Penetration Testing
Nmap Sep 30 2011 09:17PM
Ukpong (ukpong ukpong gmail com) (3 replies)
Re: Nmap Oct 02 2011 02:37AM
Jeffory Atkinson (jatkinson zelvin com) (1 replies)
Re: Nmap Oct 02 2011 09:35PM
John M. Martinelli (john martinelli redlevel org) (2 replies)
Re: Nmap Jan 02 2012 05:03PM
Juan Pablo (juan quine gmail com) (1 replies)
RE: Nmap Jan 02 2012 08:59PM
S Walker (walker_s hotmail co uk)
Opinions on Burp Suite Web App Scanner Oct 12 2011 03:31PM
Derrenbacker, L. Jonathan (JDerrenbacker KSHGS com) (5 replies)
Re: Opinions on Burp Suite Web App Scanner Oct 12 2011 05:14PM
Robin Wood (robin digininja org)
RE: Opinions on Burp Suite Web App Scanner Oct 12 2011 04:41PM
Ben de Bont (bendebont gmail com) (1 replies)
Re: Opinions on Burp Suite Web App Scanner Oct 19 2011 05:15AM
Meenal Mukadam (meenal mukadam gmail com) (1 replies)
Re: Opinions on Burp Suite Web App Scanner Oct 21 2011 01:24PM
Yiannis Koukouras (ikoukouras gmail com)
Re: Opinions on Burp Suite Web App Scanner Oct 12 2011 04:38PM
Fabio Cerullo (fcerullo gmail com)
Re: Opinions on Burp Suite Web App Scanner Oct 12 2011 04:37PM
Matt Gardenghi (mtgarden gmail com)
Re: Opinions on Burp Suite Web App Scanner Oct 12 2011 04:29PM
pand0ra (pand0ra usa gmail com)
Re: Nmap Oct 01 2011 06:40PM
Mel Chandler (mel chandler gmail com) (2 replies)
Re: Nmap Oct 03 2011 01:49PM
Marco Ivaldi (raptor mediaservice net)
Hi,

On Sat, 1 Oct 2011, Mel Chandler wrote:

> The best way I can think of off the top of my head is to do two
> similar scans, one with a ping scan and the other looking for open
> ports but without pinging (-Pn) dumping them to two different files
> and do a diff between them. Granted if you have a host out there
> without any ports open (or you just didn't scan for the port it had
> open) you'll miss it. Maybe someone else has a better idea?

If your target network is large, Nmap may take a long time to perform a
full TCP scan. Instead, you might wanna try an asyncronous stateless TCP
scanner such as scanrand or singsing [1]. Remember to watch for closed
ports as well, which return TCP RSTs responses.

Also, targeted UDP scans performed with payload-based scanners such as
Unicornscan or Metasploit Framework's udp_sweep can help identifying
active hosts with no exposed TCP services. Don't forget to try specific
tools in order to identify UDP services, e.g. ike-scan and onesixtyone.

Finally, less intrusive methods such as DNS scanning (via Nmap -sL,
bruteforce tools such as fierce.pl, or DNS AXFR if available) and Google
searches can sometimes do wonders;)

PS. Of course, if you are on the same network segment as your targets, ARP
scan is the way to go, either with Nmap or something like arp-scan.

[1] http://lab.mediaservice.net/code/singsing/

--
------------------------------------------------------------------
Marco Ivaldi OPSA, OPST, OWSE
Senior Security Advisor
@ Mediaservice.net Srl Tel: +39-011-32.72.100
Via San Bernardino, 17 Fax: +39-011-32.46.497
10141 Torino - ITALY http://www.mediaservice.net/
------------------------------------------------------------------
PGP Key - https://keys.mediaservice.net/m_ivaldi.asc

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: Nmap Oct 01 2011 06:48PM
james zero-internet org uk
Re: Nmap Oct 01 2011 06:33PM
Tim Gonzales (tim gonzales gmail com) (1 replies)
Re: Nmap Oct 01 2011 08:11PM
Jerry (sec-acct 14 oryx cc)


 

Privacy Statement
Copyright 2010, SecurityFocus