SlideShare a Scribd company logo
1 of 14
Download to read offline
UDP Hunter
NETWORK ASSESSMENT TOOL
#whoami – Savan Gadhiya
•Principal Security Consultant at NotSoSecure
•Hacker, Security Researcher, Developer and Bounty Hunter ☺
•9 years of experience in Information Technology
•Master of Engineering in IT Systems and Network Security
•LinkedIn: https://in.linkedin.com/in/gadhiyasavan
•Twitter: @gadhiyasavan
•Blog: https://www.gadhiyasavan.com
UDP – User Datagram Protocol
•Unreliable delivery
• Send UDP probe and wait for response
• UDP packets can be dropped, lost, timeout etc.
• No acknowledgements, no guarantee
•Connectionless
• Unlike TCP, UDP does not establish a connection
• We can just send and receive packets – No 3-Way Handshake (SYN, SYN-ACK, ACK)
•Useful for time sensitive applications
• Streaming
• VoIP
UDP – User Datagram Protocol – Example
•Domain Name Service(DNS) – Port 53
• Used for domain name resolution
• Sends a packet(UDP) with a hostname to resolve it
• Response would be it’s IP address
• Process takes around 2 packets with UDP – TCP would require more than 4
UDP Scanning
•Sends a UDP packet to the port
• UDP reply - the port is open
• ICMP unreachable – the port is closed
• No response – the port is open or filtered
•Challenges
• Slow and painful exercise
• There is no connection
• Some services only responds to valid packet and if the packet sent is what the system expect to see
• Not reliable
• ICMP replies are usually rate-limited by hosts, dropped by firewall etc.
UDP Scanning(Cont.)
•Limited tool choices
• Nmap
• Amap
• Unicornscan
• UDP Proto Scanner
•Protocol restrictions
• Limited IPv6 based tools
What is UDP Hunter?
•Python based open source network assessment tool
•Supports IPv4 and IPv6
•25 UDP probes supported
•Bulk UDP probe scanning of large network
•Targeted host, service, probe scanning
•Guidance to exploit the identified services
•Neat text reporting
How does UDP Hunter work?
•Creates list of IP addresses from IP range
•Supports domain names – UDP Hunter resolves IP to perform scanning
•Sends UDP probes to all listed IPs
•UDP Hunter sniffs the network traffic particularly for UDP
•Reports UDP service if it get response of UDP probes
Supported UDP Probes
• ike - 500 port
• rpc / RPCCheck - 111 port
• ntp / NTPRequest - 123 port
• snmp-public / SNMPv3GetRequest - 161 port
• ms-sql / ms-sql-slam - 1434 port
• netop - 6502 port
• tftp - 69 port
• db2 - 523 port
• citrix - 1604 port
• echo - 7 port
• chargen - 19 port
• systat - 11 port
• daytime / time - 13 port
• DNSStatusRequest / DNSVersionBindReq - 53 port
• NBTStat - 137 port
• xdmcp - 177 port
• net-support - 5405 port
• mdns-zeroconf - 5353 port
• gtpv1 - 2123 port
UDP Hunter – Setup
• Download the tool from here or Clone the repository:
• git clone https://github.com/NotSoSecure/udp-hunter
• Requirements:
• Python 3.x
• Python Modules - also mentioned in “requirements.txt” file
• netaddr
• colorama
• argparse
• ifaddr
• datetime
• Install all required modules:
• pip3 install -r requirements.txt
• Configuration files required:
• udp.txt - This file contains UDP probes
• udphelp.txt - This file contains list of tools, suggestions for each UDP probes or services
python3 udp-hunter.py
UDP Hunter – Asciinema - Demo
•Setup
• https://asciinema.org/a/305052
•Usage of UDP Hunter
• https://asciinema.org/a/305053
Credits
•UDP probes are mainly taken from:
• amap
• ike-scan
• nmap and
• udp-proto-scanner
•Inspiration for the scanning code was drawn from udp-proto-scanner
Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html
UDP Hunter – Future Work
•Add more UDP probes
•Different reporting formats
•Update exploitation related helps
Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html

More Related Content

What's hot

Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014Netgate
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide Bishop Fox
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Netgate
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Netgate
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Netgate
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresPavel Odintsov
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016Netgate
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Netgate
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Netgate
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015Netgate
 

What's hot (19)

Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014Advanced OpenVPN Concepts - pfSense Hangout September 2014
Advanced OpenVPN Concepts - pfSense Hangout September 2014
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
 
Enumeration
EnumerationEnumeration
Enumeration
 
NMAP
NMAPNMAP
NMAP
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
 
SRX Automation at Groupon
SRX Automation at GrouponSRX Automation at Groupon
SRX Automation at Groupon
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 

Similar to UDP Hunter

NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYVinil Patel
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptsumita02
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptjepoy808
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptanakorang28
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
hacking and crecjing
hacking and crecjinghacking and crecjing
hacking and crecjingparth jasani
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceSam Bowne
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-IManageEngine
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the CloudLahav Savir
 

Similar to UDP Hunter (20)

26 security2
26 security226 security2
26 security2
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.ppt
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
TCP-IP PROTOCOL
TCP-IP PROTOCOLTCP-IP PROTOCOL
TCP-IP PROTOCOL
 
Chap 1 Network Theory & Java Overview
Chap 1   Network Theory & Java OverviewChap 1   Network Theory & Java Overview
Chap 1 Network Theory & Java Overview
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
hacking and crecjing
hacking and crecjinghacking and crecjing
hacking and crecjing
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-I
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis Tools
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
 

Recently uploaded

architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfWSO2
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA -  Language Models and Knowledge Graphs: A Systems ApproachKLARNA -  Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachNeo4j
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMok TH
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024vaibhav130304
 
AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAlluxio, Inc.
 
Naer Toolbar Redesign - Usability Research Synthesis
Naer Toolbar Redesign - Usability Research SynthesisNaer Toolbar Redesign - Usability Research Synthesis
Naer Toolbar Redesign - Usability Research Synthesisparimabajra
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignNeo4j
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdfkalichargn70th171
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1KnowledgeSeed
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesNeo4j
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Soroosh Khodami
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Andrea Goulet
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024Shane Coughlan
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfQ-Advise
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfDeskTrack
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...OnePlan Solutions
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Henry Schreiner
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabbereGrabber
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 

Recently uploaded (20)

architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA -  Language Models and Knowledge Graphs: A Systems ApproachKLARNA -  Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptx
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
 
AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning Framework
 
Naer Toolbar Redesign - Usability Research Synthesis
Naer Toolbar Redesign - Usability Research SynthesisNaer Toolbar Redesign - Usability Research Synthesis
Naer Toolbar Redesign - Usability Research Synthesis
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by Design
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabber
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 

UDP Hunter

  • 2. #whoami – Savan Gadhiya •Principal Security Consultant at NotSoSecure •Hacker, Security Researcher, Developer and Bounty Hunter ☺ •9 years of experience in Information Technology •Master of Engineering in IT Systems and Network Security •LinkedIn: https://in.linkedin.com/in/gadhiyasavan •Twitter: @gadhiyasavan •Blog: https://www.gadhiyasavan.com
  • 3. UDP – User Datagram Protocol •Unreliable delivery • Send UDP probe and wait for response • UDP packets can be dropped, lost, timeout etc. • No acknowledgements, no guarantee •Connectionless • Unlike TCP, UDP does not establish a connection • We can just send and receive packets – No 3-Way Handshake (SYN, SYN-ACK, ACK) •Useful for time sensitive applications • Streaming • VoIP
  • 4. UDP – User Datagram Protocol – Example •Domain Name Service(DNS) – Port 53 • Used for domain name resolution • Sends a packet(UDP) with a hostname to resolve it • Response would be it’s IP address • Process takes around 2 packets with UDP – TCP would require more than 4
  • 5. UDP Scanning •Sends a UDP packet to the port • UDP reply - the port is open • ICMP unreachable – the port is closed • No response – the port is open or filtered •Challenges • Slow and painful exercise • There is no connection • Some services only responds to valid packet and if the packet sent is what the system expect to see • Not reliable • ICMP replies are usually rate-limited by hosts, dropped by firewall etc.
  • 6. UDP Scanning(Cont.) •Limited tool choices • Nmap • Amap • Unicornscan • UDP Proto Scanner •Protocol restrictions • Limited IPv6 based tools
  • 7. What is UDP Hunter? •Python based open source network assessment tool •Supports IPv4 and IPv6 •25 UDP probes supported •Bulk UDP probe scanning of large network •Targeted host, service, probe scanning •Guidance to exploit the identified services •Neat text reporting
  • 8. How does UDP Hunter work? •Creates list of IP addresses from IP range •Supports domain names – UDP Hunter resolves IP to perform scanning •Sends UDP probes to all listed IPs •UDP Hunter sniffs the network traffic particularly for UDP •Reports UDP service if it get response of UDP probes
  • 9. Supported UDP Probes • ike - 500 port • rpc / RPCCheck - 111 port • ntp / NTPRequest - 123 port • snmp-public / SNMPv3GetRequest - 161 port • ms-sql / ms-sql-slam - 1434 port • netop - 6502 port • tftp - 69 port • db2 - 523 port • citrix - 1604 port • echo - 7 port • chargen - 19 port • systat - 11 port • daytime / time - 13 port • DNSStatusRequest / DNSVersionBindReq - 53 port • NBTStat - 137 port • xdmcp - 177 port • net-support - 5405 port • mdns-zeroconf - 5353 port • gtpv1 - 2123 port
  • 10. UDP Hunter – Setup • Download the tool from here or Clone the repository: • git clone https://github.com/NotSoSecure/udp-hunter • Requirements: • Python 3.x • Python Modules - also mentioned in “requirements.txt” file • netaddr • colorama • argparse • ifaddr • datetime • Install all required modules: • pip3 install -r requirements.txt • Configuration files required: • udp.txt - This file contains UDP probes • udphelp.txt - This file contains list of tools, suggestions for each UDP probes or services
  • 12. UDP Hunter – Asciinema - Demo •Setup • https://asciinema.org/a/305052 •Usage of UDP Hunter • https://asciinema.org/a/305053
  • 13. Credits •UDP probes are mainly taken from: • amap • ike-scan • nmap and • udp-proto-scanner •Inspiration for the scanning code was drawn from udp-proto-scanner Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html
  • 14. UDP Hunter – Future Work •Add more UDP probes •Different reporting formats •Update exploitation related helps Read More: https://www.gadhiyasavan.com/2020/02/udp-hunter.html