SlideShare ist ein Scribd-Unternehmen logo

Pet Pen Testing Tools: Zenmap & Nmap

Als PPTX, PDF herunterladen
Matt Vieyra
Matt Vieyra

A presentation on the security tools Zenmap and Nmap including their features and demonstrations.

Technologie
1 von 33
PET PEN TESTING TOOLS: ZENMAP & NMAP CI 320 MattVieyra
Sites with Pen testing tools  https://www.kali.org/  http://www.aircrack-ng.org/  http://portswigger.net/  http://www.ettercap-project.org/  http://www.openwall.com/john/  https://www.kismetwireless.net/  http://www.paterva.com/web5/client/overview.php  https://www.metasploit.com/  https://nmap.org/  https://www.owasp.org/index.php/ZAP  https://www.wireshark.org/
NMAP  Nmap (Network Mapper) a security scanner written by Gordon Lyon  Discover hosts and services on computer network  Nmap sends specially crafted packets to target host(s) and analyses responses.  Provides a number of features such as operating system detection.
Background on Nmap  Nmap traditionally runs in the command-line  Use of scripts to provide more advanced service detection  Can adapt to network conditions including latency and congestion during a scan.
Nmap  Nmap can adapt to network conditions including:  Latency  Congestion  Started as a Linux only utility but has been ported to other operating systems such asWindows, Solaris, HP-UX, BSD variants (such as macOS), AmigaOS, and IRIX.  User community continues to develop and refine Nmap.
Download and Installation  Nmap.org is official web page for Nmap  https://nmap.org/download.html is the link to the download section of the web site  Site organized byWindows binaries, Linux RPM Sources and Binaries, Mac OS X Binaries, Source Code Distribution, and Other Operating Systems.
Using Nmap: IP Address
Using Nmap: hostname
Using Nmap: Scanning Network
Using Nmap: OS detection
Nmap: Scripts
Background on Zenmap  Zenmap is the official graphical user interface for the Nmap Security Scanner.  It is free and open source and available on a variety of platforms including Windows, macOS, and Linux.  It is designed to make using Nmap easy for beginners and provides advanced features for experts
Zenmap: Features  Frequently used scan can be saved as profiles making them easy to run repeatedly.  A command creator allows interactive creation of Nmap command lines.  Scanned results can be saved and used later.  Saved scan results can be compared to see how they differ.  Results are saved in a searchable database.
Setup and Installation  Zenmap comes preinstalled on Kali version 2016.2 and no setup required.  The app can be found under Application --> Information Gathering
Setup and Installation  If Zenmap is missing or need to be reinstalled there are two main ways to go about installation  The first and easiest is to use the apt (Advanced PackageTool) package manager to install the Nmap package with the command apt-get install zenmap
Setup and Installation  The second method is to download the Nmap RPM files and convert the to deb files to install in Debian. First go to the nmap download website at https://nmap.org/do wnload.html
Setup and Installation  Download the version of Nmap that matches your architecture; either 64bit (x86- 64) or 32bit (x86)  Don’t forget to download the Zenmap RPM as well
Setup and Installation  In order to convert a RPM file to deb file we need the alien command  If alien is not installed your can install it from the terminal and entering the command apt-get install alien  Generate a Debian package with a command such as sudo alien nmap-5.21-1.x86_64.rpm  Install the Debian package with a command such as sudo dpkg --install nmap_5.21-2_amd64.deb  Repeat steps for the Zenmap RPM
Step by Step Operation  Launch the Zenmap app by navigating to Application --> Information Gathering
Step By Step Operation  Enter a target in the target dialog box  You can specify the command that you want to use or you can select a profile from the drop down with premade commands
Step by Step Operation  You can type either a DNS name or a IP address to scan
Step by Step Operation  When the scan finishes it will list ports that are open and the protocol in use
Step by Step Operation  To get more information on the ports select the Ports tab it will list open and filtered ports.
Step by step operation  The topology tab will present a network map
Step by step operation  Host details will show details on the host scan
Scans
Saving and Loading  To save individual scans choose “save Scan” from “Scan” menu (or use keyvoard shortcut crtl+S)  If there are more than one scan you will be asked which one to save.  You have the choice as saving as “Nmap XML format” (.xml) or “Nmap text format” (.nmap)
Saving and Loading  The XML format is the only format that can be opened again by Zenmap.  You can save all scan by selecting “Save All Scans to Directory” in the “Scan” menu.  When saving an inventory for the first time you will create a new directory.  In subsequent saves you can continue to save to the same directory.
Recent Scans Database  Scan results not saved are stored automatically in a database.  Scan results the are loaded and then modified by not resaved are stored in the database.  Database is stored in a file called zenmap.db  Its location is platform-dependent.
Comparing Scans  Its common to want to run same scan at different times or run slightly different scans and see how they differ  Zenmap provides interface to compare scan results  Open the comparison tool by selecting “Compare Results” from “Tools” menu.  Zenmap supports comparing two scan results at the same time.
Comparing Scans
How to secure a network against Zenmap  To secure against Zenmap its important to close unused ports  Services will keep ports open as long as they’re open ( such as FTP ). Close unused services as well.  OS fingerprinting is accomplished thru banner grapping of certain services (like FTP).  Depending on the OS on the host there are a variety of solutions to mask your OS. Check the page https://nmap.org/misc/defeat-nmap-osdetect.html for OS specific solutions.
Citations  https://nmap.org/misc/defeat-nmap- osdetect.html  https://nmap.org/zenmap/  https://nmap.org/download.html  https://nmap.org/book/install.html

Empfohlen

Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Zen map
Zen mapZen map
Zen mapharisnaved
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 

Empfohlen

Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Zen map
Zen mapZen map
Zen mapharisnaved
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Ansible
AnsibleAnsible
AnsibleKnoldus Inc.
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
Nmap
NmapNmap
NmapMegha Sahu
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 
How Netflix Tunes EC2 Instances for Performance
How Netflix Tunes EC2 Instances for PerformanceHow Netflix Tunes EC2 Instances for Performance
How Netflix Tunes EC2 Instances for PerformanceBrendan Gregg
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
Linux Hardening
Linux HardeningLinux Hardening
Linux HardeningMichael Boelen
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
Apache ppt
Apache pptApache ppt
Apache pptpoornima sugumaran
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...inside-BigData.com
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
Networking in linux
Networking in linuxNetworking in linux
Networking in linuxVarnnit Jain
 
Yum (Linux)
Yum (Linux) Yum (Linux)
Yum (Linux) Raghu nath
 
Approaching package manager
Approaching package managerApproaching package manager
Approaching package managerTimur Safin
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLaticiaGrissomzz
 

Weitere ähnliche Inhalte

Was ist angesagt?

netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
How Netflix Tunes EC2 Instances for Performance
How Netflix Tunes EC2 Instances for PerformanceHow Netflix Tunes EC2 Instances for Performance
How Netflix Tunes EC2 Instances for PerformanceBrendan Gregg
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...inside-BigData.com
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Networking in linux
Networking in linuxNetworking in linux
Networking in linuxVarnnit Jain
 

Was ist angesagt? (20)

netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptables
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Ansible
AnsibleAnsible
Ansible
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Nmap
NmapNmap
Nmap
 
Nmap
NmapNmap
Nmap
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
How Netflix Tunes EC2 Instances for Performance
How Netflix Tunes EC2 Instances for PerformanceHow Netflix Tunes EC2 Instances for Performance
How Netflix Tunes EC2 Instances for Performance
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Tools kali
Tools kaliTools kali
Tools kali
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Apache ppt
Apache pptApache ppt
Apache ppt
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)
 
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Networking in linux
Networking in linuxNetworking in linux
Networking in linux
 
Yum (Linux)
Yum (Linux) Yum (Linux)
Yum (Linux)
 

Ähnlich wie Pet Pen Testing Tools: Zenmap & Nmap

Approaching package manager
Approaching package managerApproaching package manager
Approaching package managerTimur Safin
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLaticiaGrissomzz
 
Naresh
NareshNaresh
NareshNaresh
 
Suji May12
Suji May12Suji May12
Suji May12ksujitha
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.Marc Trimble
 
OSMC 2012 | PMp - another approach to configure Nagios by Pierre Waellemacq
OSMC 2012 | PMp - another approach to configure Nagios by Pierre WaellemacqOSMC 2012 | PMp - another approach to configure Nagios by Pierre Waellemacq
OSMC 2012 | PMp - another approach to configure Nagios by Pierre WaellemacqNETWAYS
 
2016 manta raypresentation_av_scanning_disclaimer
2016 manta raypresentation_av_scanning_disclaimer2016 manta raypresentation_av_scanning_disclaimer
2016 manta raypresentation_av_scanning_disclaimerDoug Koster
 
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...JimmyBkk
 
Monitoring MySQL with DTrace/SystemTap
Monitoring MySQL with DTrace/SystemTapMonitoring MySQL with DTrace/SystemTap
Monitoring MySQL with DTrace/SystemTapPadraig O'Sullivan
 

Ähnlich wie Pet Pen Testing Tools: Zenmap & Nmap (20)

Approaching package manager
Approaching package managerApproaching package manager
Approaching package manager
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
 
Nmap
NmapNmap
Nmap
 
Naresh
NareshNaresh
Naresh
 
SnapDiff
SnapDiffSnapDiff
SnapDiff
 
Suji May12
Suji May12Suji May12
Suji May12
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
Installation Of Lamp
Installation Of LampInstallation Of Lamp
Installation Of Lamp
 
SnapDiff
SnapDiffSnapDiff
SnapDiff
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
 
OSMC 2012 | PMp - another approach to configure Nagios by Pierre Waellemacq
OSMC 2012 | PMp - another approach to configure Nagios by Pierre WaellemacqOSMC 2012 | PMp - another approach to configure Nagios by Pierre Waellemacq
OSMC 2012 | PMp - another approach to configure Nagios by Pierre Waellemacq
 
2016 manta raypresentation_av_scanning_disclaimer
2016 manta raypresentation_av_scanning_disclaimer2016 manta raypresentation_av_scanning_disclaimer
2016 manta raypresentation_av_scanning_disclaimer
 
nir
nirnir
nir
 
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed ...
 
Backtrack Manual Part4
Backtrack Manual Part4Backtrack Manual Part4
Backtrack Manual Part4
 
Linux16 RPM
Linux16 RPMLinux16 RPM
Linux16 RPM
 
Monitoring MySQL with DTrace/SystemTap
Monitoring MySQL with DTrace/SystemTapMonitoring MySQL with DTrace/SystemTap
Monitoring MySQL with DTrace/SystemTap
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdf
 
Raptor user manual3.0
Raptor user manual3.0Raptor user manual3.0
Raptor user manual3.0
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Pet Pen Testing Tools: Zenmap & Nmap

  • 1. PET PEN TESTING TOOLS: ZENMAP & NMAP CI 320 MattVieyra
  • 2. Sites with Pen testing tools  https://www.kali.org/  http://www.aircrack-ng.org/  http://portswigger.net/  http://www.ettercap-project.org/  http://www.openwall.com/john/  https://www.kismetwireless.net/  http://www.paterva.com/web5/client/overview.php  https://www.metasploit.com/  https://nmap.org/  https://www.owasp.org/index.php/ZAP  https://www.wireshark.org/
  • 3. NMAP  Nmap (Network Mapper) a security scanner written by Gordon Lyon  Discover hosts and services on computer network  Nmap sends specially crafted packets to target host(s) and analyses responses.  Provides a number of features such as operating system detection.
  • 4. Background on Nmap  Nmap traditionally runs in the command-line  Use of scripts to provide more advanced service detection  Can adapt to network conditions including latency and congestion during a scan.
  • 5. Nmap  Nmap can adapt to network conditions including:  Latency  Congestion  Started as a Linux only utility but has been ported to other operating systems such asWindows, Solaris, HP-UX, BSD variants (such as macOS), AmigaOS, and IRIX.  User community continues to develop and refine Nmap.
  • 6. Download and Installation  Nmap.org is official web page for Nmap  https://nmap.org/download.html is the link to the download section of the web site  Site organized byWindows binaries, Linux RPM Sources and Binaries, Mac OS X Binaries, Source Code Distribution, and Other Operating Systems.
  • 7. Using Nmap: IP Address
  • 10. Using Nmap: OS detection
  • 12. Background on Zenmap  Zenmap is the official graphical user interface for the Nmap Security Scanner.  It is free and open source and available on a variety of platforms including Windows, macOS, and Linux.  It is designed to make using Nmap easy for beginners and provides advanced features for experts
  • 13. Zenmap: Features  Frequently used scan can be saved as profiles making them easy to run repeatedly.  A command creator allows interactive creation of Nmap command lines.  Scanned results can be saved and used later.  Saved scan results can be compared to see how they differ.  Results are saved in a searchable database.
  • 14. Setup and Installation  Zenmap comes preinstalled on Kali version 2016.2 and no setup required.  The app can be found under Application --> Information Gathering
  • 15. Setup and Installation  If Zenmap is missing or need to be reinstalled there are two main ways to go about installation  The first and easiest is to use the apt (Advanced PackageTool) package manager to install the Nmap package with the command apt-get install zenmap
  • 16. Setup and Installation  The second method is to download the Nmap RPM files and convert the to deb files to install in Debian. First go to the nmap download website at https://nmap.org/do wnload.html
  • 17. Setup and Installation  Download the version of Nmap that matches your architecture; either 64bit (x86- 64) or 32bit (x86)  Don’t forget to download the Zenmap RPM as well
  • 18. Setup and Installation  In order to convert a RPM file to deb file we need the alien command  If alien is not installed your can install it from the terminal and entering the command apt-get install alien  Generate a Debian package with a command such as sudo alien nmap-5.21-1.x86_64.rpm  Install the Debian package with a command such as sudo dpkg --install nmap_5.21-2_amd64.deb  Repeat steps for the Zenmap RPM
  • 19. Step by Step Operation  Launch the Zenmap app by navigating to Application --> Information Gathering
  • 20. Step By Step Operation  Enter a target in the target dialog box  You can specify the command that you want to use or you can select a profile from the drop down with premade commands
  • 21. Step by Step Operation  You can type either a DNS name or a IP address to scan
  • 22. Step by Step Operation  When the scan finishes it will list ports that are open and the protocol in use
  • 23. Step by Step Operation  To get more information on the ports select the Ports tab it will list open and filtered ports.
  • 24. Step by step operation  The topology tab will present a network map
  • 25. Step by step operation  Host details will show details on the host scan
  • 26. Scans
  • 27. Saving and Loading  To save individual scans choose “save Scan” from “Scan” menu (or use keyvoard shortcut crtl+S)  If there are more than one scan you will be asked which one to save.  You have the choice as saving as “Nmap XML format” (.xml) or “Nmap text format” (.nmap)
  • 28. Saving and Loading  The XML format is the only format that can be opened again by Zenmap.  You can save all scan by selecting “Save All Scans to Directory” in the “Scan” menu.  When saving an inventory for the first time you will create a new directory.  In subsequent saves you can continue to save to the same directory.
  • 29. Recent Scans Database  Scan results not saved are stored automatically in a database.  Scan results the are loaded and then modified by not resaved are stored in the database.  Database is stored in a file called zenmap.db  Its location is platform-dependent.
  • 30. Comparing Scans  Its common to want to run same scan at different times or run slightly different scans and see how they differ  Zenmap provides interface to compare scan results  Open the comparison tool by selecting “Compare Results” from “Tools” menu.  Zenmap supports comparing two scan results at the same time.
  • 32. How to secure a network against Zenmap  To secure against Zenmap its important to close unused ports  Services will keep ports open as long as they’re open ( such as FTP ). Close unused services as well.  OS fingerprinting is accomplished thru banner grapping of certain services (like FTP).  Depending on the OS on the host there are a variety of solutions to mask your OS. Check the page https://nmap.org/misc/defeat-nmap-osdetect.html for OS specific solutions.
  • 33. Citations  https://nmap.org/misc/defeat-nmap- osdetect.html  https://nmap.org/zenmap/  https://nmap.org/download.html  https://nmap.org/book/install.html