advanced network scanning with nmap 6
play

Advanced network scanning with Nmap 6 Henri Doreau - PowerPoint PPT Presentation

Mar 17, 2024 •483 likes •844 views

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012 Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction

  1. Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

  2. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 2/33

  3. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 3/33

  4. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nmap Security Scanner Full-featured Network scanner Port scanner Version and OS fingerprinting Lua scripting engine Companion tools (zenmap, ncat, nping, ndiff...) 4/33

  5. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nmap Security Scanner Vibrant community Fingerprint DBs CPEs Scripts and NSE libraries 5/33

  6. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nmap Security Scanner Hollywood movie star 6/33

  7. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 7/33

  8. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Introduction Built-in lua scripting engine Network exploration Sophisticated version detection Vulnerability detection Scan results post-processing 8/33

  9. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion NSE development Script collection growth 9/33

  10. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Script phases NSE Pre-scan Host enumeration 1 Host discovery 2 Four execution modes Reverse DNS resolution 3 Prerules Port scan 4 Service Version detection / RPC grind 5 OS fingerprinting 6 Host Traceroute 7 Postrules Script scan 8 Output 9 NSE Post-scan 10/33

  11. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Script structure When to run? h o s t r u l e = f u n c t i o n ( host ) r e t u r n host . d i r e c t l y c o n n e c t e d end p o r t u l e = s h o r t p o r t . http ⇒ script can have several rule and action functions 11/33

  12. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Sample output Nmap scan r e p o r t f o r scanme . nmap . org ( 7 4. 20 7. 244 .2 21 ) PORT STATE SERVICE VERSION 22/ tcp open ssh OpenSSH 5.3 p1 Debian 3ubuntu7 80/ tcp open http Apache httpd 2 . 2 . 1 4 (( Ubuntu )) | http − t i t l e : Go ahead and ScanMe ! S e r v i c e I n f o : OS: Linux ; CPE: cpe :/ o : l i n u x : k e r n e l Host s c r i p t r e s u l t s : | f i r e w a l k : | HOP HOST PROTOCOL BLOCKED PORTS | 0 192.168.0.15 tcp 139 | 10 6 4 . 6 2 . 2 5 0 . 6 tcp 135 ,445 12/33

  13. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Design NSE parallelism Single nmap thread lua coroutines ⇒ Lightweight and efficient non-blocking mechanism ⇒ Script writers get parallelism for free ⇒ No concurrent memory access concerns ever 13/33

  14. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Adaptive workflow Two ways to invoke scripts Point and shoot nmap −− s c r i p t samba − vuln − cve − 2012 − 1182 < target > nmap −− s c r i p t +mongodb − i n f o − p80 < target > ⇒ No silent dependencies Aim oriented nmap −− s c r i p t ” http −∗ and not brute ” < target > 14/33

  15. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Script categories Grouped by categories default intrusive external ... see http://nmap.org/nsedoc 15/33

  16. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 16/33

  17. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Full IPv6 support Long standing wish All features (provided it makes any sense) All supported platforms 17/33

  18. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Full IPv6 support Long standing wish All features (provided it makes any sense) All supported platforms YEAH!!! 17/33

  19. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Brand new OS fingerprinting engine Innovative approach: machine learning techniques Reduced dataset Increased adaptiveness Very accurate ⇒ See http://nmap.org/book/osdetect 18/33

  20. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion IPv6 support Honestly, who cares? 19/33

  21. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion IPv6 support Honestly, who cares? The future is already there! 19/33

  22. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Enhanced performances Three main axis of improvement Memory footprint High performance and scalable I/O notification facities Application-specific optimizations (NSE) cf. Scanning the Internet , by Fyodor 20/33

  23. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nping Reimplementation of the venerable hping2 Modern, high performance tool Leverages nmap libraries Provides new packet crafting classes to nmap 21/33

  24. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Nping Echo mode Replacement for ping+tcpdump 1 nping in server mode on target 2 client probes the target 3 server returns captured probes to the client(s) as encrypted payloads 22/33

  25. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Zenmap tologoy tab Finally: actual network maps from the network mapper! 23/33

  26. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Better web scanning Big focus on web technologies Pipelining Built-in web crawler Caching Web-specific security checks 24/33

  27. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion NSE frameworks Implemented as NSE libraries brute Parallel network authentication vulns cracking module. Consistent vulnerability reports and credentials efficient post-processing. Leverage and report discovered credentials. 25/33

  28. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction Nmap Scripting Engine 2 Presentation Internals Usage Nmap 6 new features 3 IPv6 support Performance improvements Companion tools NSE Ongoing developments 4 Upcoming features Project 26/33

  29. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Upcoming: web scanning Continued effort on HTTP Implement latest performance-related protocols and paradigms WebSocket mode to ncat 27/33

  30. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Upcoming: extend NSE Expand the role and features of NSE Leveraging native libraries from lua NSE-based port scanning Re-implementing older code within NSE Adapting NSE to the companion tools 28/33

  31. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Upcoming: misc but also... Combining IP v4/v6 scans Improving scalability Scanning through proxies Remote checks through authenticated SSH connections Updater 29/33

  32. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Get involved! Your own awesome idea! ...and code? ;) 30/33

  33. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Development Increasing development pace 2011 was the most active year ever in the project history! ( ohloh.net ). 8 th consecutive Google Summer of Code 31/33

  34. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Happy birthday nmap! 15 th birthday this year (Sept. 1 st ) 32/33

  35. Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Questions? http://nmap.org nmap-dev@insecure.org (it’s cool, join!) 33/33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon Lyon Features Host discovery Port scanning Version detecting OS detection Scriptable interaction with the target Uses of

339 views • 10 slides
Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16

Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16

Insecure.Org Insecure.Org Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16 August 8, 2008; 4PM Insecure.Org Insecure.Org Scan Goals Collect empirical data and use it to enhance Nmap

558 views • 45 slides
Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th

Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th

Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th 2015 Only perform scans and exploitations after receiving permission from the owner of the machine/device. Nmap Purpose Scan a

671 views • 30 slides
Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY February 22. 2019 whoami AND HOW DID I GET HERE? Cecillia Tran Kelly Albrink External network pen testing &amp; web Network pen testing,

882 views • 31 slides
The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA

The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA

Insecure.Org Insecure.Org The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA Insecure.Org Insecure.Org Nmap Scripting Engine (NSE) # nmap -A -PN -T4 www.ebay.com Starting Nmap ( http://nmap.org

792 views • 32 slides
Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin uses nmap in Who Am I - No System is Safe to compromise the local power company, causing a brief blackout Lisbeth uses nmap in the film The

710 views • 26 slides
Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty

Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty

Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty auditors Agenda Information gathering Footprinting tools Port scanning with nmap Nmap scripts Footprinting for securty

880 views • 61 slides
Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen, Andrei Gurtov Institutionen fr

Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen, Andrei Gurtov Institutionen fr

Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that did not have

400 views • 29 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Advanced Radiological Scanning and Sorting of CNLs Whiteshell Laboratories Experimental Cesium

Advanced Radiological Scanning and Sorting of CNLs Whiteshell Laboratories Experimental Cesium

Advanced Radiological Scanning and Sorting of CNLs Whiteshell Laboratories Experimental Cesium Pond Effluent Soils Steven D. Rima, CHP, CPM Michael P. McDonald, CHP, RRPT Amec Foster Wheeler Whiteshell Laboratories Near Pinawa, Manitoba

446 views • 21 slides
Australian Centre for Advanced Photovoltaics Fellow UNSW, Australia CONTENTS 1. Introduction to

Australian Centre for Advanced Photovoltaics Fellow UNSW, Australia CONTENTS 1. Introduction to

Scanning Probe Microscope: A powerful Tool for Imaging Nanoscale Charge Transport Properties Jae Sung Yun Australian Centre for Advanced Photovoltaics Fellow UNSW, Australia CONTENTS 1. Introduction to Scanning Probe Microscopy 2. Atomic Force

1.04k views • 34 slides
Scanning Tunneling Microscopy Wenbin Wang Instructor: Dagotto Advanced Solid State Physics II

Scanning Tunneling Microscopy Wenbin Wang Instructor: Dagotto Advanced Solid State Physics II

Scanning Tunneling Microscopy Wenbin Wang Instructor: Dagotto Advanced Solid State Physics II April 16, 2009 Outline Introduction Theory of STM Working principle Modes of operation Instrument Application

475 views • 24 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives After reading this chapter and completing the exercises, you will be able to: Describe port scanning and types of port scans Describe

368 views • 5 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 8 Scanning Topics Scanning fundamentals Nessus installation &amp; examination 04/13

235 views • 21 slides
Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy:

Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy:

Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy: use an IDS/IPS snort, suricata, commercial appliances Perform live traffic analysis, or from PCAPs @packetjay IDS scan can easily result

380 views • 7 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Remote Network Analysis - I know what you know - Torsten Hfler htor@cs.tu-chemnitz.de Torsten

Remote Network Analysis - I know what you know - Torsten Hfler htor@cs.tu-chemnitz.de Torsten

Remote Network Analysis - I know what you know - Torsten Hfler htor@cs.tu-chemnitz.de Torsten Hfler, 21. November 2004 Remote Network Analysis - p. 1/41 Outline Outline 1. Introduction Introduction 2. Passive Analysis Passive

906 views • 41 slides
Helping Junior Faculty Jumpstart Their Search for Research Funding Lucy Deckard Academic

Helping Junior Faculty Jumpstart Their Search for Research Funding Lucy Deckard Academic

Helping Junior Faculty Jumpstart Their Search for Research Funding Lucy Deckard Academic Research Funding Strategies, LLC 1 Academic Research Funding Strategies, LLC Our goal: To help your institution, faculty and staff to develop the skills

765 views • 17 slides
Audience Participation Firefighters: Bevan Hall 1 2 3 4 5 6 7 End Ill- Health Reviews

Audience Participation Firefighters: Bevan Hall 1 2 3 4 5 6 7 End Ill- Health Reviews

Audience Participation Firefighters: Bevan Hall 1 2 3 4 5 6 7 End Ill- Health Reviews FPS 1992 [Part K] FPS 2006 FPS 2015 Standard and Special Members [Part 9] [Part 5, Chapter 4] Ill Health review In payment for less than In

378 views • 9 slides
Stronger Together: Honoring the Past and Supporting the Future Welcome! Stronger Together:

Stronger Together: Honoring the Past and Supporting the Future Welcome! Stronger Together:

Stronger Together: Honoring the Past and Supporting the Future Welcome! Stronger Together: Honoring the Past and Supporting the Future Held in conjunction with the 9/11 National Day of Service 9/11 Day of Remembrance and

530 views • 28 slides
Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua Kamal Ahmat Verizon City University of New York Introduction Firewalls Types of Anomalies Related

380 views • 21 slides
A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE Integrated Network Management Symposium (IM 2013) - MC2: Security Management and Recovery May 27 - 31, 2013 David Goergen Thibault Cholez Jrme

665 views • 39 slides
Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu

Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu

Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu Coughlin , Josephine Lamp, Ziming Zhao, Gail-Joon Ahn and Anna Scaglione Outline Activity Current/ OntoEDS ExSol EDSGuard Refresher Future Work

1.38k views • 41 slides

More recommend