection with sqlmap
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Requesting a capture SQL injection with sqlmap
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Automating CSRF testing
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Validating command-injection vulnerabilities with HTTP traffic
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Validating command-injection vulnerabilities with ICMP traffic
      1. Getting ready
      2. How to do it...
      3. How it works...
  11. Attacking the Browser with BeEF
    1. Hooking the browser withBeEF
      1. Getting ready
      2. How to do it...
      3. How it works...
    2. Collecting information with BeEF
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Creating a persistent connection with BeEF
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Integrating BeEF and Metasploit
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Using the BeEF autorule engine
      1. Getting ready
      2. How to do it...
      3. How it works...
  12. Working with Sparta
    1. Information gathering with Sparta
      1. Getting ready
      2. How to do it...
      3. How it works...
    2. Creating custom commands for Sparta
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Port scanning with Sparta
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Fingerprinting with Sparta
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Vulnerability scanning with Sparta
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Web application scanning with Sparta
      1. Getting ready
      2. How to do it...
      3. How it works...
  13. Automating Kali Tools
    1. Introduction
    2. Nmap greppable output analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Port scanning with NMAP NSE execution
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Automate vulnerability scanning with NSE
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Automate web application scanning with Nikto
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Multithreaded MSF exploitation with reverse shell payload
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Multithreaded MSF exploitation with backdoor executable
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Multithreaded MSF exploitation with ICMP verification
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Multithreaded MSF exploitation with admin account creation
      1. Getting ready
      2. How to do it...
      3. How it works...