SlideShare a Scribd company logo

UDP Hunter

Download as PPTX, PDF
OWASP Delhi
OWASP Delhi

Combined (NullDelhi + OWASPDelhi) Webinar on UDP Hunter by Savan Gadhiya on 10th May, 2020. For the full video, please visit - https://www.youtube.com/watch?v=yLEL5XrzFyE

1 of 14
UDP Hunter NETWORK ASSESSMENT TOOL
#whoami – Savan Gadhiya •Principal Security Consultant at NotSoSecure •Hacker, Security Researcher, Developer and Bounty Hunter  •9 years of experience in Information Technology •Master of Engineering in IT Systems and Network Security •LinkedIn: https://in.linkedin.com/in/gadhiyasavan •Twitter: @gadhiyasavan •Blog: https://www.gadhiyasavan.com
UDP – User Datagram Protocol •Unreliable delivery • Send UDP probe and wait for response • UDP packets can be dropped, lost, timeout etc. • No acknowledgements, no guarantee •Connectionless • Unlike TCP, UDP does not establish a connection • We can just send and receive packets – No 3-Way Handshake (SYN, SYN-ACK, ACK) •Useful for time sensitive applications • Streaming • VoIP
UDP – User Datagram Protocol – Example •Domain Name Service(DNS) – Port 53 • Used for domain name resolution • Sends a packet(UDP) with a hostname to resolve it • Response would be it’s IP address • Process takes around 2 packets with UDP – TCP would require more than 4
UDP Scanning •Sends a UDP packet to the port • UDP reply - the port is open • ICMP unreachable – the port is closed • No response – the port is open or filtered •Challenges • Slow and painful exercise • There is no connection • Some services only responds to valid packet and if the packet sent is what the system expect to see • Not reliable • ICMP replies are usually rate-limited by hosts, dropped by firewall etc.
UDP Scanning(Cont.) •Limited tool choices • Nmap • Amap • Unicornscan • UDP Proto Scanner •Protocol restrictions • Limited IPv6 based tools
What is UDP Hunter? •Python based open source network assessment tool •Supports IPv4 and IPv6 •25 UDP probes supported •Bulk UDP probe scanning of large network •Targeted host, service, probe scanning •Guidance to exploit the identified services •Neat text reporting
How does UDP Hunter work? •Creates list of IP addresses from IP range •Supports domain names – UDP Hunter resolves IP to perform scanning •Sends UDP probes to all listed IPs •UDP Hunter sniffs the network traffic particularly for UDP •Reports UDP service if it get response of UDP probes
Supported UDP Probes • ike - 500 port • rpc / RPCCheck - 111 port • ntp / NTPRequest - 123 port • snmp-public / SNMPv3GetRequest - 161 port • ms-sql / ms-sql-slam - 1434 port • netop - 6502 port • tftp - 69 port • db2 - 523 port • citrix - 1604 port • echo - 7 port • chargen - 19 port • systat - 11 port • daytime / time - 13 port • DNSStatusRequest / DNSVersionBindReq - 53 port • NBTStat - 137 port • xdmcp - 177 port • net-support - 5405 port • mdns-zeroconf - 5353 port • gtpv1 - 2123 port
UDP Hunter – Setup • Download the tool from here or Clone the repository: • git clone https://github.com/NotSoSecure/udp-hunter • Requirements: • Python 3.x • Python Modules - also mentioned in “requirements.txt” file • netaddr • colorama • argparse • ifaddr • datetime • Install all required modules: • pip3 install -r requirements.txt • Configuration files required: • udp.txt - This file contains UDP probes • udphelp.txt - This file contains list of tools, suggestions for each UDP probes or services
python3 udp-hunter.py
UDP Hunter – Asciinema - Demo •Setup • https://asciinema.org/a/305052 •Usage of UDP Hunter • https://asciinema.org/a/305053
Credits •UDP probes are mainly taken from: • amap • ike-scan • nmap and • udp-proto-scanner •Inspiration for the scanning code was drawn from udp-proto-scanner Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html
UDP Hunter – Future Work •Add more UDP probes •Different reporting formats •Update exploitation related helps Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html

Recommended

UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
Savan Gadhiya
 
Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014
Netgate
 
Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015
Netgate
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Netgate
 
Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014
Netgate
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015
Netgate
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Netgate
 

Recommended

UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
Savan Gadhiya
 
Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014
Netgate
 
Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015
Netgate
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Netgate
 
Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014
Netgate
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015
Netgate
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Netgate
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
Netgate
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Netgate
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Netgate
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016
Netgate
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat Security Conference
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
Pavel Odintsov
 
SRX Automation at Groupon
SRX Automation at GrouponSRX Automation at Groupon
SRX Automation at Groupon
Alejandro Salinas
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
gocybersec
 
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Netgate
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Netgate
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017
Netgate
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
Chandrapal Badshah
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Netgate
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
Netgate
 
Remote Access VPNs Part 2 - pfSense Hangout October 2015
Remote Access VPNs Part 2 - pfSense Hangout October 2015Remote Access VPNs Part 2 - pfSense Hangout October 2015
Remote Access VPNs Part 2 - pfSense Hangout October 2015
Netgate
 
Intro to Multi-WAN - pfSense Hangout April 2014
Intro to Multi-WAN - pfSense Hangout April 2014Intro to Multi-WAN - pfSense Hangout April 2014
Intro to Multi-WAN - pfSense Hangout April 2014
Netgate
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec Intro
Netgate
 
DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
Pavel Odintsov
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis Tools
Sam Bowne
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
Pavel Odintsov
 
26 security2
26 security226 security2
26 security2congiodiqua
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
Vinil Patel
 

More Related Content

What's hot

Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
Netgate
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Netgate
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Netgate
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016
Netgate
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat Security Conference
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
Pavel Odintsov
 
SRX Automation at Groupon
SRX Automation at GrouponSRX Automation at Groupon
SRX Automation at Groupon
Alejandro Salinas
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
gocybersec
 
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Netgate
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Netgate
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017
Netgate
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
Chandrapal Badshah
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Netgate
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
Netgate
 
Remote Access VPNs Part 2 - pfSense Hangout October 2015
Remote Access VPNs Part 2 - pfSense Hangout October 2015Remote Access VPNs Part 2 - pfSense Hangout October 2015
Remote Access VPNs Part 2 - pfSense Hangout October 2015
Netgate
 
Intro to Multi-WAN - pfSense Hangout April 2014
Intro to Multi-WAN - pfSense Hangout April 2014Intro to Multi-WAN - pfSense Hangout April 2014
Intro to Multi-WAN - pfSense Hangout April 2014
Netgate
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec Intro
Netgate
 
DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
Pavel Odintsov
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis Tools
Sam Bowne
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
Pavel Odintsov
 

What's hot (20)

Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
SRX Automation at Groupon
SRX Automation at GrouponSRX Automation at Groupon
SRX Automation at Groupon
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
 
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 
Remote Access VPNs Part 2 - pfSense Hangout October 2015
Remote Access VPNs Part 2 - pfSense Hangout October 2015Remote Access VPNs Part 2 - pfSense Hangout October 2015
Remote Access VPNs Part 2 - pfSense Hangout October 2015
 
Intro to Multi-WAN - pfSense Hangout April 2014
Intro to Multi-WAN - pfSense Hangout April 2014Intro to Multi-WAN - pfSense Hangout April 2014
Intro to Multi-WAN - pfSense Hangout April 2014
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec Intro
 
DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis Tools
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 

Similar to UDP Hunter

NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
Vinil Patel
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
sumita02
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
jepoy808
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
anakorang28
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
Llobarro2
 
Security attacks
Security attacksSecurity attacks
Security attacks
Tejaswi Potluri
 
TCP-IP PROTOCOL
TCP-IP PROTOCOLTCP-IP PROTOCOL
TCP-IP PROTOCOL
Osama Ghandour Geris
 
Chap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewChap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java Overview
Ministry of Higher Education
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
Sam Bowne
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
Cengage Learning
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-I
ManageEngine
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
hibaehed
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
Sam Bowne
 
hacking and crecjing
hacking and crecjinghacking and crecjing
hacking and crecjing
parth jasani
 
topicCybersecurity_4
topicCybersecurity_4topicCybersecurity_4
topicCybersecurity_4
Anne Starr
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
Empatiq İletişim Teknolojileri AŞ.
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
Gluster.org
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
Yossi Sassi
 

Similar to UDP Hunter (20)

26 security2
26 security226 security2
26 security2
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
TCP-IP PROTOCOL
TCP-IP PROTOCOLTCP-IP PROTOCOL
TCP-IP PROTOCOL
 
Chap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewChap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java Overview
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-I
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
 
hacking and crecjing
hacking and crecjinghacking and crecjing
hacking and crecjing
 
topicCybersecurity_4
topicCybersecurity_4topicCybersecurity_4
topicCybersecurity_4
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
OWASP Delhi
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
OWASP Delhi
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
OWASP Delhi
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
OWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
OWASP Delhi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
OWASP Delhi
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
OWASP Delhi
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
OWASP Delhi
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
OWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
OWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
OWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
OWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
 

Recently uploaded

special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
DhatriParmar
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
gb193092
 

Recently uploaded (20)

special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
 

UDP Hunter

  • 2. #whoami – Savan Gadhiya •Principal Security Consultant at NotSoSecure •Hacker, Security Researcher, Developer and Bounty Hunter  •9 years of experience in Information Technology •Master of Engineering in IT Systems and Network Security •LinkedIn: https://in.linkedin.com/in/gadhiyasavan •Twitter: @gadhiyasavan •Blog: https://www.gadhiyasavan.com
  • 3. UDP – User Datagram Protocol •Unreliable delivery • Send UDP probe and wait for response • UDP packets can be dropped, lost, timeout etc. • No acknowledgements, no guarantee •Connectionless • Unlike TCP, UDP does not establish a connection • We can just send and receive packets – No 3-Way Handshake (SYN, SYN-ACK, ACK) •Useful for time sensitive applications • Streaming • VoIP
  • 4. UDP – User Datagram Protocol – Example •Domain Name Service(DNS) – Port 53 • Used for domain name resolution • Sends a packet(UDP) with a hostname to resolve it • Response would be it’s IP address • Process takes around 2 packets with UDP – TCP would require more than 4
  • 5. UDP Scanning •Sends a UDP packet to the port • UDP reply - the port is open • ICMP unreachable – the port is closed • No response – the port is open or filtered •Challenges • Slow and painful exercise • There is no connection • Some services only responds to valid packet and if the packet sent is what the system expect to see • Not reliable • ICMP replies are usually rate-limited by hosts, dropped by firewall etc.
  • 6. UDP Scanning(Cont.) •Limited tool choices • Nmap • Amap • Unicornscan • UDP Proto Scanner •Protocol restrictions • Limited IPv6 based tools
  • 7. What is UDP Hunter? •Python based open source network assessment tool •Supports IPv4 and IPv6 •25 UDP probes supported •Bulk UDP probe scanning of large network •Targeted host, service, probe scanning •Guidance to exploit the identified services •Neat text reporting
  • 8. How does UDP Hunter work? •Creates list of IP addresses from IP range •Supports domain names – UDP Hunter resolves IP to perform scanning •Sends UDP probes to all listed IPs •UDP Hunter sniffs the network traffic particularly for UDP •Reports UDP service if it get response of UDP probes
  • 9. Supported UDP Probes • ike - 500 port • rpc / RPCCheck - 111 port • ntp / NTPRequest - 123 port • snmp-public / SNMPv3GetRequest - 161 port • ms-sql / ms-sql-slam - 1434 port • netop - 6502 port • tftp - 69 port • db2 - 523 port • citrix - 1604 port • echo - 7 port • chargen - 19 port • systat - 11 port • daytime / time - 13 port • DNSStatusRequest / DNSVersionBindReq - 53 port • NBTStat - 137 port • xdmcp - 177 port • net-support - 5405 port • mdns-zeroconf - 5353 port • gtpv1 - 2123 port
  • 10. UDP Hunter – Setup • Download the tool from here or Clone the repository: • git clone https://github.com/NotSoSecure/udp-hunter • Requirements: • Python 3.x • Python Modules - also mentioned in “requirements.txt” file • netaddr • colorama • argparse • ifaddr • datetime • Install all required modules: • pip3 install -r requirements.txt • Configuration files required: • udp.txt - This file contains UDP probes • udphelp.txt - This file contains list of tools, suggestions for each UDP probes or services
  • 12. UDP Hunter – Asciinema - Demo •Setup • https://asciinema.org/a/305052 •Usage of UDP Hunter • https://asciinema.org/a/305053
  • 13. Credits •UDP probes are mainly taken from: • amap • ike-scan • nmap and • udp-proto-scanner •Inspiration for the scanning code was drawn from udp-proto-scanner Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html
  • 14. UDP Hunter – Future Work •Add more UDP probes •Different reporting formats •Update exploitation related helps Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html