#Network analysis footprinting and information gathering (using linux-kali-rolling)
- Information gathering
- Determining the network range
- Identifying active machines
- Finding open ports and access points
- OS fingerprinting
- Fingerprinting services
- Mapping the network
scripts to use with nmap to detect vulnerability's
exploit-db
nmap scanme.nmap.org -vv
nmap -sP 10.0.0.0/8 -vv
scan local network ping sweep of hosts
nmap -sP 192.168.2.1/24
or nmap $1 -n -sP | grep report | awk '{print $5}'
or arp -a -n
finds all live hosts on network
nmap -oG - 192.168.1.0-255 -p 22 -vv > /home/SCAN
cat SCAN | grep Up
this is to see what ports are open
just print out ip addresses and print to another file
cat SCAN | grep Up | awk -F " " '{print $2}' > /home/SCAN2
now pass file list to nmap and do a full scan on each ip
nmap -iL SCAN2 -vv
curl ipinfo.io/74.207.244.221
returns a json object same info as whois
{
"ip": "74.207.244.221",
"hostname": "li86-221.members.linode.com",
"city": "Fremont",
"region": "California",
"country": "US",
"loc": "37.5483,-121.9886",
"org": "AS63949 Linode, LLC",
"postal": "94536"
}
nslookup www.cisco.com
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
www.cisco.com canonical name = www.cisco.com.akadns.net.
www.cisco.com.akadns.net canonical name = wwwds.cisco.com.edgekey.net.
wwwds.cisco.com.edgekey.net canonical name = wwwds.cisco.com.edgekey.net.globalredir.akadns.net.
wwwds.cisco.com.edgekey.net.globalredir.akadns.net canonical name = e144.dscb.akamaiedge.net.
Name: e144.dscb.akamaiedge.net
Address: 23.202.80.170
traceroute www.host.com
here
nmap -p80 --script http-tplink-dir-traversal.nse --script-args rfile=/etc/topology.conf -d -n -Pn <target>
- install script from [download](Download: http://nmap.org/svn/scripts/http-tplink-dir-traversal.nse)
locate *.nse