Successfully reported this slideshow.

Vlad Styran - "Hidden" Features of the Tools We All Love

2

Share

Upcoming SlideShare
Hardening ssh configurations
Hardening ssh configurations
Loading in …3
×
1 of 9
1 of 9

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Vlad Styran - "Hidden" Features of the Tools We All Love

  1. 1. "Hidden" Features of the Tools We All Love Vlad Styran
  2. 2. Plan • Nmap stuff – Running modes – Timing – Reporting – Scaling – Troubleshooting • Other stuff (if any time left)
  3. 3. Nmap running modes • Root vs User – sudo to -sS; don’t sudo to -sT – sudo --unprivileged to -sT • Port groups – --top-ports, --port-ratio, -p- • Nmap Scripting Engine – default (-sC), ssl-cert,ssl-date,ssl-known-key,’http-* and discovery and safe’, ‘vuln and safe’ etc. • Stats monitoring and debug level
  4. 4. Nmap timing • -T3 by default – paranoid|sneaky|polite|normal|aggressive|insane • --minhostgroup 4 by default • --min-parallelism, --max-parallelism • --host-timeout, --script-timeout • --min-rate, --max-rate
  5. 5. Nmap reporting • Always save all reports (-oA) – To have complete track and output – To be able to resume scans • XML is your friend. Seriously. I mean it. – https://github.com/sapran/nmap-xsl $ xsltproc report.xml > report.html $ xsltproc template.xsl report.xml
  6. 6. Nmap reporting • Join XML reports $ head -8 results.xml-00 > results.xml $ cat results.xml-* | grep -v '<!DOCTYPE' | grep -v '<?xml' | grep -v '<!--' | grep -v '<nmaprun' | grep -v '<scaninfo' | grep -v '<verbose' | grep -v '<debugging' | grep -v '<runstats' | grep -v '</runstats>' | grep -v '</nmaprun>' >> results.xml $ tail -3 results.xml-00 >> results.xml
  7. 7. Nmap scaling • Taras Bobalo’s talk – Application Security Automation with DevOps Tools and Clouds https://www.youtube.com/watch?v=EYEwhwsVjJ0 • Distributed Nmap Framework (dnmap) – https://sourceforge.net/p/dnmap/wiki/Home/ • Docker – instrumentisto/nmap
  8. 8. Nmap troubleshooting • 99% of the time – it ’hangs’ • Change debug level: d = up, shift+d = down • Press any key for stats incl. NSE scripts • Restart with --resume from XML results • Use timing optimization – --script-timeout, --host-timeout, – --min-rate, --max-retries • https://secwiki.org/w/FAQ_long_running
  9. 9. CLI stuff • more, less, tail -f • openssl s_client • ncat • for u in $(cat usrl.lst); do curl -x 127.0.0.1:8080 $u > /dev/null & done • You name it!

×