Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
"Hidden" Features
of the Tools We All Love
Vlad Styran
Plan
• Nmap stuff
– Running modes
– Timing
– Reporting
– Scaling
– Troubleshooting
• Other stuff (if any time left)
Nmap running modes
• Root vs User
– sudo to -sS; don’t sudo to -sT
– sudo --unprivileged to -sT
• Port groups
– --top-port...
Nmap timing
• -T3 by default
– paranoid|sneaky|polite|normal|aggressive|insane
• --minhostgroup 4 by default
• --min-paral...
Nmap reporting
• Always save all reports (-oA)
– To have complete track and output
– To be able to resume scans
• XML is y...
Nmap reporting
• Join XML reports
$ head -8 results.xml-00 > results.xml
$ cat results.xml-* | grep -v '<!DOCTYPE' | grep ...
Nmap scaling
• Taras Bobalo’s talk
– Application Security Automation with DevOps
Tools and Clouds
https://www.youtube.com/...
Nmap troubleshooting
• 99% of the time – it ’hangs’
• Change debug level: d = up, shift+d = down
• Press any key for stats...
CLI stuff
• more, less, tail -f
• openssl s_client
• ncat
• for u in $(cat usrl.lst); do curl -x
127.0.0.1:8080 $u > /dev/...
Upcoming SlideShare
Loading in …5
×

Vlad Styran - "Hidden" Features of the Tools We All Love

209 views

Published on

Some efficient but mostly obscure NMap hints.
Follow Vlad on Twitter: https://twitter.com/c2FwcmFu

Published in: Technology
  • Be the first to comment

Vlad Styran - "Hidden" Features of the Tools We All Love

  1. 1. "Hidden" Features of the Tools We All Love Vlad Styran
  2. 2. Plan • Nmap stuff – Running modes – Timing – Reporting – Scaling – Troubleshooting • Other stuff (if any time left)
  3. 3. Nmap running modes • Root vs User – sudo to -sS; don’t sudo to -sT – sudo --unprivileged to -sT • Port groups – --top-ports, --port-ratio, -p- • Nmap Scripting Engine – default (-sC), ssl-cert,ssl-date,ssl-known-key,’http-* and discovery and safe’, ‘vuln and safe’ etc. • Stats monitoring and debug level
  4. 4. Nmap timing • -T3 by default – paranoid|sneaky|polite|normal|aggressive|insane • --minhostgroup 4 by default • --min-parallelism, --max-parallelism • --host-timeout, --script-timeout • --min-rate, --max-rate
  5. 5. Nmap reporting • Always save all reports (-oA) – To have complete track and output – To be able to resume scans • XML is your friend. Seriously. I mean it. – https://github.com/sapran/nmap-xsl $ xsltproc report.xml > report.html $ xsltproc template.xsl report.xml
  6. 6. Nmap reporting • Join XML reports $ head -8 results.xml-00 > results.xml $ cat results.xml-* | grep -v '<!DOCTYPE' | grep -v '<?xml' | grep -v '<!--' | grep -v '<nmaprun' | grep -v '<scaninfo' | grep -v '<verbose' | grep -v '<debugging' | grep -v '<runstats' | grep -v '</runstats>' | grep -v '</nmaprun>' >> results.xml $ tail -3 results.xml-00 >> results.xml
  7. 7. Nmap scaling • Taras Bobalo’s talk – Application Security Automation with DevOps Tools and Clouds https://www.youtube.com/watch?v=EYEwhwsVjJ0 • Distributed Nmap Framework (dnmap) – https://sourceforge.net/p/dnmap/wiki/Home/ • Docker – instrumentisto/nmap
  8. 8. Nmap troubleshooting • 99% of the time – it ’hangs’ • Change debug level: d = up, shift+d = down • Press any key for stats incl. NSE scripts • Restart with --resume from XML results • Use timing optimization – --script-timeout, --host-timeout, – --min-rate, --max-retries • https://secwiki.org/w/FAQ_long_running
  9. 9. CLI stuff • more, less, tail -f • openssl s_client • ncat • for u in $(cat usrl.lst); do curl -x 127.0.0.1:8080 $u > /dev/null & done • You name it!

×