SlideShare a Scribd company logo

Footprinting tools for security auditors

Jose Manuel Ortega Candel
Jose Manuel Ortega Candel

Footprinting tools for security auditors

Technology
1 of 62
Download to read offline
Footprinting for securty auditors Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac
Footprinting for securty auditors Agenda • Information gathering • Footprinting tools • Port scanning with nmap • Nmap scripts
Footprinting for securty auditors Security auditing phases Analyze publicly available information. Set scope of attack and identify key targets. Check for vulnerabilities on each target resource Attack targets using library of tools and techniques Footprint Analysis Who is DNS Lookup Search Engines Enumeration Exploitation Buffer Overflows Spoofing Password Rootkit Scanning Machines Ports Applications
Footprinting for securty auditors Security Track Information Gathering
Footprinting for securty auditors Footprinting (gather target information) ➔ names, addresses, system types, ... Scanning (detect systems and services) ➔ response from network stack, applications, ... Fingerprinting (identify topologies & systems) ➔ network layout, operating systems, services passive passive or active active Enumeration (collect access information) ➔ list of user accounts, share names, … Sniffing (collect network traffic) ➔ addresses, names, information (passwords, ...) Information gathering
Footprinting for securty auditors Footprinting • Identify locations, domain names, IP address ranges, e-mail addresses, dial-in phone numbers, systems used, administrator names, network topology. • Using public information. • Without network /physical connection to the target.
Footprinting for securty auditors Security Track Tools
Footprinting for securty auditors Kali Linux
Footprinting for securty auditors Whois Online Tools • Get information about domains, IP address, DNS • Identify the domain names and associated networks related to a particular organization • https://www.whois.net/ • https://tools.whois.net/ • http://www.whois.com/whois • http://who.is • http://toolbar.netcraft.com/site_report • http://whois.domaintools.com/
Footprinting for securty auditors Netcraft • http://toolbar.netcraft.com/site_report/?url=fosdem.org
Footprinting for securty auditors Whois
Footprinting for securty auditors Whois command
Footprinting for securty auditors Host command • Ge IPv4,v6,mail server
Footprinting for securty auditors Network tools • http://network-tools.com/
Footprinting for securty auditors NETWORK Tools • https://www.dnssniffer.com/networktools
Footprinting for securty auditors
Footprinting for securty auditors Robtex • Provides graphical information from DNS and Whois • https://www.robtex.com/dns-lookup/fosdem.org
Footprinting for securty auditors Robtex
Footprinting for securty auditors Nslookup • Query DNS server in order to extract valuable information about the host machine. • Find names of machines through a domain/zone transfer • Nslookup -d→ list all associated records for the domain
Footprinting for securty auditors Dig /DNS Resolver
Footprinting for securty auditors Dnsmap
Footprinting for securty auditors Dnsenum
Footprinting for securty auditors DnsRecon
Footprinting for securty auditors Zone Transfer • How does one provide security against DNS Interrogation? • Restrict zone transfers to authorized servers. • Set your firewall or router to deny all unauthorized inbound connections to TCP port 53 • Best practice to restrict Zone transfers is review file configuration /etc/bind/named.conf.local
Footprinting for securty auditors Zone Transfer
Footprinting for securty auditors The harvester • Catalogue email address and subdomains from a specific domain. • It works with all the major search engines including Bing and Google. • The objective is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
Footprinting for securty auditors The harvester
Footprinting for securty auditors The harvester
Footprinting for securty auditors Subdomains • https://api.hackertarget.com/hostsearch/?q=fosdem.org
Footprinting for securty auditors Maltego
Footprinting for securty auditors Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint L2 (moderate amount of information gathering) ∙ Footprint L3 (intense and the most complete information gathering)
Footprinting for securty auditors Maltego
Footprinting for securty auditors Shodan
Footprinting for securty auditors Censys.io
Footprinting for securty auditors Mr looquer
Footprinting for securty auditors Web robots • https://wordpress.com/robots.txt • https://wordpress.com/sitemap.xml
Footprinting for securty auditors Web Archive
Footprinting for securty auditors Spider foot
Footprinting for securty auditors Spider foot
Footprinting for securty auditors Scanning tools • Active footprinting • Number and type of opened ports • Type of services running in the servers • Vulnerabilities of the services and software • Nmap is a great tool for discovering Open ports, protocol numbers, OS details, firewall details, etc.
Footprinting for securty auditors Security Track NMAP
Footprinting for securty auditors Nmap Port Scanner • Unix-based port scanner • Support for different scanning techniques • Detects operating system of remote hosts • Many configuration options - timing - scanned port range - scan method • Various front ends for easier handling
Footprinting for securty auditors Zenmap Port Scanner
Footprinting for securty auditors Zenmap Port Scanner
Footprinting for securty auditors Sparta
Footprinting for securty auditors Nmap whois
Footprinting for securty auditors Guessing the Operating System • We can use the --osscan-guess option to force Nmap into discovering the OS.
Footprinting for securty auditors Banner Grabbing nmap -p80 -sV -sT fosdem.org
Footprinting for securty auditors Nmap Script Engine • Simple scripts to automate a wide variety of networking tasks • Are written in Lua programming language. • Network discovery • Vulnerability detection • Backdoor detection • Vulnerability exploitation
Footprinting for securty auditors Nmap Script Engine usr/local/share/nmap/scripts
Footprinting for securty auditors Nmap Script Engine • https://github.com/cldrn/nmap-nse-scripts/tree/master/ scripts
Footprinting for securty auditors Banner grabbing with nmap script nmap --script banner fosdem.org
Footprinting for securty auditors http-enum script nmap -v --script http-enum.nse fosdem.org
Footprinting for securty auditors ↘mysql-databases nmap -v -d -p3306 --script mysql-databases.nse --script-args='mysqluser=root' 192.168.100.8
Footprinting for securty auditors ↘mysql-databases
Footprinting for securty auditors Find vulnerabilities with nmap •XSS / SQL Injection ↘nmap -p80 –script http-unsafe-output-escaping <target> ↘http://svn.dd-wrt.com/browser/src/router/nmap/scripts/http-un safe-output-escaping.nse?rev=28293 ↘https://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.ht ml
Footprinting for securty auditors Security Track Vulnerability Scanner
Footprinting for securty auditors
Footprinting for securty auditors Arachni Vulnerability Scanner
Footprinting for securty auditors Links & References • http://www.0daysecurity.com/penetration-testing/net work-footprinting.html • http://nmap.org/nsedoc/ • https://secwiki.org/w/Nmap/External_Script_Library • https://nmap.org/book/man-os-detection.html • https://hackertarget.com/7-nmap-nse-scripts-recon/
Footprinting for securty auditors Books
Footprinting for securty auditors Security track Thank you! Jose Manuel Ortega @jmortegac

Recommended

The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE MethodRaul Calzada
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 

Recommended

The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE MethodRaul Calzada
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
GDPR
GDPRGDPR
GDPRGopi PD
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Corporate security
Corporate securityCorporate security
Corporate securityJarno Niemela
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python toolsJose Manuel Ortega Candel
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprintingVi Tính Hoàng Nam
 

More Related Content

What's hot

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 

What's hot (20)

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
GDPR
GDPRGDPR
GDPR
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak prevention
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Corporate security
Corporate securityCorporate security
Corporate security
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 

Viewers also liked

2 footprinting ve keşif
2 footprinting ve keşif2 footprinting ve keşif
2 footprinting ve keşiffarukdemir47
 
Groovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesGroovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesFran García
 
Certificaciones Tecnológicas: La acreditación del experto
Certificaciones Tecnológicas: La acreditación del expertoCertificaciones Tecnológicas: La acreditación del experto
Certificaciones Tecnológicas: La acreditación del expertoJose Manuel Ortega Candel
 
Groovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesGroovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesFran García
 
Manual de uso de la web 2.0
Manual de uso de la web 2.0Manual de uso de la web 2.0
Manual de uso de la web 2.0Domingo Gallardo
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security IXatierlike Lee
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisYoram Orzach
 
Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Opersys inc.
 

Viewers also liked (20)

Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
 
2 footprinting ve keşif
2 footprinting ve keşif2 footprinting ve keşif
2 footprinting ve keşif
 
Certificaciones tecnológicas
Certificaciones tecnológicasCertificaciones tecnológicas
Certificaciones tecnológicas
 
Groovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesGroovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicaciones
 
Inteligencia Colectiva
Inteligencia ColectivaInteligencia Colectiva
Inteligencia Colectiva
 
Por su seguridad
Por su seguridadPor su seguridad
Por su seguridad
 
Certificaciones Tecnológicas: La acreditación del experto
Certificaciones Tecnológicas: La acreditación del expertoCertificaciones Tecnológicas: La acreditación del experto
Certificaciones Tecnológicas: La acreditación del experto
 
Herramientas gestion proyectos
Herramientas gestion proyectosHerramientas gestion proyectos
Herramientas gestion proyectos
 
Seguridad en dispositivos móviles
Seguridad en dispositivos móvilesSeguridad en dispositivos móviles
Seguridad en dispositivos móviles
 
Privacidad internet
Privacidad internetPrivacidad internet
Privacidad internet
 
Kanban
KanbanKanban
Kanban
 
Groovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicacionesGroovy&Grails: desarrollo rápido de aplicaciones
Groovy&Grails: desarrollo rápido de aplicaciones
 
Git and git flow
Git and git flowGit and git flow
Git and git flow
 
Manual de uso de la web 2.0
Manual de uso de la web 2.0Manual de uso de la web 2.0
Manual de uso de la web 2.0
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP Analysis
 
Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013
 

Similar to Footprinting tools for security auditors

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gleDug Song
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 

Similar to Footprinting tools for security auditors (20)

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
NMap
NMapNMap
NMap
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gle
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
Nmap
NmapNmap
Nmap
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
Network scan
Network scanNetwork scan
Network scan
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPT
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 

More from Jose Manuel Ortega Candel

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfJose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfJose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfJose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfJose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudJose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Jose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Jose Manuel Ortega Candel
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Jose Manuel Ortega Candel
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanJose Manuel Ortega Candel
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamJose Manuel Ortega Candel
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsJose Manuel Ortega Candel
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorJose Manuel Ortega Candel
 

More from Jose Manuel Ortega Candel (20)

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
 
Python Memory Management 101(Europython)
Python Memory Management 101(Europython)Python Memory Management 101(Europython)
Python Memory Management 101(Europython)
 
SecDevOps containers
SecDevOps containersSecDevOps containers
SecDevOps containers
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Footprinting tools for security auditors

  • 1. Footprinting for securty auditors Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac
  • 2. Footprinting for securty auditors Agenda • Information gathering • Footprinting tools • Port scanning with nmap • Nmap scripts
  • 3. Footprinting for securty auditors Security auditing phases Analyze publicly available information. Set scope of attack and identify key targets. Check for vulnerabilities on each target resource Attack targets using library of tools and techniques Footprint Analysis Who is DNS Lookup Search Engines Enumeration Exploitation Buffer Overflows Spoofing Password Rootkit Scanning Machines Ports Applications
  • 4. Footprinting for securty auditors Security Track Information Gathering
  • 5. Footprinting for securty auditors Footprinting (gather target information) ➔ names, addresses, system types, ... Scanning (detect systems and services) ➔ response from network stack, applications, ... Fingerprinting (identify topologies & systems) ➔ network layout, operating systems, services passive passive or active active Enumeration (collect access information) ➔ list of user accounts, share names, … Sniffing (collect network traffic) ➔ addresses, names, information (passwords, ...) Information gathering
  • 6. Footprinting for securty auditors Footprinting • Identify locations, domain names, IP address ranges, e-mail addresses, dial-in phone numbers, systems used, administrator names, network topology. • Using public information. • Without network /physical connection to the target.
  • 7. Footprinting for securty auditors Security Track Tools
  • 8. Footprinting for securty auditors Kali Linux
  • 9. Footprinting for securty auditors Whois Online Tools • Get information about domains, IP address, DNS • Identify the domain names and associated networks related to a particular organization • https://www.whois.net/ • https://tools.whois.net/ • http://www.whois.com/whois • http://who.is • http://toolbar.netcraft.com/site_report • http://whois.domaintools.com/
  • 10. Footprinting for securty auditors Netcraft • http://toolbar.netcraft.com/site_report/?url=fosdem.org
  • 11. Footprinting for securty auditors Whois
  • 12. Footprinting for securty auditors Whois command
  • 13. Footprinting for securty auditors Host command • Ge IPv4,v6,mail server
  • 14. Footprinting for securty auditors Network tools • http://network-tools.com/
  • 15. Footprinting for securty auditors NETWORK Tools • https://www.dnssniffer.com/networktools
  • 17. Footprinting for securty auditors Robtex • Provides graphical information from DNS and Whois • https://www.robtex.com/dns-lookup/fosdem.org
  • 18. Footprinting for securty auditors Robtex
  • 19. Footprinting for securty auditors Nslookup • Query DNS server in order to extract valuable information about the host machine. • Find names of machines through a domain/zone transfer • Nslookup -d→ list all associated records for the domain
  • 20. Footprinting for securty auditors Dig /DNS Resolver
  • 21. Footprinting for securty auditors Dnsmap
  • 22. Footprinting for securty auditors Dnsenum
  • 23. Footprinting for securty auditors DnsRecon
  • 24. Footprinting for securty auditors Zone Transfer • How does one provide security against DNS Interrogation? • Restrict zone transfers to authorized servers. • Set your firewall or router to deny all unauthorized inbound connections to TCP port 53 • Best practice to restrict Zone transfers is review file configuration /etc/bind/named.conf.local
  • 25. Footprinting for securty auditors Zone Transfer
  • 26. Footprinting for securty auditors The harvester • Catalogue email address and subdomains from a specific domain. • It works with all the major search engines including Bing and Google. • The objective is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
  • 27. Footprinting for securty auditors The harvester
  • 28. Footprinting for securty auditors The harvester
  • 29. Footprinting for securty auditors Subdomains • https://api.hackertarget.com/hostsearch/?q=fosdem.org
  • 30. Footprinting for securty auditors Maltego
  • 31. Footprinting for securty auditors Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint L2 (moderate amount of information gathering) ∙ Footprint L3 (intense and the most complete information gathering)
  • 32. Footprinting for securty auditors Maltego
  • 33. Footprinting for securty auditors Shodan
  • 34. Footprinting for securty auditors Censys.io
  • 35. Footprinting for securty auditors Mr looquer
  • 36. Footprinting for securty auditors Web robots • https://wordpress.com/robots.txt • https://wordpress.com/sitemap.xml
  • 37. Footprinting for securty auditors Web Archive
  • 38. Footprinting for securty auditors Spider foot
  • 39. Footprinting for securty auditors Spider foot
  • 40. Footprinting for securty auditors Scanning tools • Active footprinting • Number and type of opened ports • Type of services running in the servers • Vulnerabilities of the services and software • Nmap is a great tool for discovering Open ports, protocol numbers, OS details, firewall details, etc.
  • 41. Footprinting for securty auditors Security Track NMAP
  • 42. Footprinting for securty auditors Nmap Port Scanner • Unix-based port scanner • Support for different scanning techniques • Detects operating system of remote hosts • Many configuration options - timing - scanned port range - scan method • Various front ends for easier handling
  • 43. Footprinting for securty auditors Zenmap Port Scanner
  • 44. Footprinting for securty auditors Zenmap Port Scanner
  • 45. Footprinting for securty auditors Sparta
  • 46. Footprinting for securty auditors Nmap whois
  • 47. Footprinting for securty auditors Guessing the Operating System • We can use the --osscan-guess option to force Nmap into discovering the OS.
  • 48. Footprinting for securty auditors Banner Grabbing nmap -p80 -sV -sT fosdem.org
  • 49. Footprinting for securty auditors Nmap Script Engine • Simple scripts to automate a wide variety of networking tasks • Are written in Lua programming language. • Network discovery • Vulnerability detection • Backdoor detection • Vulnerability exploitation
  • 50. Footprinting for securty auditors Nmap Script Engine usr/local/share/nmap/scripts
  • 51. Footprinting for securty auditors Nmap Script Engine • https://github.com/cldrn/nmap-nse-scripts/tree/master/ scripts
  • 52. Footprinting for securty auditors Banner grabbing with nmap script nmap --script banner fosdem.org
  • 53. Footprinting for securty auditors http-enum script nmap -v --script http-enum.nse fosdem.org
  • 54. Footprinting for securty auditors ↘mysql-databases nmap -v -d -p3306 --script mysql-databases.nse --script-args='mysqluser=root' 192.168.100.8
  • 55. Footprinting for securty auditors ↘mysql-databases
  • 56. Footprinting for securty auditors Find vulnerabilities with nmap •XSS / SQL Injection ↘nmap -p80 –script http-unsafe-output-escaping <target> ↘http://svn.dd-wrt.com/browser/src/router/nmap/scripts/http-un safe-output-escaping.nse?rev=28293 ↘https://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.ht ml
  • 57. Footprinting for securty auditors Security Track Vulnerability Scanner
  • 59. Footprinting for securty auditors Arachni Vulnerability Scanner
  • 60. Footprinting for securty auditors Links & References • http://www.0daysecurity.com/penetration-testing/net work-footprinting.html • http://nmap.org/nsedoc/ • https://secwiki.org/w/Nmap/External_Script_Library • https://nmap.org/book/man-os-detection.html • https://hackertarget.com/7-nmap-nse-scripts-recon/
  • 61. Footprinting for securty auditors Books
  • 62. Footprinting for securty auditors Security track Thank you! Jose Manuel Ortega @jmortegac