Metasploitable :- Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox.
https://information.rapid7.com/metasploit-framework.html
username: msfadmin
password: msfadmin
--------------------------------------------------------------------------------------------------------------------------
Nmap: -
root@kali:~# nmap
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
https://information.rapid7.com/metasploit-framework.html
username: msfadmin
password: msfadmin
--------------------------------------------------------------------------------------------------------------------------
Nmap: -
root@kali:~# nmap
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
nmap -p 1-65535 192.168.8.2
nmap -Pn 192.168.1.9
nmap -sT 192.168.1.9
nmap -sS 192.168.1.9 By using this less chance to catch by other
nmap -sU 192.168.1.9 UDP scan
If request is blocked then to send the acknowledgement to scan the other machine use below
root@kali:~# nmap -sA 172.31.86.179
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-12 08:21 UTC
Nmap scan report for ip-172-31-86-179.ec2.internal (172.31.86.179)
Host is up (0.0014s latency).
All 1000 scanned ports on ip-172-31-86-179.ec2.internal (172.31.86.179) are unfiltered
MAC Address: 12:74:AD:24:21:51 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds
If only a particular port are open for to accept request then use below
root@kali:~# nmap --source-port 80 172.31.86.179
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-12 08:25 UTC
Nmap scan report for ip-172-31-86-179.ec2.internal (172.31.86.179)
Host is up (0.0011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
MAC Address: 12:74:AD:24:21:51 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
root@kali:~#
If request is blocked then to send the acknowledgement to scan the other machine use below
root@kali:~# nmap -sA 172.31.86.179
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-12 08:21 UTC
Nmap scan report for ip-172-31-86-179.ec2.internal (172.31.86.179)
Host is up (0.0014s latency).
All 1000 scanned ports on ip-172-31-86-179.ec2.internal (172.31.86.179) are unfiltered
MAC Address: 12:74:AD:24:21:51 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds
If only a particular port are open for to accept request then use below
root@kali:~# nmap --source-port 80 172.31.86.179
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-12 08:25 UTC
Nmap scan report for ip-172-31-86-179.ec2.internal (172.31.86.179)
Host is up (0.0011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
MAC Address: 12:74:AD:24:21:51 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
root@kali:~#
nmap --data-length 50 172.31.86.179 To set packet size
nmap --spoof-mac 22:33:44:55:66:77 172.31.86.179 To hide our mac address
-----------------------------------------------------------------------------------------------------------------------
Zenmap it is graphical interface of Nmap
we can do same thing in GUI mode
--------------------------------------------------------------------------------------------------------------------
Using Nmap scripts:-
root@kali:~# cd /usr/share/nmap/
root@kali:/usr/share/nmap# ls
nmap.dtd nmap-mac-prefixes nmap-os-db nmap-payloads nmap-protocols nmap-rpc nmap-service-probes nmap-services nmap.xsl nselib nse_main.lua scripts
root@kali:/usr/share/nmap# cd scripts/
root@kali:/usr/share/nmap/scripts# ls
root@kali:/usr/share/nmap/scripts# ls | grep ssh
root@kali:~# cd /usr/share/nmap/
root@kali:/usr/share/nmap# ls
nmap.dtd nmap-mac-prefixes nmap-os-db nmap-payloads nmap-protocols nmap-rpc nmap-service-probes nmap-services nmap.xsl nselib nse_main.lua scripts
root@kali:/usr/share/nmap# cd scripts/
root@kali:/usr/share/nmap/scripts# ls
root@kali:/usr/share/nmap/scripts# ls | grep ssh
root@kali:/usr/share/nmap/scripts# nmap --script=ssh-brute.nse 172.31.86.179
root@kali:/usr/share/nmap/scripts# nmap --script=ssh-hostkey.nse 172.31.86.179
-------------------------------------------------------------------------------------
root@kali:~# git clone https://github.com/scipag/vulscan.git
root@kali:~# git clone https://github.com/vulnersCom/nmap-vulners.git
root@kali:~# ls
Desktop Documents Downloads Music nmap-vulners Pictures Public Templates Videos vulscan
root@kali:~# mkdir nmapscripts
root@kali:~# ls
Desktop Documents Downloads Music nmapscripts nmap-vulners Pictures Public Templates Videos vulscan
root@kali:~# mv vulscan/ nmapscripts/
root@kali:~# mv nmap-vulners/ nmapscripts/
root@kali:~# ls
Desktop Documents Downloads Music nmapscripts Pictures Public Templates Videos
root@kali:~#
root@kali:~# ls
Desktop Documents Downloads Music nmapscripts Pictures Public Templates Videos
root@kali:~# cd nmapscripts/
root@kali:~/nmapscripts# ls
nmap-vulners vulscan
root@kali:~/nmapscripts# ls
nmap-vulners vulscan
root@kali:~/nmapscripts# nmap --script vulscan,nmap-vulners -sV 172.31.86.179
-------------------------------------------------------------------------------------------------------------------
amap:- This is same as nmap tool
Excellent blog I visit this blog it's really awesome. The important thing is that in this blog content written clearly and understandable. The content of information is very informative.We are also providing the best services click on below links to visit our website.
ReplyDeleteOracle Fusion HCM Training
Workday Training
Okta Training
Palo Alto Training
Adobe Analytics Training