SlideShare a Scribd company logo

Footprinting tools for security auditors

Jose Manuel Ortega Candel
Jose Manuel Ortega Candel

Footprinting tools for security auditors

Technology
1 of 62
Download to read offline
Footprinting for securty auditors Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac
Footprinting for securty auditors Agenda • Information gathering • Footprinting tools • Port scanning with nmap • Nmap scripts
Footprinting for securty auditors Security auditing phases Analyze publicly available information. Set scope of attack and identify key targets. Check for vulnerabilities on each target resource Attack targets using library of tools and techniques Footprint Analysis Who is DNS Lookup Search Engines Enumeration Exploitation Buffer Overflows Spoofing Password Rootkit Scanning Machines Ports Applications
Footprinting for securty auditors Security Track Information Gathering
Footprinting for securty auditors Footprinting (gather target information) ➔ names, addresses, system types, ... Scanning (detect systems and services) ➔ response from network stack, applications, ... Fingerprinting (identify topologies & systems) ➔ network layout, operating systems, services passive passive or active active Enumeration (collect access information) ➔ list of user accounts, share names, … Sniffing (collect network traffic) ➔ addresses, names, information (passwords, ...) Information gathering
Footprinting for securty auditors Footprinting • Identify locations, domain names, IP address ranges, e-mail addresses, dial-in phone numbers, systems used, administrator names, network topology. • Using public information. • Without network /physical connection to the target.
Footprinting for securty auditors Security Track Tools
Footprinting for securty auditors Kali Linux
Footprinting for securty auditors Whois Online Tools • Get information about domains, IP address, DNS • Identify the domain names and associated networks related to a particular organization • https://www.whois.net/ • https://tools.whois.net/ • http://www.whois.com/whois • http://who.is • http://toolbar.netcraft.com/site_report • http://whois.domaintools.com/
Footprinting for securty auditors Netcraft • http://toolbar.netcraft.com/site_report/?url=fosdem.org
Footprinting for securty auditors Whois
Footprinting for securty auditors Whois command
Footprinting for securty auditors Host command • Ge IPv4,v6,mail server
Footprinting for securty auditors Network tools • http://network-tools.com/
Footprinting for securty auditors NETWORK Tools • https://www.dnssniffer.com/networktools
Footprinting for securty auditors
Footprinting for securty auditors Robtex • Provides graphical information from DNS and Whois • https://www.robtex.com/dns-lookup/fosdem.org
Footprinting for securty auditors Robtex
Footprinting for securty auditors Nslookup • Query DNS server in order to extract valuable information about the host machine. • Find names of machines through a domain/zone transfer • Nslookup -d→ list all associated records for the domain
Footprinting for securty auditors Dig /DNS Resolver
Footprinting for securty auditors Dnsmap
Footprinting for securty auditors Dnsenum
Footprinting for securty auditors DnsRecon
Footprinting for securty auditors Zone Transfer • How does one provide security against DNS Interrogation? • Restrict zone transfers to authorized servers. • Set your firewall or router to deny all unauthorized inbound connections to TCP port 53 • Best practice to restrict Zone transfers is review file configuration /etc/bind/named.conf.local
Footprinting for securty auditors Zone Transfer
Footprinting for securty auditors The harvester • Catalogue email address and subdomains from a specific domain. • It works with all the major search engines including Bing and Google. • The objective is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
Footprinting for securty auditors The harvester
Footprinting for securty auditors The harvester
Footprinting for securty auditors Subdomains • https://api.hackertarget.com/hostsearch/?q=fosdem.org
Footprinting for securty auditors Maltego
Footprinting for securty auditors Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint L2 (moderate amount of information gathering) ∙ Footprint L3 (intense and the most complete information gathering)
Footprinting for securty auditors Maltego
Footprinting for securty auditors Shodan
Footprinting for securty auditors Censys.io
Footprinting for securty auditors Mr looquer
Footprinting for securty auditors Web robots • https://wordpress.com/robots.txt • https://wordpress.com/sitemap.xml
Footprinting for securty auditors Web Archive
Footprinting for securty auditors Spider foot
Footprinting for securty auditors Spider foot
Footprinting for securty auditors Scanning tools • Active footprinting • Number and type of opened ports • Type of services running in the servers • Vulnerabilities of the services and software • Nmap is a great tool for discovering Open ports, protocol numbers, OS details, firewall details, etc.
Footprinting for securty auditors Security Track NMAP
Footprinting for securty auditors Nmap Port Scanner • Unix-based port scanner • Support for different scanning techniques • Detects operating system of remote hosts • Many configuration options - timing - scanned port range - scan method • Various front ends for easier handling
Footprinting for securty auditors Zenmap Port Scanner
Footprinting for securty auditors Zenmap Port Scanner
Footprinting for securty auditors Sparta
Footprinting for securty auditors Nmap whois
Footprinting for securty auditors Guessing the Operating System • We can use the --osscan-guess option to force Nmap into discovering the OS.
Footprinting for securty auditors Banner Grabbing nmap -p80 -sV -sT fosdem.org
Footprinting for securty auditors Nmap Script Engine • Simple scripts to automate a wide variety of networking tasks • Are written in Lua programming language. • Network discovery • Vulnerability detection • Backdoor detection • Vulnerability exploitation
Footprinting for securty auditors Nmap Script Engine usr/local/share/nmap/scripts
Footprinting for securty auditors Nmap Script Engine • https://github.com/cldrn/nmap-nse-scripts/tree/master/ scripts
Footprinting for securty auditors Banner grabbing with nmap script nmap --script banner fosdem.org
Footprinting for securty auditors http-enum script nmap -v --script http-enum.nse fosdem.org
Footprinting for securty auditors ↘mysql-databases nmap -v -d -p3306 --script mysql-databases.nse --script-args='mysqluser=root' 192.168.100.8
Footprinting for securty auditors ↘mysql-databases
Footprinting for securty auditors Find vulnerabilities with nmap •XSS / SQL Injection ↘nmap -p80 –script http-unsafe-output-escaping <target> ↘http://svn.dd-wrt.com/browser/src/router/nmap/scripts/http-un safe-output-escaping.nse?rev=28293 ↘https://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.ht ml
Footprinting for securty auditors Security Track Vulnerability Scanner
Footprinting for securty auditors
Footprinting for securty auditors Arachni Vulnerability Scanner
Footprinting for securty auditors Links & References • http://www.0daysecurity.com/penetration-testing/net work-footprinting.html • http://nmap.org/nsedoc/ • https://secwiki.org/w/Nmap/External_Script_Library • https://nmap.org/book/man-os-detection.html • https://hackertarget.com/7-nmap-nse-scripts-recon/
Footprinting for securty auditors Books
Footprinting for securty auditors Security track Thank you! Jose Manuel Ortega @jmortegac

Recommended

Monitoring &amp; alerting presentation sabin&amp;mustafa
Monitoring &amp; alerting presentation sabin&amp;mustafaMonitoring &amp; alerting presentation sabin&amp;mustafa
Monitoring &amp; alerting presentation sabin&amp;mustafa
Lama K Banna
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
Brian Honan
 
Recommendation system
Recommendation system Recommendation system
Recommendation system
Vikrant Arya
 
Pinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ UberPinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ Uber
Xiang Fu
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo
 
Data council SF 2020 Building a Personalized Messaging System at Netflix
Data council SF 2020 Building a Personalized Messaging System at NetflixData council SF 2020 Building a Personalized Messaging System at Netflix
Data council SF 2020 Building a Personalized Messaging System at Netflix
Grace T. Huang
 

Recommended

Monitoring &amp; alerting presentation sabin&amp;mustafa
Monitoring &amp; alerting presentation sabin&amp;mustafaMonitoring &amp; alerting presentation sabin&amp;mustafa
Monitoring &amp; alerting presentation sabin&amp;mustafa
Lama K Banna
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
Brian Honan
 
Recommendation system
Recommendation system Recommendation system
Recommendation system
Vikrant Arya
 
Pinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ UberPinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ Uber
Xiang Fu
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo
 
Data council SF 2020 Building a Personalized Messaging System at Netflix
Data council SF 2020 Building a Personalized Messaging System at NetflixData council SF 2020 Building a Personalized Messaging System at Netflix
Data council SF 2020 Building a Personalized Messaging System at Netflix
Grace T. Huang
 
Big data landscape
Big data landscapeBig data landscape
Big data landscape
Natalino Busa
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
xKinAnx
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt
omalreda
 
Suricata
SuricataSuricata
Suricata
tex_morgan
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Best Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesBest Practices for Forwarder Hierarchies
Best Practices for Forwarder Hierarchies
Splunk
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
Splunk
 
[Final]collaborative filtering and recommender systems
[Final]collaborative filtering and recommender systems[Final]collaborative filtering and recommender systems
[Final]collaborative filtering and recommender systems
Falitokiniaina Rabearison
 
Collaborative Filtering with Spark
Collaborative Filtering with SparkCollaborative Filtering with Spark
Collaborative Filtering with Spark
Chris Johnson
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
John Hubbard
 
Spectrum Scale Memory Usage
Spectrum Scale Memory UsageSpectrum Scale Memory Usage
Spectrum Scale Memory Usage
Tomer Perry
 
TAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
TAGNN: Target Attentive Graph Neural Networks for Session-based RecommendationTAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
TAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
Fatemeh Ghorbani
 
Splunk
SplunkSplunk
Splunk
Deep Mehta
 
Floating point units
Floating point unitsFloating point units
Floating point units
dipugovind
 
Recent Trends in Personalization at Netflix
Recent Trends in Personalization at NetflixRecent Trends in Personalization at Netflix
Recent Trends in Personalization at Netflix
Förderverein Technische Fakultät
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided Tour
Splunk
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
Jason Williams
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
chuckbt
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)
Aung Thu Rha Hein
 
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
Sumit Rangwala
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
Jose Manuel Ortega Candel
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
 

More Related Content

What's hot

Best Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesBest Practices for Forwarder Hierarchies
Best Practices for Forwarder Hierarchies
Splunk
 
TAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
TAGNN: Target Attentive Graph Neural Networks for Session-based RecommendationTAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
TAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
Fatemeh Ghorbani
 
Floating point units
Floating point unitsFloating point units
Floating point units
dipugovind
 
Recent Trends in Personalization at Netflix
Recent Trends in Personalization at NetflixRecent Trends in Personalization at Netflix
Recent Trends in Personalization at Netflix
Förderverein Technische Fakultät
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
Jason Williams
 
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
Sumit Rangwala
 

What's hot (20)

Big data landscape
Big data landscapeBig data landscape
Big data landscape
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt
 
Suricata
SuricataSuricata
Suricata
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Best Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesBest Practices for Forwarder Hierarchies
Best Practices for Forwarder Hierarchies
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
 
[Final]collaborative filtering and recommender systems
[Final]collaborative filtering and recommender systems[Final]collaborative filtering and recommender systems
[Final]collaborative filtering and recommender systems
 
Collaborative Filtering with Spark
Collaborative Filtering with SparkCollaborative Filtering with Spark
Collaborative Filtering with Spark
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Spectrum Scale Memory Usage
Spectrum Scale Memory UsageSpectrum Scale Memory Usage
Spectrum Scale Memory Usage
 
TAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
TAGNN: Target Attentive Graph Neural Networks for Session-based RecommendationTAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
TAGNN: Target Attentive Graph Neural Networks for Session-based Recommendation
 
Splunk
SplunkSplunk
Splunk
 
Floating point units
Floating point unitsFloating point units
Floating point units
 
Recent Trends in Personalization at Netflix
Recent Trends in Personalization at NetflixRecent Trends in Personalization at Netflix
Recent Trends in Personalization at Netflix
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided Tour
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)
 
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
[QCon.ai 2019] People You May Know: Fast Recommendations Over Massive Data
 

Viewers also liked

2 footprinting ve keşif
2 footprinting ve keşif2 footprinting ve keşif
2 footprinting ve keşif
farukdemir47
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
Xatierlike Lee
 
Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013
Opersys inc.
 

Viewers also liked (20)

Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
 
2 footprinting ve keşif
2 footprinting ve keşif2 footprinting ve keşif
2 footprinting ve keşif
 
Certificaciones tecnológicas
Certificaciones tecnológicasCertificaciones tecnológicas
Certificaciones tecnológicas
 
Groovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesGroovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicaciones
 
Inteligencia Colectiva
Inteligencia ColectivaInteligencia Colectiva
Inteligencia Colectiva
 
Por su seguridad
Por su seguridadPor su seguridad
Por su seguridad
 
Certificaciones Tecnológicas: La acreditación del experto
Certificaciones Tecnológicas: La acreditación del expertoCertificaciones Tecnológicas: La acreditación del experto
Certificaciones Tecnológicas: La acreditación del experto
 
Herramientas gestion proyectos
Herramientas gestion proyectosHerramientas gestion proyectos
Herramientas gestion proyectos
 
Seguridad en dispositivos móviles
Seguridad en dispositivos móvilesSeguridad en dispositivos móviles
Seguridad en dispositivos móviles
 
Privacidad internet
Privacidad internetPrivacidad internet
Privacidad internet
 
Kanban
KanbanKanban
Kanban
 
Groovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesGroovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicaciones
 
Git and git flow
Git and git flowGit and git flow
Git and git flow
 
Manual de uso de la web 2.0
Manual de uso de la web 2.0Manual de uso de la web 2.0
Manual de uso de la web 2.0
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP Analysis
 
Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013
 

Similar to Footprinting tools for security auditors

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Boston Institute of Analytics
 

Similar to Footprinting tools for security auditors (20)

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
NMap
NMapNMap
NMap
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gle
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
Nmap
NmapNmap
Nmap
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
Network scan
Network scanNetwork scan
Network scan
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPT
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 

More from Jose Manuel Ortega Candel

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Jose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
Jose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
Jose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
Jose Manuel Ortega Candel
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
Jose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
Jose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
Jose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
Jose Manuel Ortega Candel
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
Jose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
Jose Manuel Ortega Candel
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
Jose Manuel Ortega Candel
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Jose Manuel Ortega Candel
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
Jose Manuel Ortega Candel
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
Jose Manuel Ortega Candel
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
Jose Manuel Ortega Candel
 

More from Jose Manuel Ortega Candel (20)

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
 
Python Memory Management 101(Europython)
Python Memory Management 101(Europython)Python Memory Management 101(Europython)
Python Memory Management 101(Europython)
 
SecDevOps containers
SecDevOps containersSecDevOps containers
SecDevOps containers
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 

Recently uploaded (20)

WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 

Footprinting tools for security auditors

  • 1. Footprinting for securty auditors Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac
  • 2. Footprinting for securty auditors Agenda • Information gathering • Footprinting tools • Port scanning with nmap • Nmap scripts
  • 3. Footprinting for securty auditors Security auditing phases Analyze publicly available information. Set scope of attack and identify key targets. Check for vulnerabilities on each target resource Attack targets using library of tools and techniques Footprint Analysis Who is DNS Lookup Search Engines Enumeration Exploitation Buffer Overflows Spoofing Password Rootkit Scanning Machines Ports Applications
  • 4. Footprinting for securty auditors Security Track Information Gathering
  • 5. Footprinting for securty auditors Footprinting (gather target information) ➔ names, addresses, system types, ... Scanning (detect systems and services) ➔ response from network stack, applications, ... Fingerprinting (identify topologies & systems) ➔ network layout, operating systems, services passive passive or active active Enumeration (collect access information) ➔ list of user accounts, share names, … Sniffing (collect network traffic) ➔ addresses, names, information (passwords, ...) Information gathering
  • 6. Footprinting for securty auditors Footprinting • Identify locations, domain names, IP address ranges, e-mail addresses, dial-in phone numbers, systems used, administrator names, network topology. • Using public information. • Without network /physical connection to the target.
  • 7. Footprinting for securty auditors Security Track Tools
  • 8. Footprinting for securty auditors Kali Linux
  • 9. Footprinting for securty auditors Whois Online Tools • Get information about domains, IP address, DNS • Identify the domain names and associated networks related to a particular organization • https://www.whois.net/ • https://tools.whois.net/ • http://www.whois.com/whois • http://who.is • http://toolbar.netcraft.com/site_report • http://whois.domaintools.com/
  • 10. Footprinting for securty auditors Netcraft • http://toolbar.netcraft.com/site_report/?url=fosdem.org
  • 11. Footprinting for securty auditors Whois
  • 12. Footprinting for securty auditors Whois command
  • 13. Footprinting for securty auditors Host command • Ge IPv4,v6,mail server
  • 14. Footprinting for securty auditors Network tools • http://network-tools.com/
  • 15. Footprinting for securty auditors NETWORK Tools • https://www.dnssniffer.com/networktools
  • 17. Footprinting for securty auditors Robtex • Provides graphical information from DNS and Whois • https://www.robtex.com/dns-lookup/fosdem.org
  • 18. Footprinting for securty auditors Robtex
  • 19. Footprinting for securty auditors Nslookup • Query DNS server in order to extract valuable information about the host machine. • Find names of machines through a domain/zone transfer • Nslookup -d→ list all associated records for the domain
  • 20. Footprinting for securty auditors Dig /DNS Resolver
  • 21. Footprinting for securty auditors Dnsmap
  • 22. Footprinting for securty auditors Dnsenum
  • 23. Footprinting for securty auditors DnsRecon
  • 24. Footprinting for securty auditors Zone Transfer • How does one provide security against DNS Interrogation? • Restrict zone transfers to authorized servers. • Set your firewall or router to deny all unauthorized inbound connections to TCP port 53 • Best practice to restrict Zone transfers is review file configuration /etc/bind/named.conf.local
  • 25. Footprinting for securty auditors Zone Transfer
  • 26. Footprinting for securty auditors The harvester • Catalogue email address and subdomains from a specific domain. • It works with all the major search engines including Bing and Google. • The objective is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
  • 27. Footprinting for securty auditors The harvester
  • 28. Footprinting for securty auditors The harvester
  • 29. Footprinting for securty auditors Subdomains • https://api.hackertarget.com/hostsearch/?q=fosdem.org
  • 30. Footprinting for securty auditors Maltego
  • 31. Footprinting for securty auditors Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint L2 (moderate amount of information gathering) ∙ Footprint L3 (intense and the most complete information gathering)
  • 32. Footprinting for securty auditors Maltego
  • 33. Footprinting for securty auditors Shodan
  • 34. Footprinting for securty auditors Censys.io
  • 35. Footprinting for securty auditors Mr looquer
  • 36. Footprinting for securty auditors Web robots • https://wordpress.com/robots.txt • https://wordpress.com/sitemap.xml
  • 37. Footprinting for securty auditors Web Archive
  • 38. Footprinting for securty auditors Spider foot
  • 39. Footprinting for securty auditors Spider foot
  • 40. Footprinting for securty auditors Scanning tools • Active footprinting • Number and type of opened ports • Type of services running in the servers • Vulnerabilities of the services and software • Nmap is a great tool for discovering Open ports, protocol numbers, OS details, firewall details, etc.
  • 41. Footprinting for securty auditors Security Track NMAP
  • 42. Footprinting for securty auditors Nmap Port Scanner • Unix-based port scanner • Support for different scanning techniques • Detects operating system of remote hosts • Many configuration options - timing - scanned port range - scan method • Various front ends for easier handling
  • 43. Footprinting for securty auditors Zenmap Port Scanner
  • 44. Footprinting for securty auditors Zenmap Port Scanner
  • 45. Footprinting for securty auditors Sparta
  • 46. Footprinting for securty auditors Nmap whois
  • 47. Footprinting for securty auditors Guessing the Operating System • We can use the --osscan-guess option to force Nmap into discovering the OS.
  • 48. Footprinting for securty auditors Banner Grabbing nmap -p80 -sV -sT fosdem.org
  • 49. Footprinting for securty auditors Nmap Script Engine • Simple scripts to automate a wide variety of networking tasks • Are written in Lua programming language. • Network discovery • Vulnerability detection • Backdoor detection • Vulnerability exploitation
  • 50. Footprinting for securty auditors Nmap Script Engine usr/local/share/nmap/scripts
  • 51. Footprinting for securty auditors Nmap Script Engine • https://github.com/cldrn/nmap-nse-scripts/tree/master/ scripts
  • 52. Footprinting for securty auditors Banner grabbing with nmap script nmap --script banner fosdem.org
  • 53. Footprinting for securty auditors http-enum script nmap -v --script http-enum.nse fosdem.org
  • 54. Footprinting for securty auditors ↘mysql-databases nmap -v -d -p3306 --script mysql-databases.nse --script-args='mysqluser=root' 192.168.100.8
  • 55. Footprinting for securty auditors ↘mysql-databases
  • 56. Footprinting for securty auditors Find vulnerabilities with nmap •XSS / SQL Injection ↘nmap -p80 –script http-unsafe-output-escaping <target> ↘http://svn.dd-wrt.com/browser/src/router/nmap/scripts/http-un safe-output-escaping.nse?rev=28293 ↘https://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.ht ml
  • 57. Footprinting for securty auditors Security Track Vulnerability Scanner
  • 59. Footprinting for securty auditors Arachni Vulnerability Scanner
  • 60. Footprinting for securty auditors Links & References • http://www.0daysecurity.com/penetration-testing/net work-footprinting.html • http://nmap.org/nsedoc/ • https://secwiki.org/w/Nmap/External_Script_Library • https://nmap.org/book/man-os-detection.html • https://hackertarget.com/7-nmap-nse-scripts-recon/
  • 61. Footprinting for securty auditors Books
  • 62. Footprinting for securty auditors Security track Thank you! Jose Manuel Ortega @jmortegac