Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright Credits About the Author Acknowledgments About the Reviewer www.PacktPub.com Customer Feedback Preface
What this book covers What you need for this book Who this book is for Sections
Getting ready How to do it… How it works… There's more… See also
Conventions Reader feedback Customer support
Downloading the color images of this book Errata Piracy Questions
Nmap Fundamentals
Introduction Building Nmap's source code
Getting ready How to do it... How it works... There's more...
Experimental branches Updating your local working copy Customizing the building process Precompiled packages
Finding live hosts in your network
How to do it... How it works... There's more...
Tracing routes Running the Nmap Scripting Engine during host discovery Exploring more ping scanning techniques
Listing open ports on a target host
How to do it... How it works... There's more...
Privileged versus unprivileged Scanning specific port ranges Selecting a network interface More port scanning techniques
Fingerprinting OS and services running on a target host
How to do it... How it works... There's more...
Increasing version detection intensity Aggressive detection mode Configuring OS detection OS detection in verbose mode Submitting new OS and service fingerprints
Using NSE scripts against a target host
How to do it... How it works... There's more...
NSE script arguments Script selection Debugging NSE scripts Adding new scripts
Reading targets from a file
How to do it... How it works... There's more...
Excluding a host list from your scans
Scanning an IP address ranges
How to do it... How it works... There's more...
CIDR notation
Scanning random targets on the Internet
How to do it... How it works... There's more...
Legal issues with port scanning
Collecting signatures of web servers
How to do it... How it works... There's more...
Monitoring servers remotely with Nmap and Ndiff
Getting ready How to do it... How it works... There's more...
Monitoring specific services
Crafting ICMP echo replies with Nping
How to do it... How it works... There's more...
Managing multiple scanning profiles with Zenmap
How to do it... How it works... There's more...
Zenmap scanning profiles Editing or deleting a scan profile
Running Lua scripts against a network connection with Ncat
How to do it... How it works... There's more...
Other ways of executing external commands with Ncat
Discovering systems with weak passwords with Ncrack
Getting ready How to do it... How it works... There's more...
Configuring authentication options Pausing and resuming attacks
Launching Nmap scans remotely from a web browser using Rainmap Lite
Getting ready How to do it... How it works... There's more...
Custom arguments
Network Exploration
Introduction Discovering hosts with TCP SYN ping scans
How to do it... How it works... There's more...
Privileged versus unprivileged TCP SYN ping scan Firewalls and traffic filtering
Discovering hosts with TCP ACK ping scans
How to do it... How it works... There's more...
Privileged versus unprivileged TCP ACK ping scans Selecting ports in TCP ACK ping scans
Discovering hosts with UDP ping scans
How to do it... How it works... There's more...
Selecting ports in UDP ping scans
Discovering hosts with ICMP ping scans
How to do it... How it works... There's more...
Local versus remote networks ICMP types
Discovering hosts with SCTP INIT ping scans
How to do it... How it works... There's more...
Unprivileged SCTP INIT ping scans Selecting ports in SCTP INIT ping scans
Discovering hosts with IP protocol ping scans
How to do it... How it works... There's more...
Setting alternate IP protocols Generating random data for the IP packets Supported IP protocols and their payloads
Discovering hosts with ARP ping scans
How to do it... How it works... There's more...
MAC address spoofing IPv6 scanning
Performing advanced ping scans
How to do it... How it works... There's more...
Ping probe effectiveness
Discovering hosts with broadcast ping scans
How to do it... How it works... There's more...
Broadcast ping options Target library
Scanning IPv6 addresses
How to do it... How it works... There's more...
IPv6 fingerprinting Discovering new IPv6 targets
Gathering network information with broadcast scripts
How to do it... How it works... There's more...
Script selection Target library
Scanning through proxies
How to do it... How it works... There's more...
Proxychains
Spoofing the origin IP of a scan
Getting ready How to do it... How it works... There's more...
Choosing your zombie host wisely The IP ID sequence number
Reconnaissance Tasks
Introduction Performing IP address geolocation
Getting ready How to do it... How it works... There's more...
Submitting a new geolocation provider
Getting information from WHOIS records
How to do it... How it works... There's more...
Selecting service providers Ignoring referral records Disabling cache
Obtaining traceroute geolocation information
How to do it... How it works... There's more...
Querying Shodan to obtain target information
Getting ready How to do it... How it works... There's more...
Saving the results in CSV files Specifying a single target
Checking whether a host is flagged by Google Safe Browsing for malicious activities
Getting ready How to do it... How it works... There's more...
Collecting valid e-mail accounts and IP addresses from web servers
How to do it... How it works... There's more...
Discovering hostnames pointing to the same IP address
How to do it... How it works... There's more...
Discovering hostnames by brute forcing DNS records
How to do it... How it works... There's more...
Customizing the dictionary Adjusting the number of threads Specifying a DNS server Using the NSE library target
Obtaining profile information from Google's People API
Getting ready How to do it... How it works... There's more...
Matching services with public vulnerability advisories
Getting ready How to do it... How it works... There's more...
Scanning Web Servers
Introduction Listing supported HTTP methods
How to do it... How it works... There's more...
Interesting HTTP methods
Checking whethera web server is an open proxy
How to do it... How it works... There's more...
Discovering interesting files and folders in web servers
How to do it... How it works... There's more...
Using a Nikto database
Abusing mod_userdir to enumerate user accounts
How to do it... How it works... There's more...
Brute forcing HTTP authentication
How to do it... How it works... There's more...
Brute modes
Brute forcing web applications
How to do it... How it works... There's more...
Brute forcing WordPress installations Brute forcing WordPress installations
Detecting web application firewalls
How to do it... How it works... There's more...
Detecting possible XST vulnerabilities
How to do it... How it works... There's more...
Detecting XSS vulnerabilities
How to do it... How it works... There's more...
Finding SQL injection vulnerabilities
How to do it... How it works... There's more...
Detecting web servers vulnerable to slowloris denial of service attacks
How to do it... How it works... There's more...
Finding web applications with default credentials
How to do it... How it works... There's more...
Detecting web applications vulnerable to Shellshock
How to do it... How it works... There's more...
Executing commands remotely
Spidering web servers to find vulnerable applications
Detecting insecure cross-domain policies
How to do it... How it works... There's more...
Finding attacking domains available for purchase
Detecting exposed source code control systems
How to do it... How it works... There's more...
Obtaining information from subversion source code control systems
Auditing the strength of cipher suites in SSL servers
How to do it... How it works... There's more...
Scrapping e-mail accounts from web servers
How to do it... How it works... There's more...
Scanning Databases
Introduction Listing MySQL databases
How to do it... How it works... There's more...
Listing MySQL users
How to do it... How it works... There's more...
Listing MySQL variables
How to do it... How it works... There's more...
Brute forcing MySQL passwords
How to do it... How it works... There's more...
Finding root accounts with an empty password in MySQL servers
How to do it... How it works... There's more...
Detecting insecure configurations in MySQL servers
How to do it... How it works... There's more...
Brute forcing Oracle passwords
How to do it... How it works... There's more...
Brute forcing Oracle SID names
How to do it... How it works... There's more...
Retrieving information from MS SQL servers
How to do it... How it works... There's more...
Force-scanned ports only in NSE scripts for MS SQL
Brute forcing MS SQL passwords
How to do it... How it works... There's more...
Dumping password hashes of MS SQL servers
How to do it... How it works... There's more...
Running commands through xp_cmdshell in MS SQL servers
How to do it... How it works... There's more...
Finding system administrator accounts with empty passwords in MS SQL servers
How to do it... How it works... There's more...
Force-scanned ports only in MS SQL scripts
Obtaining information from MS SQL servers with NTLM enabled
How to do it... How it works... There's more...
Retrieving MongoDB server information
How to do it... How it works... There's more...
Detecting MongoDB instances with no authentication enabled
How to do it... How it works... There's more...
Listing MongoDB databases
How to do it... How it works... There's more...
Listing CouchDB databases
How to do it... How it works... There's more...
Retrieving CouchDB database statistics
How to do it... How it works... There's more...
Detecting Cassandra databases with no authentication enabled
How to do it... How it works... There's more...
Brute forcing Redis passwords
How to do it... How it works... There's more...
Scanning Mail Servers
Introduction Detecting SMTP open relays
How to do it... How it works... There's more...
Brute forcing SMTP passwords
How to do it... How it works... There's more...
Detecting suspicious SMTP servers
How to do it... How it works... There's more...
Enumerating SMTP usernames
How to do it... How it works... There's more...
Brute forcing IMAP passwords
How to do it... How it works... There's more...
Retrieving the capabilities of an IMAP server
How to do it... How it works... There's more...
Brute forcing POP3 passwords
How to do it... How it works... There's more...
Retrieving the capabilities of a POP3 server
How to do it... How it works... There's more...
Retrieving information from SMTP servers with NTLM authentication
How to do it... How it works... There's more...
Scanning Windows Systems
Introduction Obtaining system information from SMB
How to do it... How it works... There's more...
Detecting Windows clients with SMB signing disabled
How to do it... How it works... There's more...
Checking UDP when TCP traffic is blocked Attacking hosts with message signing disabled
Detecting IIS web servers that disclose Windows 8.3 names
How to do it... How it works... There's more...
Bruteforcing Windows 8.3 names Detecting Windows 8.3 names through different HTTP methods
Detecting Windows hosts vulnerable to MS08-067
How to do it... How it works... There's more...
Exploiting MS08-067 Detecting other SMB vulnerabilities
Retrieving the NetBIOS name and MAC address of a host
How to do it... How it works... There's more...
Enumerating user accounts of Windows hosts
How to do it... How it works... There's more...
Selecting LSA bruteforcing or SAMR enumeration exclusively Checking UDP when TCP traffic is blocked
Enumerating shared folders
How to do it... How it works... There's more...
Enumerating SMB sessions
How to do it... How it works...
Preparing a brute force password auditing attack Checking UDP when TCP traffic is blocked
Finding domain controllers
How to do it... How it works... There's more...
Finding domain master browsers Finding DNS servers
Detecting Shadow Brokers' DOUBLEPULSAR SMB implants
How to do it... How it works... There's more...
Scanning ICS SCADA Systems
Introduction Finding common ports used in ICS SCADA systems
How to do it... How it works... There's more...
Finding HMI systems
How to do it... How it works... There's more...
Creating a database for HMI service ports
Enumerating Siemens SIMATIC S7 PLCs
How to do it... How it works... There's more...
Enumerating Modbus devices
How to do it... How it works... There's more...
Enumerating BACnet devices
How to do it... How it works... There's more...
Discovering the BACnet broadcast management device
Enumerating Ethernet/IP devices
How to do it... How it works... There's more...
Enumerating Niagara Fox devices
How to do it... How it works... There's more...
Enumerating ProConOS devices
How to do it... How it works... There's more...
Enumerating Omrom PLC devices
How to do it... How it works... There's more...
Enumerating PCWorx devices
How to do it... How it works...
Optimizing Scans
Introduction Skipping phases to speed up scans
How to do it... How it works... There's more...
Selecting the correct timing template
How to do it... How it works... There's more...
Adjusting timing parameters
How to do it... How it works... There's more...
Estimating round trip times with Nping Displaying the timing settings
Adjusting performance parameters
How to do it... How it works... There's more...
Distributing a scan among several clients using Dnmap
Getting ready How to do it... How it works... There's more...
Dnmap statistics Internet-wide scanning
Generating Scan Reports
Introduction Saving scan results in a normal format
How to do it... How it works... There's more...
Saving scan results in an XML format
How to do it... How it works... There's more...
Structured script output for NSE
Saving scan results to a SQLite database
Getting ready How to do it... How it works... There's more...
Dumping the database in CSV format Fixing outputpbnj
Saving scan results in a grepable format
How to do it... How it works... There's more...
Generating a network topology graph with Zenmap
How to do it... How it works... There's more...
Generating HTML scan reports
Getting ready How to do it... How it works... There's more...
Reporting vulnerability checks
How to do it... How it works... There's more...
Generating PDF reports with fop
Getting ready How to do it... How it works... There's more...
Generating reports in other formats
Saving NSE reports in ElasticSearch
Getting ready How to do it... How it works... There's more...
Writing Your Own NSE Scripts
Introduction Making HTTP requests to identify vulnerable supermicro IPMI/BMC controllers
How to do it... How it works... There's more...
Setting the user agent pragmatically HTTP pipelining
Sending UDP payloads using NSE sockets
How to do it... How it works... There's more...
Generating vulnerability reports in NSE scripts
How to do it... How it works... There's more...
Vulnerability states of the library vulns
Exploiting a path traversal vulnerability with NSE
How to do it... How it works... There's more...
Setting the user agent pragmatically HTTP pipelining
Writing brute force password auditing scripts
How to do it... How it works... There's more...
Crawling web servers to detect vulnerabilities
How to do it... How it works... There's more...
Working with NSE threads, condition variables, and mutexes in NSE
How to do it... How it works... There's more...
Writing a new NSE library in Lua
How to do it... How it works... There's more...
Writing a new NSE library in C/C++
How to do it... How it works... There's more...
Getting your scripts ready for submission
How to do it... How it works... There's more...
HTTP, HTTP Pipelining, and Web Crawling Configuration Options
HTTP user agent HTTP pipelining Configuring the NSE library httpspider
Brute Force Password Auditing Options
Brute modes
NSE Debugging
Debugging NSE scripts Exception handling
Additional Output Options
Saving output in all formats Appending Nmap output logs Including debugging information in output logs Including the reason for a port or host state OS detection in verbose mode
Introduction to Lua
Flow control structures
Conditional statements - if, then, elseif Loops - while Loops - repeat Loops - for
Data types String handling
Character classes Magic characters Patterns
Captures Repetition operators
Concatenation
Finding substrings String repetition String length Formatting strings Splitting and joining strings
Common data structures
Tables Arrays Linked lists Sets Queues Custom data structures
I/O operations
Modes Opening a file Reading a file Writing a file Closing a file
Coroutines
Creating a coroutine Executing a coroutine Determining current coroutine Getting the status of a coroutine Yielding a coroutine
Metatables
Arithmetic methamethods Relational methamethods
Things to remember when working with Lua
Comments Dummy assignments Indexes Semantics Coercion Safe language Booleans
References and Additional Reading
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion