This time, internal vulnerability assessment at the International Institute of Cyber Security (IICS) will show you the 15 best tools to perform this type of scan on corporate networks. The tools shown below are actively used by a wide range of specialists, so it will be useful for all stakeholders to know their capabilities and master them perfectly.

Nmap

This is an open source network scanning utility and one of the most popular internal vulnerability analysis tools in the world of cybersecurity. Nmap is mainly used for port scanning, although it has many other very useful features for researchers, including open port listening service and identifying security vulnerabilities.

Nmap allows researchers to develop a detailed network map, get the most information about running services on network hosts, and proactively verify some known vulnerabilities.

Pros: The tool works quickly with a small variety of hosts, and has a flexible configuration to make the most of all its capabilities. Nmap also has predefined sets of scripts for different tasks and outputs its results in five different formats, including XML.

Cons: The main disadvantage of Nmap is that information about particular hosts will not be available until the scan of the entire group is complete. In addition, SYN packets are sent to the target port during scans, which directly impacts overall scan performance compared to other solutions for internal vulnerability analysis.

Zmap

Zmap (not to be confused with ZenMap) is also an open source scanner created as a faster alternative to Nmap. Unlike its counterpart, Zmap does not wait until a response is returned when sending SYN packets, but continues to scan, waiting in parallel for responses from all hosts, so it doesn’t actually maintain the state of the connection.

Pros: Among the best features of Zmap is its scanning speed, the generation of Ethernet frames without going through the system stack and the possibility to use PF_RING.

Cons: The main disadvantage is that using this tool can cause a denial of service (DoS) to the network computer, for example, to disable intermediate routers, despite distributed load, as all packets will pass through a router.

Masscan

Masscan is an open source scanner that was created with one goal in mind: to scan the Internet even faster (in less than 6 minutes at a speed of about 10 million packets per second). According to experts in internal vulnerability analysis, this tool works almost the same as Zmap, only at a better speed.

Pros: Masscan syntax is similar to Nmap and the program also supports some Nmap-compatible options, in addition to its outstanding operating speed that makes it one of the fastest asynchronous scanners.

Cons: Similar to Zmap, the load on the network is too high, which could lead to a DoS condition.

Nessus

Nessus is a scanner to automate the verification and detection of known vulnerabilities in the scanned system. According to internal vulnerability analysis experts, there is a free version of Nessus Home that allows you to scan up to 16 IP addresses with the same speed and detailed analysis as the paid version.

The tool is able to identify vulnerable versions of services or servers, detect system configuration errors and brute force dictionary passwords. It can be used to determine service configuration remediation as well as in preparation for PCI DSS auditing.

Pros: The tool has separate scripts for each security flaw found thanks to its constantly updated database. Nessus also yields results in formats such as plain text, XML, HTML, and LaTeX; Nessus API and allows scanning windows or Linux credentials to check for new updates.

Cons: The scanned systems may fail to function, not to mention that the full version of this tool requires a subscription.

Net-Creds

This is a Python tool for collecting passwords and hashes, as well as other data relevant to the analysis of internal vulnerabilities. Net-Creds is ideal for rapid analysis of large volumes of traffic during Man-in-The-Middle (MiTM) attacks, for example.

Pros: Service identification is based on packet analysis rather than identifying a service based on the port used, and is actually quite easy to use.

Network-miner

This is an analogue of Net-Creds in its working principle, but it has a variety of additional functionalities. Like Net-Creds, Network-miner is ideal for analyzing large amounts of traffic in no time.

Pros: This tool has a sophisticated graphical interface and options for viewing and sorting data by groups, simplifying traffic analysis.

Cons: Like Net-Creds, this tool has a free version with limited features, so researchers will have to pay to access a full version.

MITM6

This is a tool to perform attacks targeting IPv6. On Windows systems, the IPv6 interface is enabled by default, allowing analysts to configure the target system’s DNS server using Router Advertisement packets, allowing the DNS of the target system to be spoofed.

Pros: Works great on many networks due to the default settings for Windows hosts and networks.

Responder

This is a tool for falsifying name resolution protocols (such as LLMNR, NetBIOS, or MDNS) that is indispensable for any Active Directory network. In addition to performing forgery attacks, the tool can intercept NTLM authentication and includes a set of tools to collect information and implement NTLM-Relay attacks.

Pros: By default, the tool lifts many servers with NTLM authentication support: SMB, MSSQL, HTTP, HTTPS, LDAP, FTP, POP3, IMAP and SMTP, and allows you to impersonate DNS in case of MiTM attacks.

Cons: When running on Windows systems, port 445 (SMB) binding presents some difficulties, internal vulnerability analysis specialists point out.

Evil Foca

Evil Foca is a tool to test multiple variants of attacks against IPv4 and IPv6 networks. The tool can scan the local network, identify devices, routers and their network interfaces, and perform various attacks against connected devices.

Pros: This tool is very useful for DoS attacks and MiTM attack variants (ARP impersonation, DHCP ACK injection, SLAAC attacks, DHCP impersonation). In addition, a DNS hijacking can be performed and has a very easy-to-use graphical interface.

Cons: Unlike most tools, Evil Foca only works on Windows systems.

Bettercap

This is a powerful framework for analyzing and attacking networks, and here we are also talking about attacks on wireless networks, BLE (bluetooth low energy) and even MouseJack attacks on wireless HID devices. Bettercap also contains functionality for collecting traffic information.

Pros: The tool can capture visited URLs and HTTPS hosts, as well as making it possible to deploy MiTM attacks and manage traffic according to researchers’ needs. The tool also supports caplets, which are files that allow you to describe complex and automated attacks in a scripting language.

Cons: Some modules (for example, ble.enum) are not partially compatible with macOS and Windows, plus some are designed for Linux only (packet.proxy, for example).

Gateway_finder

This is a Python script that helps identify potential gateways on the network. According to internal vulnerability analysis experts, this tool is ideal for verifying segmentation or finding hosts that can route to a desired subnet or Internet. Gateway_finder is also well suited for internal penetration testing when you need to quickly verify unauthorized routes or routes to other internal local networks.

Pros: The main advantage of Gateway_finder is that it is very easy to use and has great customization capability.

Mitmproxy

This is an open source tool for analyzing SSL/TLS-protected traffic. Internal vulnerability analysis experts can use Mitmproxy to intercept and modify secure traffic, although this tool does not allow SSL/TLS decryption attacks.

An attack consists of Mitmproxy, for proxy traffic, mitmdump, similar to tcpdump, but for HTTP (S) traffic, and mitmweb, a web interface for Mitmproxy.

Pros: The tool works with multiple protocols and also supports modifying various formats, from HTML to Protobuf. The tool also has an API for Python, which allows users to write scripts for non-standard tasks.

Cons: The dump format is not compatible with anything, it is difficult to use grep and the user has to write scripts.

SIET

SIET is a tool to take advantage of Cisco Smart Install protocol capabilities. It is possible to obtain and modify a configuration, as well as take control of a Cisco device, mentioned by experts in internal vulnerability analysis.

Pros: The use of the Cisco Smart Install protocol allows you to perform all kinds of actions, including:

• Change the tftp server address on the client device by sending an incorrectly formatted TCP packet
• Copy the device configuration file
• Replace device settings, for example, by adding a new user
• Update the iOS image on your device

Cons: SIET works with a limited set of Cisco devices, plus you need a white IP to get a response from the device or it must be on the same network with the device.

Yersinia

Yersinia is an L2 attack framework designed to exploit security flaws in various L2 network protocols.

Pros: Allows attacks on STP, CDP, DTP, DHCP, HSRP, VTP and others.

Cons: Experts believe that the Yersinia interface is very difficult to use for most researchers.

Proxychains

Proxychains is a tool that allows users to redirect application traffic through a specific SOCKS proxy.

Pros: Proxychains helps redirect traffic from some applications, which by default do not know how to work with a proxy.

Recuerde que este artículo fue elaborado con fines exclusivamente informativos, por lo que IICS no es responsable del mal uso que pueda darse a esta información. To learn more about information security risks, malware variants, internal vulnerability assessment and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Top 15: Tools to do internal vulnerability assessment of the network. Hacking into corporate networks appeared first on Information Security Newspaper | Hacking News.

As you may remember, Nmap is an open source scanner for network analysis widely used by the ethical hacking community. A few days ago, Nmap developers mentioned that Chrome had tagged an earlier version of the “Ncat” software, blocking its entire directory, which included Nmap.

Days earlier, Chrome also blocked the project source code files, identifying it as malware. Gordon Lyon, Nmap’s lead developer, said: “Google wields power so immense that its practices become careless, especially since it considers our website to be ‘dangerous’ when it comes to a company error.”

The team behind Nmap faced a great disjunction, because although submitting a report to Google was the obvious method to solve this problem, its implementation could take much longer than necessary, making it difficult for project users to work. Lyon concluded that there were two workarounds: deleting a file in Nmap, or trying to convince Google that its security system made a mistake. Eventually the developer simply downloaded his frustration on Twitter, where a member of Google’s security team encountered the error.

Although it seemed that the discussion was escalating to a personal level, a couple of hours later the flaw had been corrected by Google. The company did not add further details about it.

This is an error that Google’s automatic security tools have frequently made: “In its routine security analysis work, Google’s algorithm can have a negative impact on tools developed by independent researchers,” says youtuber St.k, a cybersecurity specialist who has also been affected by similar errors. The researcher also mentions that avoiding the use of some words or phrases can reduce the chances of experiencing this flaw, although the effectiveness of this solution will always depend on Google’s current policies.

On previous occasions Chrome has incorrectly identified other legitimate applications such as PortSwigger Web Security’s Burp Suite. Kieron Hughes, director of PortSwigger, says: “We have a performance monitoring process, which allows us to take the necessary steps to correct these errors when they are filed, automatically reporting them to Google.”

The post Google Chrome labeled Nmap project as malware appeared first on Information Security Newspaper | Hacking News.

The tool developers released the new version under their own Nmap Public Source License, aiming to get rid of the several restrictions established by the GPLv2 license.

This release was granted with more than 800 application and service version identifiers, and the total size of the identifier database has reached 11878 entries, as mentioned by the cybersecurity specialists. Besides, developers added nearly 400 operating system identifiers, 330 for IPv4 and 67 for IPv6. The program is able to identify 5678 versions of operating systems.

One of the main features included in this version is the addition of 3 new NSE scripts to provide automation of multiple actions with Nmap:

• dicom-brute for the selection of AET (Application Entity Title) identifiers on DICOM (Digital Imaging and Communications in Medicine) servers;
• dicom-ping to find DICOM servers and determine connectivity using AET IDs
• uptime-agent-info to collect system information from the Idera Uptime Infrastructure Monitor agents

The developers also created a special “Nmap OEM Edition” for companies licensing Nmap shipped with their products. The new installer is more tailored to the requirements of such products. A complete list of changes can be found in the developers’ official platforms.

Nmap is a multi-platform network survey and security audit application. Supported scans based on a request for a response (determining the health of nodes), multiple methods of port scanning, versioning (which applications/services are running on the port) and analysis of TCP/IP traffic.

The post Nmap 7.90 security scanner released with new functionalities appeared first on Information Security Newspaper | Hacking News.

While doing Penetration Testing we always have to run the basic Nmap scan to find services running on remote host. Nmap is a small world of tools in itself, there are so many options and modules in Nmap that sometimes it is very difficult to remember all of them. Even the researcher of International Institute of Cyber Security has automated many task required during pentesting phases.

So today we will talk about a tool called Sandmap. It is a network scanning tool, we can scan any network easily using massive Nmap Engine. This application is simple and easy to use, it has 31 modules & 495 scanning profiles. This tool provides user-friendly interface.

Environment

• OS: Kali Linux 2020
• Kernel version: 5.6.0

Installation Steps

• Use this command to clone the file.
• git clone https://github.com/trimstray/sandmap

root@kali:/home/iicybersecurity# git clone https://github.com/trimstray/sandmap
Cloning into 'sandmap'...
remote: Enumerating objects: 2697, done.
remote: Total 2697 (delta 0), reused 0 (delta 0), pack-reused 2697
Receiving objects: 100% (2697/2697), 15.96 MiB | 550.00 KiB/s, done.
Resolving deltas: 100% (1842/1842), done.

• Use cd command to enter into sandmap directory

root@kali:/home/iicybersecurity# cd sandmap/
root@kali:/home/iicybersecurity/sandmap#

• Now, use this command to launch the tool. “Sandbox”

• Type “help” to find the options.

• Type “list” to view all the modules

• Type “use” command to select any particular module. “use <module name>”

• Port scan: port scan is used to list out all the open ports on a particular IP address

• Next, set the target IP address which we want to scan, use this command “set dest <IP address>”.
• Now, use “init” command to perform the scan. “init <ID or Alias>”.

• Successfully got the open ports

HTTP Services

• Type “use” command to select any particular module. “use <module name>”
• After selecting the module, type “show” to view the modules of http-services.

WAF Detection: WAF (web application firewall) detection, it protects the application from the attackers and it also filters, monitors the traffic.

• To perform this step, we have started the “DVWA”, it a web application testing OS.
• Use DVWA IP as a target, then start scanning.

• Successfully detected the WAF with open ports.

Zenmap

• Type “use” command to select any particular module. “use <module name>”
• After selecting the module, type “show” to view zenmap modules

• Set the target IP address by using “set dest <IP address>”

• Intense Scan: Intense scan is used to find out the OS detection, version detection, script scanning and traceroute. Detection can be done by monitoring the response where we send TCP/UDP packets, this can be done with stack fingerprinting.

• Next, use “init ID or Alias” to start scanning

• Successfully got the information about the target.

Conclusion

We saw on how we scanned a host by selecting a particular module and we can say that this tool is an advanced Network mapping engine.

The post Now No Need To Remember Nmap Commands While Doing Pentest appeared first on Information Security Newspaper | Hacking News.

All hacker’s always want to get a handy device, to get power in their own hand. It is always good to have everything handy for all the pentesters out there. Now it is possible to have everything into your mobile, you can convert your Android into hacking console. Earlier Researcher of International Institute of Cyber Security, walked through basics of Android mobile and way manually to turn Android in pentesting device, which is also the part of the courses offered on Mobile Hacking.

This time we will tell you, that it’s easy to turn any android mobile to hacking console by using this tool. This tool has all the different hacking tools at one place and its one step installation for all tool.

INSTALLATION

• This tool is specifically for Android for this we have to install Termux application.
• Termux is an application which gives Linux access on NON Rooted Android devices. This application is openly available in the play store.
• Click On Download for Termux application on Android Mobile.

• After installing the application in mobile, for usage refer this.
• After opening Termux on Android Linux console, run this command on your mobile device.
• All the below commands to be run on mobile linux console or Termux console.
• pkg install git
• git clone https://github.com/AnonHackerr/toolss

• Use the cd command to enter into toolss directory.
• Next, use this command to give the file permissions, chmod +x Toolss.py
• Use this command to install python in Termux, pkg install python

$ pkg install python
Reusing mirror: https://dl.bintray.com/termux/termux-packages-24/
Ign:1 https://dl.bintray.com/termux/termux-packages-24 stable InRelease
Ign:2 https://dl.bintray.com/grimler/game-packages-24 games InRelease
Ign:3 https://dl.bintray.com/grimler/science-packages-24 science InRelease
===================================================================================================SNIP==================================================================================================================================
ble' to see it.
Reading package lists... Done
Building dependency tree
Reading state information... Done
python is already the newest version (3.8.5).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

• Now use this command to launch the tool, python Toolss.py

• Successfully launched the tool.
• Choose the required option to install from list of tools.
• We will walk through some of these tools.

INSTALL NMAP ON ANDROID MOBILE

Nmap: Nmap is an network mapping tool. We use this tool for network discovery, vulnerability scanner and, open ports. This tool is free and open sources. We are installing NMAP on Android mobile using Termux.

#: 1
Reusing mirror: https://dl.bintray.com/termux/termux-packages-24/
Ign:1 https://dl.bintray.com/termux/termux-packages-24 stable InRelease
Ign:2 https://dl.bintray.com/grimler/game-packages-24 games InRelease
Ign:3 https://dl.bintray.com/grimler/science-packages-24 science InRelease
==================================================================================================SNIP===================================================================================================================================
Reading state information... Done
nmap is already the newest version (7.80).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
====================================
[+] nmap installed successfully :)
[+] Type 'nmap' to start.
====================================
[?] Back to Menu? (y/n):

• Successfully launched the nmap tool.

INSTALL SQLMap ON ANDROID MOBILE

SQLMap: SQLMap is an automatic SQL injection tool. We use this tool to find out vulnerabilities on a webpage and stealing the confidential data from the database server. This is an open-source and penetration testing tool. We are installing SQLMap on Android mobile using Termux.

: 3
Reusing mirror: https://dl.bintray.com/termux/termux-packages-24/
Ign:1 https://dl.bintray.com/termux/termux-packages-24 stable InRelease
Ign:2 https://dl.bintray.com/grimler/game-packages-24 games InRelease
Ign:3 https://dl.bintray.com/grimler/science-packages-24 science InRelease
=================================================================================================SINP==============================================================================================
ot upgraded.
fatal: destination path 'sqlmap' already exists and is not an empty directory.
[+] SQLMap installed successfully :)
[+] Go to sqlmap folder and type 'python2 sqlmap.py' to start.
[?] Back to Menu? (y/n):

• Successfully launched the sqlmap tool.

INSTALL CUPP ON ANDROID MOBILE

Cupp: Cupp hacking tool is used to crack the username and password of any webpage using a hug wordlist. We are installing CUPP on Android mobile using Termux.

: 11
Reusing mirror: https://dl.bintray.com/termux/termux-packages-24/
Ign:1 https://dl.bintray.com/termux/termux-packages-24 stable InRelease
Ign:2 https://dl.bintray.com/grimler/game-packages-24 games InRelease
Ign:3 https://dl.bintray.com/grimler/science-packages-24 science InRelease
================================================================================================SNIP===============================================================================================
fatal: destination path 'cupp' already exists and is not an empty directory.
[+] Cupp installed successfully :)
[+] Go to cupp folder and type 'python cupp3.py' to start.
[?] Back to Menu? (y/n):

• Successfully launched the cupp tool.

Conlusion

We successfully installed all the required hacking tool in our android mobiles. Now Android device will work as hacking console, which can be used anywhere, anytime.

The post In Just 15 Minutes, Turn Your Android Mobile into Hacking Console appeared first on Information Security Newspaper | Hacking News.

According to ethical hacking researcher of international institute of cyber security masscan do helps in scanning phases of pentesting/ VAPT.

Masscan is a tool which scans internet in very short time. It uses asynchronous scanning similar as to nmap. This tool uses custom ports or IPs to scan target. Masscan is the fastest tool to scan for open ports. For showing you, we have tested on Kali Linux 2018.4 in vmware. We will be scanning local IP addresses, whole country IP’s and will show packet analysis in wireshark, to check how the Masscan is noisy on network.

Scanning Local Networks :-

• Here we have created an local network on 3 computers to show you how masscan scan packets. For creating local network.
• 192.168.1.20 & 192.168.1.22 both are the target machine, both are running on windows platform. And attacking machine is the Kali Linux 2018.4

Steps to configure your Virtual Machines IP’s

• For assigning static IP addresses, go to Control Panel/ Network and Internet/ Network Connections.
• Go to local area connection properties. Go to IPv4 connection. Enter IP 192.168.1.20
• Replicate above process with another computer type IP 192.168.1.22
• After creating local network. You can check by pinging to both IP addresses. Open cmd in both computers and type ping 192.168.1.20 and to another computer ping 192.168.1.22
• Now to make ping from Kali Linux you have to create virtual network in the vmware.
• Go to Kali Linux network settings enter static IP. Go to wifi settings select manual type 192.168.1.23 in IPv4 and enter subnet mask 255.255.255.0
• Go to virtual network editor of vmware in windows.
• Select the network editor as shown below. Remember to select appropriate settings.

• As shown above click on Vmnet0 and select network interface card.
• Then click on Vmnet8 and select local ethernet
• Click on apply and ok
• After assigning Then go to Kali Vmware settings and open network settings. Select the virtual network adapter

Moving to installing MASSCAN on KALI

• After assigning static IP addresses to target computers and Kali Linux install required library in Kali Linux before using masscan.
• Type sudo apt-get install git gcc make libpcap-dev in Kali Linux terminal.

root@kali:/home/iicybersecurity/Downloads/masscan# sudo apt-get install git gcc make libpcap-dev
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 make is already the newest version (4.2.1-1.2).
 make set to manually installed.
 The following package was automatically installed and is no longer required:
   php7.2
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   cpp cpp-8 g++ g++-8 gcc-8 gcc-8-base git-man lib32gcc1 lib32stdc++6 libasan5 libatomic1 libcc1-0 libgcc-8-dev libgcc1 libgfortran5
   libgomp1 libitm1 liblsan0 libmpx2 libobjc-8-dev libobjc4 libpcap0.8-dev libquadmath0 libstdc++-8-dev libstdc++6 libtsan0 libubsan1
 Suggested packages:
   cpp-doc gcc-8-locales g++-multilib g++-8-multilib gcc-8-doc libstdc++6-8-dbg gcc-multilib autoconf automake libtool bison gcc-doc
   gcc-8-multilib libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg liblsan0-dbg libtsan0-dbg libubsan1-dbg
   libmpx2-dbg libquadmath0-dbg git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-cvs
   git-mediawiki git-svn libstdc++-8-doc
 The following NEW packages will be installed:
   libpcap-dev libpcap0.8-dev
 The following packages will be upgraded:
   cpp cpp-8 g++ g++-8 gcc gcc-8 gcc-8-base git git-man lib32gcc1 lib32stdc++6 libasan5 libatomic1 libcc1-0 libgcc-8-dev libgcc1
   libgfortran5 libgomp1 libitm1 liblsan0 libmpx2 libobjc-8-dev libobjc4 libquadmath0 libstdc++-8-dev libstdc++6 libtsan0 libubsan1
 28 upgraded, 2 newly installed, 0 to remove and 1094 not upgraded.
 Need to get 266 kB/37.1 MB of archives.
 After this operation, 2,753 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main amd64 libpcap0.8-dev amd64 1.8.1-6 [240 kB]
 Get:2 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main amd64 libpcap-dev amd64 1.8.1-6 [25.9 kB]
 Fetched 266 kB in 9s (28.6 kB/s)
 Reading changelogs… Done
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/0-libquadmath0_8.2.0-13_amd64.deb …
 Unpacking libquadmath0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/1-libubsan1_8.2.0-13_amd64.deb …
-------------------------------SNIP------------------------------
 Unpacking libubsan1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/2-lib32gcc1_1%3a8.2.0-13_amd64.deb …
 Unpacking lib32gcc1 (1:8.2.0-13) over (1:8.2.0-7) …
 Preparing to unpack …/3-libitm1_8.2.0-13_amd64.deb …
 Unpacking libitm1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/4-libgfortran5_8.2.0-13_amd64.deb …
 Unpacking libgfortran5:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/5-libasan5_8.2.0-13_amd64.deb …
 Unpacking libasan5:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/6-lib32stdc++6_8.2.0-13_amd64.deb …
 Unpacking lib32stdc++6 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/7-gcc-8-base_8.2.0-13_amd64.deb …
 Unpacking gcc-8-base:amd64 (8.2.0-13) over (8.2.0-7) …
 Setting up gcc-8-base:amd64 (8.2.0-13) …
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/libstdc++6_8.2.0-13_amd64.deb …
 Unpacking libstdc++6:amd64 (8.2.0-13) over (8.2.0-7) …
 Setting up libstdc++6:amd64 (8.2.0-13) …
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/00-libgomp1_8.2.0-13_amd64.deb …
 Unpacking libgomp1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/01-libatomic1_8.2.0-13_amd64.deb …
 Unpacking libatomic1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/02-liblsan0_8.2.0-13_amd64.deb …
 Unpacking liblsan0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/03-libtsan0_8.2.0-13_amd64.deb …
 Unpacking libtsan0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/04-libmpx2_8.2.0-13_amd64.deb …
 Unpacking libmpx2:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/05-cpp-8_8.2.0-13_amd64.deb …
 Unpacking cpp-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/06-libcc1-0_8.2.0-13_amd64.deb …
 Unpacking libcc1-0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/07-gcc-8_8.2.0-13_amd64.deb …
 Unpacking gcc-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/08-g++-8_8.2.0-13_amd64.deb …
 Unpacking g++-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/1-gcc_4%3a8.2.0-2_amd64.deb …
 Unpacking gcc (4:8.2.0-2) over (4:8.1.0-1) …
 Preparing to unpack …/2-cpp_4%3a8.2.0-2_amd64.deb …
 Unpacking cpp (4:8.2.0-2) over (4:8.1.0-1) …
 Preparing to unpack …/3-git_1%3a2.20.1-1_amd64.deb …
 Unpacking git (1:2.20.1-1) over (1:2.19.1-1) …
 Preparing to unpack …/4-git-man_1%3a2.20.1-1_all.deb …
 Unpacking git-man (1:2.20.1-1) over (1:2.19.1-1) …

• Type git clone https://github.com/robertdavidgraham/masscan.git

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/robertdavidgraham/masscan.git
 Cloning into 'masscan'…
 remote: Enumerating objects: 20, done.
 remote: Counting objects: 100% (20/20), done.
 remote: Compressing objects: 100% (16/16), done.
 remote: Total 4101 (delta 6), reused 8 (delta 4), pack-reused 4081
 Receiving objects: 100% (4101/4101), 2.56 MiB | 17.00 KiB/s, done.
 Resolving deltas: 100% (2778/2778), done.

• Then type cd masscan
• Type make and then make install

root@kali:/home/iicybersecurity/Downloads/masscan# make
 clang -g -ggdb    -Wall -O3 -c src/crypto-base64.c -o tmp/crypto-base64.o
 clang -g -ggdb    -Wall -O3 -c src/crypto-blackrock2.c -o tmp/crypto-blackrock2.o
 clang -g -ggdb    -Wall -O3 -c src/event-timeout.c -o tmp/event-timeout.o
 clang -g -ggdb    -Wall -O3 -c src/in-binary.c -o tmp/in-binary.o
 clang -g -ggdb    -Wall -O3 -c src/in-filter.c -o tmp/in-filter.o
 clang -g -ggdb    -Wall -O3 -c src/in-report.c -o tmp/in-report.o
 clang -g -ggdb    -Wall -O3 -c src/logger.c -o tmp/logger.o
 clang -g -ggdb    -Wall -O3 -c src/main-conf.c -o tmp/main-conf.o -DGIT=\"1.0.5-51-g6c15edc\"
 clang -g -ggdb    -Wall -O3 -c src/main-dedup.c -o tmp/main-dedup.o
 clang -g -ggdb    -Wall -O3 -c src/main-initadapter.c -o tmp/main-initadapter.o
 clang -g -ggdb    -Wall -O3 -c src/main-listscan.c -o tmp/main-listscan.o
 clang -g -ggdb    -Wall -O3 -c src/main-ptrace.c -o tmp/main-ptrace.o
 clang -g -ggdb    -Wall -O3 -c src/main-readrange.c -o tmp/main-readrange.o
 clang -g -ggdb    -Wall -O3 -c src/main-src.c -o tmp/main-src.o
 clang -g -ggdb    -Wall -O3 -c src/main-status.c -o tmp/main-status.o
 clang -g -ggdb    -Wall -O3 -c src/main-throttle.c -o tmp/main-throttle.o
 clang -g -ggdb    -Wall -O3 -c src/main.c -o tmp/main.o
 src/main.c:282:24: warning: passing 'const struct RangeList *' to parameter of type 'struct RangeList *' discards qualifiers
       [-Wincompatible-pointer-types-discards-qualifiers]
         rangelist_sort(&masscan->targets);
  ---------------------------SNIP---------------------------------
 src/ranges.h:200:34: note: passing argument to parameter 'targets' here
 rangelist_sort(struct RangeList *targets);
                                  ^
 src/main.c:284:24: warning: passing 'const struct RangeList *' to parameter of type 'struct RangeList *' discards qualifiers
       [-Wincompatible-pointer-types-discards-qualifiers]
         rangelist_sort(&masscan->ports);
                        ^~~~~~~
 src/ranges.h:200:34: note: passing argument to parameter 'targets' here
 rangelist_sort(struct RangeList *targets);
                                  ^
 2 warnings generated.
 clang -g -ggdb    -Wall -O3 -c src/masscan-app.c -o tmp/masscan-app.o
 clang -g -ggdb    -Wall -O3 -c src/out-binary.c -o tmp/out-binary.o
 clang -g -ggdb    -Wall -O3 -c src/out-certs.c -o tmp/out-certs.o
 clang -g -ggdb    -Wall -O3 -c src/out-grepable.c -o tmp/out-grepable.o
 clang -g -ggdb    -Wall -O3 -c src/out-json.c -o tmp/out-json.o
 clang -g -ggdb    -Wall -O3 -c src/out-ndjson.c -o tmp/out-ndjson.o
 clang -g -ggdb    -Wall -O3 -c src/out-null.c -o tmp/out-null.o
 clang -g -ggdb    -Wall -O3 -c src/out-redis.c -o tmp/out-redis.o
 clang -g -ggdb    -Wall -O3 -c src/out-tcp-services.c -o tmp/out-tcp-services.o
 clang -g -ggdb    -Wall -O3 -c src/out-text.c -o tmp/out-text.o
 clang -g -ggdb    -Wall -O3 -c src/out-unicornscan.c -o tmp/out-unicornscan.o
 clang -g -ggdb    -Wall -O3 -c src/out-xml.c -o tmp/out-xml.o
 clang -g -ggdb    -Wall -O3 -c src/output.c -o tmp/output.o
 clang -g -ggdb    -Wall -O3 -c src/pixie-backtrace.c -o tmp/pixie-backtrace.o

• Type masscan

root@kali:/home/iicybersecurity/Downloads/masscan# masscan
 usage:
 masscan -p80,8000-8100 10.0.0.0/8 --rate=10000
  scan some web ports on 10.x.x.x at 10kpps
 masscan --nmap
  list those options that are compatible with nmap
 masscan -p80 10.0.0.0/8 --banners -oB 
  save results of scan in binary format to 
 masscan --open --banners --readscan  -oX 
  read binary scan results in  and save them as xml in 

• Type masscan to view the help menu.
• Start Wireshark in Kali Linux or host machine and select netwok interface and see the packet analyzing.
• If wireshark is not installed in Kali Linux. Install wireshark from https://packages.qa.debian.org/w/wireshark.html and for windows go to https://www.wireshark.org/download.html

Scanning Target Computers :-

• For scanning type masscan -p0-1000 192.168.1.20 –router-mac <enter mac address>
• 192.168.1.20 is the target computer.
• For knowing mac address open cmd type getmac in target computers.
• -p is used to enter port. You can give an port range -p0-5000 or you can specify and ports of your choice.
• –router-mac is used to enter mac addresses of the target.

root@kali:/home/iicybersecurity# masscan -p0-1000 192.168.1.20 --router-mac <enter mac addresses>
Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 12:03:11 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1 hosts [1001 ports/host]
 Discovered open port 443/tcp on 192.168.1.20
 Discovered open port 135/tcp on 192.168.1.20
 Discovered open port 912/tcp on 192.168.1.20
 Discovered open port 139/tcp on 192.168.1.20
 Discovered open port 445/tcp on 192.168.1.20
 Discovered open port 902/tcp on 192.168.1.20 

• After running above query, masscan shows list of open ports in the target operating system. If you start wireshark in target machine 192.168.1.20 you can see no. of packets retrieving from attacker 192.168.1.5 machine as shown below.

• The above screenshot shows TCP packet transfer of each packet. The above information can be used in other hacking activities.
• Type masscan -p0-1000 192.168.1.22 –router-mac <enter mac address>
• 192.168.1.22 is the target computer.
• For knowing mac address open cmd type getmac
• -p is used to enter port. You can give an port range -p0-1000 or you can specify and ports of your choice.
• –router-mac is used to enter mac addresses of the target.

root@kali:/home/iicybersecurity# masscan -p0-1000 192.168.1.22 --router-mac <enter mac address>                                         
 Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 12:21:21 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1 hosts [1001 ports/host]
 Discovered open port 135/tcp on 192.168.1.22
 Discovered open port 445/tcp on 192.168.1.22
 Discovered open port 139/tcp on 192.168.1.22

• After running above query, masscan shows list of ports that are open in the target operating system. The above list can be used to make scenario for attacking further.
• If you start wireshark in target machine 192.168.1.22 you can see no. of packets retrieving from attacker 192.168.1.5 machine as shown below.

• The above screenshot shows TCP packet transfer of each packet. As it showing 3-Way handshaking.
• The above information can be used in other hacking activities.

Scanning Vulnerable IP addresses :-

• There are many sources where you can use tool for testing. Next we have used OWASP iso for scanning open ports.
• Owasp iso is most popular for testing your hacking skills.
• For downloading iso go to https://sourceforge.net/projects/owaspbwa/
• After downloading the owasp iso. Open iso in vmware. Simply start iso.
• After starting iso, you will see your IP address as shown below.

• Enter the IP 192.168.1.10 in web browser to check if iso working as shown below.

• As you can see, iso is working.
• Now for scanning above IP address type masscan -p0-8000 192.168.1.10
• -p is used to enter port ranges.
• Then type IP address.

root@kali:/home/iicybersecurity# masscan -p0-8000 192.168.1.10

Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 18:11:29 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [8001 ports/host]
Discovered open port 445/tcp on 192.168.1.10
Discovered open port 443/tcp on 192.168.1.10
Discovered open port 143/tcp on 192.168.1.10
Discovered open port 80/tcp on 192.168.1.10
Discovered open port 139/tcp on 192.168.1.10
Discovered open port 5001/tcp on 192.168.1.10
Discovered open port 22/tcp on 192.168.1.10

• The above query shows open ports of the target IP address. The above information can be used in other hacking activities.

As explained in the ethical hacking course of International Institute of Cyber Security, scanning any random IP with large no, of ports may slow the Kali Linux. Use only limited ports. Or give any short port range. Do not scan any public IP. Your Linux Distros may got hang. If you scan large no. of ports, your ISP may blocks you as large no. of request is send to public IP. Sending Large no. packets may slow the internet.

Analyzing Countries IP Ranges :-

• Masscan can scan with different IP ranges & different ports. Here we have taken China country IP ranges. For IP ranges go to : https://lite.ip2location.com/china-ip-address-ranges

• Type masscan -v -sS 43.225.84.0-43.225.87.255 -p0-100
• -v is used to increase verbosity level.
• 17.50.48.0-17.50.55.255 is ip range used in scanning.
• -sS is used to make TCP syn scan always on.
• -p is used to port ranges. we have used -p0-100

root@kali:~/Downloads/masscan# masscan -v -sS 43.225.84.0-43.225.87.255 -p0-100

Starting masscan 1.0.4 (https://bit.ly/14GZzcT) at 2019-04-10 05:28:06 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1024 hosts [101 ports/host]
 THREAD: status: starting thread
 THREAD: xmit: starting thread #0 0:00:00 remaining, found=0
 maxrate = 100.00
 THREAD: recv: starting thread #0
 THREAD: recv: starting main loop
 Discovered open port 53/tcp on 43.225.87.113
 Discovered open port 53/tcp on 43.225.87.45
 Discovered open port 53/tcp on 43.225.87.51
 Discovered open port 80/tcp on 43.225.87.31
 Discovered open port 53/tcp on 43.225.87.39
 Discovered open port 53/tcp on 43.225.87.81
 Discovered open port 53/tcp on 43.225.87.34
 Discovered open port 53/tcp on 43.225.87.104
 Discovered open port 53/tcp on 43.225.87.63
 Discovered open port 53/tcp on 43.225.87.22
 Discovered open port 80/tcp on 43.225.87.195
 Discovered open port 53/tcp on 43.225.87.78
 Discovered open port 53/tcp on 43.225.87.65
 Discovered open port 80/tcp on 43.225.87.69
 Discovered open port 53/tcp on 43.225.87.162
 Discovered open port 80/tcp on 43.225.87.70
 Discovered open port 53/tcp on 43.225.87.133
 Discovered open port 80/tcp on 43.225.87.157
 Discovered open port 80/tcp on 43.225.87.118
 Discovered open port 80/tcp on 43.225.87.55
 Discovered open port 53/tcp on 43.225.87.200
-----------------------------SNIP---------------------------------
 Discovered open port 53/tcp on 43.225.87.163
 Discovered open port 80/tcp on 43.225.87.201
 Discovered open port 53/tcp on 43.225.87.109
 Discovered open port 53/tcp on 43.225.87.59
 Discovered open port 80/tcp on 43.225.87.28
 Discovered open port 53/tcp on 43.225.87.24
 Discovered open port 80/tcp on 43.225.87.160
 Discovered open port 53/tcp on 43.225.87.54
 Discovered open port 80/tcp on 43.225.87.198
 Discovered open port 80/tcp on 43.225.87.187
 Discovered open port 53/tcp on 43.225.87.77
 Discovered open port 53/tcp on 43.225.87.120
 Discovered open port 80/tcp on 43.225.87.72
 Discovered open port 53/tcp on 43.225.87.83
 Discovered open port 53/tcp on 43.225.87.194

• The above query shows initialization SYN scan, ranging port from 0-100. Thread started from default gateway with maxrate of packets. Here 100 packets are sending by default. You can also send large no. of packets to scan IP ranges.
• Meanwhile we have also try to send large no. of packets, after sending large of packets our internet got stuck. Network provider may block your IP address mentions the ethical hacking professor.
• For sending large no. of packets you need Intel 10-gbps Ethernet adapter & special driver called PF RING ZC. Download driver from : https://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/
• While scanning with given IP ranges. Masscan has found port 80,53 opened in the IP ranges. Port 53 is used for zone transfers (used in dns enumeration) which can be bypassed by sending UDP packets with port equal to 53.
• While scanning with nmap, it didn’t run with this IP address.
• Type nmap -v 43.225.84.0/255
• -v is used to increase verbosity level.

root@kali:~# nmap -v 43.225.84.0/255
 Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-10 05:45 UTC
 Illegal netmask in "43.225.84.0/255". Assuming /32 (one host)
 Initiating Ping Scan at 05:45
 Scanning 43.225.84.0 [4 ports]
 Completed Ping Scan at 05:45, 3.04s elapsed (1 total hosts)
 Nmap scan report for 43.225.84.0 [host down]
 Read data files from: /usr/bin/../share/nmap
 Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
 Nmap done: 1 IP address (0 hosts up) scanned in 3.13 seconds
            Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

• Nmap doesn’t scan as we have to use NMAP with -Pn option, as ping might be blocked explains the ethical hacking professor. So overall MASSCAN is relativelvy faster then NMAP any of the host because target IP address range blocking port scanner. But in masscan whole ip range was scanning because masscan has its own TCP/IP stack. While nmap is build on common networking protocols.

The post How to Scan whole country IP Addresses in a while appeared first on Information Security Newspaper | Hacking News.

Nmap is an open source tool design to scan/ check open ports of web/ mobile applications. Nmap uses raw IP packets to scan given URL/ host. Nmap gathers services, open ports, application server, operating system OS version. All type of services which are associated with web server. Nmap do give many options like using scripts to scan for the target. Nmap scripting uses whois to scan for the target. According to ethical hacking experts of International Institute of Cyber Security, you can also write or share your own nmap script. We will show you how to use an external script. This nmap sripts has tested on Kali Linux 2018.4

• Clone script, type git clone https://github.com/OCSAF/freevulnsearch.git

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/OCSAF/freevulnsearch.git 

Cloning into 'freevulnsearch'... remote: Enumerating objects: 114, done. remote: Counting objects: 100% (114/114), done. remote: Compressing objects: 100% (85/85), done. remote: Total 114 (delta 64), reused 60 (delta 29), pack-reused 0 Receiving objects: 100% (114/114), 34.58 KiB | 2.66 MiB/s, done. Resolving deltas: 100% (64/64), done.

• Then type cd freevulnsearch
• Type ls

root@kali:/home/iicybersecurity/Downloads# cd freevulnsearch/
 root@kali:/home/iicybersecurity/Downloads/freevulnsearch# ls
 freevulnsearch.nse  LICENSE  README.md

• cp freevulnsearch.nse to scripting location. For that type cp freevulnsearch.nse /usr/share/nmap/scripts

root@kali:/home/iicybersecurity/Downloads/freevulnsearch# cp freevulnsearch.nse /usr/share/nmap/scripts

• Then type locate *.nse
• This query will list all the scripts that are available in nmap scritpting engine.

root@kali:/home/iicybersecurity# locate *.nse

• Then type nmap -sV –script freevulnsearch certified.com
• -sV, s will spoof the IP address and V will scan the target in verbosely.
• –freevulnsearch is the script used to scan the target.
• certified.com is the target.

root@kali:/home/iicybersecurity/Downloads/freevulnsearch# nmap -sV --script freevulnsearch certified.com

Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 02:17 EST
 Nmap scan report for certified.com (162.241.216.11)
 Host is up (0.30s latency).
 rDNS record for 162.241.216.11: box5331.bluehost.com
 Not shown: 978 closed ports
 PORT     STATE    SERVICE      VERSION
 21/tcp   open     ftp          Pure-FTPd
 22/tcp   open     ssh          OpenSSH 5.3 (protocol 2.0)
 |freevulnsearch: *Error with API query. API or network possibly not available. 25/tcp   open     smtp         Exim smtpd 4.91 | freevulnsearch: |   *No CVE found with NMAP-CPE: (cpe:/a:exim:exim:4.91) |  *Check other sources like https://www.exploit-db.com
 26/tcp   open     smtp         Exim smtpd 4.91
 | freevulnsearch:
 |   *No CVE found with NMAP-CPE: (cpe:/a:exim:exim:4.91)
 |_  *Check other sources like https://www.exploit-db.com
 53/tcp   open     domain       ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
 | freevulnsearch:
 |   CVE-2017-3145       Medium          5.0             https://cve.circl.lu/cve/CVE-2017-3145
 |   CVE-2017-3143       Medium          4.3             https://cve.circl.lu/cve/CVE-2017-3143
 |   CVE-2017-3142       Medium          4.3             https://cve.circl.lu/cve/CVE-2017-3142
 |   CVE-2017-3141       High            7.2     EDB     https://cve.circl.lu/cve/CVE-2017-3141
 |   CVE-2017-3136       Medium          4.3             https://cve.circl.lu/cve/CVE-2017-3136
 |   CVE-2016-9131       Medium          5.0             https://cve.circl.lu/cve/CVE-2016-9131
 |   CVE-2016-8864       Medium          5.0             https://cve.circl.lu/cve/CVE-2016-8864
 |   CVE-2016-6170       Medium          4.0             https://cve.circl.lu/cve/CVE-2016-6170
 |   CVE-2016-2848       Medium          5.0             https://cve.circl.lu/cve/CVE-2016-2848
 |   CVE-2016-2775       Medium          4.3             https://cve.circl.lu/cve/CVE-2016-2775
 |   CVE-2016-1286       Medium          5.0             https://cve.circl.lu/cve/CVE-2016-1286
 |   CVE-2016-1285       Medium          4.3             https://cve.circl.lu/cve/CVE-2016-1285
 |   CVE-2015-8461       High            7.1             https://cve.circl.lu/cve/CVE-2015-8461
 |   CVE-2015-8000       Medium          5.0             https://cve.circl.lu/cve/CVE-2015-8000
 |   CVE-2015-4620       High            7.8             https://cve.circl.lu/cve/CVE-2015-4620
 |   CVE-2015-1349       Medium          5.4             https://cve.circl.lu/cve/CVE-2015-1349
 |   CVE-2014-0591       Low             2.6             https://cve.circl.lu/cve/CVE-2014-0591
 |   CVE-2013-6230       Medium          6.8             https://cve.circl.lu/cve/CVE-2013-6230
 |   CVE-2013-4854       High            7.8             https://cve.circl.lu/cve/CVE-2013-4854
 |   CVE-2013-2266       High            7.8             https://cve.circl.lu/cve/CVE-2013-2266
 |   CVE-2012-5689       High            7.1             https://cve.circl.lu/cve/CVE-2012-5689
 |   CVE-2012-5688       High            7.8             https://cve.circl.lu/cve/CVE-2012-5688
 |   CVE-2012-5166       High            7.8             https://cve.circl.lu/cve/CVE-2012-5166
 |   CVE-2012-4244       High            7.8             https://cve.circl.lu/cve/CVE-2012-4244
 |   CVE-2012-3817       High            7.8             https://cve.circl.lu/cve/CVE-2012-3817
 |   *No CVE found with NMAP-CPE: (cpe:/a:isc:bind:9.8.2rc1)
 |_  *CVE found with freevulnsearch function: (cpe:/a:isc:bind:9.8.2:rc1)
 80/tcp   open     http         nginx 1.14.1
 | freevulnsearch:
 |   *No CVE found with NMAP-CPE: (cpe:/a:igor_sysoev:nginx:1.14.1)
 |_  *Check other sources like https://www.exploit-db.com
 |http-server-header: nginx/1.14.1 110/tcp  open     pop3         Dovecot pop3d 139/tcp  filtered netbios-ssn 143/tcp  open     imap         Dovecot imapd 443/tcp  open     ssl/http     nginx 1.14.1 | freevulnsearch: |   *No CVE found with NMAP-CPE: (cpe:/a:igor_sysoev:nginx:1.14.1) |  *Check other sources like https://www.exploit-db.com
 |http-server-header: nginx/1.14.1 445/tcp  filtered microsoft-ds 465/tcp  open     tcpwrapped 587/tcp  open     tcpwrapped 993/tcp  open     ssl/imap     Dovecot imapd 995/tcp  open     ssl/pop3     Dovecot pop3d 1720/tcp filtered h323q931 2222/tcp open     ssh          OpenSSH 5.3 (protocol 2.0) |_freevulnsearch: *Error with API query. API or network possibly not available. 3306/tcp open     mysql        MySQL 5.6.41-84.1 | freevulnsearch: |   *No CVE found with NMAP-CPE: (cpe:/a:mysql:mysql:5.6.41-84.1) |   *No CVE found with freevulnsearch function: (cpe:/a:mysql:mysql:5.6.41) |  *Check other sources like https://www.exploit-db.com
 5060/tcp filtered sip
 5432/tcp open     postgresql   PostgreSQL DB
 | fingerprint-strings:
 |   SMBProgNeg:
 |     SFATAL
 |     C0A000
 |     Munsupported frontend protocol 65363.19778: server supports 1.0 to 3.0
 |     Fpostmaster.c
 |     L1624
 |_    RProcessStartupPacket
 8080/tcp open     http         nginx 1.14.1
 | freevulnsearch:
 |   *No CVE found with NMAP-CPE: (cpe:/a:igor_sysoev:nginx:1.14.1)
 |_  *Check other sources like https://www.exploit-db.com
 |http-server-header: nginx/1.14.1 8443/tcp open     ssl/http     nginx 1.14.1 | freevulnsearch: |   *No CVE found with NMAP-CPE: (cpe:/a:igor_sysoev:nginx:1.14.1) |  *Check other sources like https://www.exploit-db.com
 |_http-server-header: nginx/1.14.1
 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
 SF-Port5432-TCP:V=7.70%I=7%D=2/13%Time=5C63C488%P=x86_64-pc-linux-gnu%r(SM
 SF:BProgNeg,85,"E\0\0\0\x84SFATAL\0C0A000\0Munsupported\x20frontend\x20pro
 SF:tocol\x2065363.19778:\x20server\x20supports\x201.0\x20to\x203.0\0Fpo
 SF:stmaster.c\0L1624\0RProcessStartupPacket\0\0");
 Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 39.09 seconds

• After executing above query, nmap script has found vulnerabilities that can be used in further attacks.
• This query shows the CVE list which are most common vulnerabilities and can be used in creating flaws in the web application.
• Type nmap -sV –script broadcast-dhcp-discover certified.com
• -sV s will spoof the IP address and V will scan the target in verbosely.
• –script broadcast-dhcp-discover will obtain local parameters without allocating new address.
• certified.com is the target.

root@kali:/home/iicybersecurity/Downloads/freevulnsearch# nmap -sV --script broadcast-dhcp-discover certified.com

 Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 03:05 EST
 Pre-scan script results:
 | broadcast-dhcp-discover:
 |   Response 1 of 1:
 |     IP Offered: 192.168.1.9
 |     DHCP Message Type: DHCPOFFER
 |     Subnet Mask: 255.255.255.0
 |     Router: 192.168.1.1
 |     Domain Name Server: 192.168.1.1
 |     Server Identifier: 192.168.1.1
 |_    IP Address Lease Time: 1d00h00m00s
 Nmap scan report for certified.com (162.241.216.11)
 Host is up (0.30s latency).
 rDNS record for 162.241.216.11: box5331.bluehost.com
 Not shown: 978 closed ports
 PORT     STATE    SERVICE      VERSION
 21/tcp   open     ftp          Pure-FTPd
 22/tcp   open     ssh          OpenSSH 5.3 (protocol 2.0)
 25/tcp   open     tcpwrapped
 26/tcp   open     smtp         Exim smtpd 4.91
 53/tcp   open     domain       ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
 80/tcp   open     http         nginx 1.14.1
 |http-server-header: nginx/1.14.1 110/tcp  open     pop3         Dovecot pop3d 139/tcp  filtered netbios-ssn 143/tcp  open     imap         Dovecot imapd 443/tcp  open     ssl/http     nginx 1.14.1 |_http-server-header: nginx/1.14.1 445/tcp  filtered microsoft-ds 465/tcp  open     ssl/smtps? 587/tcp  open     tcpwrapped 993/tcp  open     ssl/imap     Dovecot imapd 995/tcp  open     ssl/pop3     Dovecot pop3d 1720/tcp filtered h323q931 2222/tcp open     ssh          OpenSSH 5.3 (protocol 2.0) 3306/tcp open     mysql        MySQL 5.6.41-84.1 5060/tcp filtered sip 5432/tcp open     postgresql   PostgreSQL DB | fingerprint-strings: |   SMBProgNeg: |     SFATAL |     C0A000 |     Munsupported frontend protocol 65363.19778: server supports 1.0 to 3.0 |     Fpostmaster.c |     L1624 |    RProcessStartupPacket
 8080/tcp open     http         nginx 1.14.1
 |_http-server-header: nginx/1.14.1
 8443/tcp open     ssl/http     nginx 1.14.1
 |_http-server-header: nginx/1.14.1
 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
 SF-Port5432-TCP:V=7.70%I=7%D=2/13%Time=5C63CFD1%P=x86_64-pc-linux-gnu%r(SM
 SF:BProgNeg,85,"E\0\0\0\x84SFATAL\0C0A000\0Munsupported\x20frontend\x20pro
 SF:tocol\x2065363.19778:\x20server\x20supports\x201.0\x20to\x203.0\0Fpo
 SF:stmaster.c\0L1624\0RProcessStartupPacket\0\0");
 Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 33.67 seconds

• The above query has obtained rDNS record which shows the open ports and services. This information can be used in further hacking activities.
• The above query shows listed version with each ports.
• Type nmap –script http-security-headers certified.com
• –script http-security-headers is used to check http response security header.
• certified.com is the target URL.

root@kali:/home/iicybersecurity/Downloads/freevulnsearch# nmap --script http-security-headers certified.com

Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 04:31 EST
 Nmap scan report for certified.com (162.241.216.11)
 Host is up (0.29s latency).
 rDNS record for 162.241.216.11: box5331.bluehost.com
 Not shown: 978 closed ports
 PORT     STATE    SERVICE
 21/tcp   open     ftp
 22/tcp   open     ssh
 25/tcp   open     smtp
 26/tcp   open     rsftp
 53/tcp   open     domain
 80/tcp   open     http
 |http-security-headers: 110/tcp  open     pop3 139/tcp  filtered netbios-ssn 143/tcp  open     imap 443/tcp  open     https | http-security-headers: |   Strict_Transport_Security: |    HSTS not configured in HTTPS Server
 445/tcp  filtered microsoft-ds
 465/tcp  open     smtps
 587/tcp  open     submission
 993/tcp  open     imaps
 995/tcp  open     pop3s
 1720/tcp filtered h323q931
 2222/tcp open     EtherNetIP-1
 3306/tcp open     mysql
 5060/tcp filtered sip
 5432/tcp open     postgresql
 8080/tcp open     http-proxy
 8443/tcp open     https-alt
 Nmap done: 1 IP address (1 host up) scanned in 9.67 seconds

• After executing above query, https security header has shown that hosts is not configured in https server.
• HSTS is the strict transport authority that helps websites from protocol downgrade attacks. The above information can also be used in further hacking activities.
• Use can also use nmap dos script to launch dos attacks

The post Find vulnerability of any target to hack appeared first on Information Security Newspaper | Hacking News.

Internet is the hub of web applications. Many past developers has made numerous web applications to use internet more effectively. Internet has become more easy to use but complex to handle. Because it show case the lots of vulnerabilities. For gathering vulnerabilities we need an information gathering tool. That’s why we use information gathering or network reconnaissance tools. These tools gives basic information about the target. So that information can be used to build another scenario to exploit the target, explain ethical hacking investigators. Here comes Mercury tool which is used in information gathering of the target.

According to ethical hacking researcher of International Institute of Cyber Security says Mercury comes in bundle of other information gathering tools that’s why while testing a web application you don’t need to install separate tools.

Mercury is the tool to collect information about the target. It comprises of various small tools which are used to gather information. For showing you we have tested this tool on Kali Linux.

• Before installing this tool make sure you have selenium in your Kali Linux. For that type sudo apt-get update
• Type sudo apt-get install selenium
• Type git clone https://github.com/MetaChar/Mercury.git
• Then type ls
• Type cd Mercury
• Type pip install -r requirements.txt

pip install -r requirements.txt
 Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
 Collecting hashlib (from -r requirements.txt (line 2))
   Using cached https://files.pythonhosted.org/packages/74/bb/9003d081345e9f0451884146e9ea2cff6e4cc4deac9ffd4a9ee98b318a49/hashlib-20081119.zip
     Complete output from command python setup.py egg_info:
     Traceback (most recent call last):
       File "", line 1, in 
       File "/usr/lib/python2.7/dist-packages/setuptools/init.py", line 12, in 
         import setuptools.version
       File "/usr/lib/python2.7/dist-packages/setuptools/version.py", line 1, in 
         import pkg_resources
       File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 36, in 
         import email.parser
       File "/usr/lib/python2.7/email/parser.py", line 12, in 
         from email.feedparser import FeedParser
       File "/usr/lib/python2.7/email/feedparser.py", line 27, in 
         from email import message
       File "/usr/lib/python2.7/email/message.py", line 16, in 
         import email.charset
       File "/usr/lib/python2.7/email/charset.py", line 13, in 
         import email.base64mime
       File "/usr/lib/python2.7/email/base64mime.py", line 40, in 
         from email.utils import fix_eols
       File "/usr/lib/python2.7/email/utils.py", line 27, in 
         import random
       File "/usr/lib/python2.7/random.py", line 49, in 
         import hashlib as _hashlib
       File "hashlib.py", line 115, in 
         f()
     TypeError: 'frozenset' object is not callable
 
---------------------------------------- 
 
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-hK3fYS/hashlib/ 

• The above command shows the error because some of the libraries are not inherited inside the code of the mercury.
• But still some of the main features of the mercury which are used in information gathering can be used.
• Type python Mercury.py

• The above are the list of tools used in information gathering.

Checking Website Online/Offline :-

• Type 5
• Then type https://hack.me

Enter a choice  ~# 5

Enter a host name include https: https://www.hack.me

Attempt 1 at host: https://www.hack.me: online

Attempt 2 at host: https://www.hack.me: online

Attempt 3 at host: https://www.hack.me: online

Attempt 4 at host: https://www.hack.me: online

Attempt 5 at host: https://www.hack.me: online

• The above command shows that target website is online. Mercury tries to ping on the target to showcase that the target is online.
• The above is the basic method used in initial phase of information gathering.

Getting An IP address of the Target :-

• Type 10
• Type hack.me

Enter a choice  ~# 10
 Enter a website url hack.me
 74.50.111.244

• The above command shows the IP address of the target.

Creating an Hash Value of the Word :-

• Type 12
• Then type testword or any word of your choice.

Enter a choice  ~# 12
          Please Enter a Word/String To Hash: testword
         97d7f037cc3360e21991849c0dff4985

• The above command can be helpful to create an hash encode of target. The hash encode can be helpful to attack using other hacking activities.

Download Tools Using Mercury :-

• There are many tools in mercury which you can download and use them in information gathering. Some of the tools do include in Kali Linux and some are the basic tools that can be used.
• Type 13

Enter a choice  ~# 13

• Then type any number of which you want to install the tool.
• Type 6

    [0] Metasploit          [9] Aircrack
    [1] Mercury             [10] Wifite
    [2] Nmap                [11] Hammer
    [3] Lazy script         [12] Xerxes
    [4] fsociety            [13] XSStrike
    [5] Reaver              [14] Wpscan
    [6] InstaBrute          [15] Cupp
    [7] Cl0neMas3r          [16] Hydra
    [8] Sqlmap


    [100] Install All       [99] Exit submenu

Tools ~# 6

• Then the tool will be downloaded and can be used in other hacking activities.

Use Mercury For DOS Attack :-

• Type 23
• Type 192.168.1.105 target IP address.

 Enter a choice  ~# 23
 Enter an ip address: 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105

• The above command is useful in DOS attack. DOS is the most popular attacks. This method can be used in other hacking activities.

Finding Admin Panel :-

• Type 22
• Then type www.hack.me
• Type https

Enter a choice  ~# 22
 Enter a site to scan just www: www.hack.me
 Is the link https or https: https
 https://www.hack.me/a
 https://www.hack.me/dm
 https://www.hack.me/in.
 https://www.hack.me/php
 https://www.hack.me/
 https://www.hack.me/admin.
 https://www.hack.me/html 
 https://www.hack.me/index.ph
 https://www.hack.me/p 
 https://www.hack.me/login.php
 https://www.hack.me/ 

• The above command tries to find the admin panel of target. This method can be used in other hacking activities.
• Mercury uses its own wordlist for creating an most common admin panel links.

Using NMAP in Mercury :-

• Type 14
• Type y if you have nmap install if not type n.
• Then type 192.168.1.105

Enter a choice  ~# 14
 Have you already installed nmap? y/n y
 Enter an ip: 192.168.1.105
 Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-31 04:00 EST
 NSE: Loaded 148 scripts for scanning.
 NSE: Script Pre-scanning.
 Initiating NSE at 04:00
 Completed NSE at 04:00, 0.00s elapsed
 Initiating NSE at 04:00
 Completed NSE at 04:00, 0.00s elapsed
 Initiating ARP Ping Scan at 04:00
 Scanning 192.168.1.105 [1 port]
 Completed ARP Ping Scan at 04:00, 0.07s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 04:00
 Completed Parallel DNS resolution of 1 host. at 04:00, 0.09s elapsed
 Initiating SYN Stealth Scan at 04:00
 Scanning dvwa (192.168.1.105) [1000 ports]
 Discovered open port 80/tcp on 192.168.1.105
 Discovered open port 443/tcp on 192.168.1.105
 Discovered open port 3306/tcp on 192.168.1.105
 Discovered open port 21/tcp on 192.168.1.105
 Discovered open port 22/tcp on 192.168.1.105
 Completed SYN Stealth Scan at 04:00, 0.16s elapsed (1000 total ports)
 Initiating Service scan at 04:00
 Scanning 5 services on dvwa (192.168.1.105)
 Completed Service scan at 04:01, 12.10s elapsed (5 services on 1 host)
 Initiating OS detection (try #1) against dvwa (192.168.1.105)
 NSE: Script scanning 192.168.1.105.
 Initiating NSE at 04:01
 Completed NSE at 04:01, 1.58s elapsed
 Initiating NSE at 04:01
 Completed NSE at 04:01, 0.00s elapsed
 Nmap scan report for dvwa (192.168.1.105)
 Host is up (0.00100s latency).
 Not shown: 995 closed ports
 PORT     STATE SERVICE  VERSION
 21/tcp   open  ftp      ProFTPD 1.3.2c
 22/tcp   open  ssh      OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
 80/tcp   open  http     Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
 | http-cookie-flags:
 |   /:
 |     PHPSESSID:
 |_      httponly flag not set
 |http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: |  Supported Methods: GET HEAD POST OPTIONS
 | http-robots.txt: 1 disallowed entry
 |/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php 443/tcp  open  ssl/http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1) | http-cookie-flags: |   /: |     PHPSESSID: |      httponly flag not set
 |http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: |  Supported Methods: GET HEAD POST OPTIONS
 | http-robots.txt: 1 disallowed entry
 |/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php | ssl-cert: Subject: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Issuer: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Public Key type: rsa | Public Key bits: 1024 | Signature Algorithm: md5WithRSAEncryption | Not valid before: 2004-10-01T09:10:30 | Not valid after:  2010-09-30T09:10:30 | MD5:   b181 18f6 1a4d cb51 df5e 189c 40dd 3280 |_SHA-1: c4c9 a1dc 528d 41ac 1988 f65d b62f 9ca9 22fb e711 |_ssl-date: 2018-12-31T09:01:11+00:00; +4s from scanner time. | sslv2: |   SSLv2 supported |   ciphers: |     SSL2_DES_64_CBC_WITH_MD5 |     SSL2_RC4_128_WITH_MD5 |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 |     SSL2_DES_192_EDE3_CBC_WITH_MD5 |     SSL2_IDEA_128_CBC_WITH_MD5 |     SSL2_RC4_128_EXPORT40_WITH_MD5 |    SSL2_RC2_128_CBC_WITH_MD5
 3306/tcp open  mysql    MySQL (unauthorized)
 MAC Address: 00:0C:29:58:9E:B1 (VMware)
 Device type: general purpose
 Running: Linux 2.6.X
 OS CPE: cpe:/o:linux:linux_kernel:2.6
 OS details: Linux 2.6.17 - 2.6.36
 Uptime guess: 0.049 days (since Mon Dec 31 02:50:06 2018)
 Network Distance: 1 hop
 TCP Sequence Prediction: Difficulty=198 (Good luck!)
 IP ID Sequence Generation: All zeros
 Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

 
Host script results:
 |_clock-skew: mean: 3s, deviation: 0s, median: 3s 
 
 TRACEROUTE
 HOP RTT     ADDRESS
 1   1.00 ms dvwa (192.168.1.105)  

 
NSE: Script Post-scanning.
 Initiating NSE at 04:01
 Completed NSE at 04:01, 0.00s elapsed
 Initiating NSE at 04:01
 Completed NSE at 04:01, 0.00s elapsed
 Read data files from: /usr/bin/../share/nmap
 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 16.90 seconds
            Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.358KB) 

• The above command uses nmap and shows open ports, MAC address, OS and information what nmap normally shows.
• The above information can be used in other hacking activities, say ethical hacking professors.

The post Hack any website with All in One Tool appeared first on Information Security Newspaper | Hacking News.

Use

You should use this with docker. According to digital forensics specialists from the International Institute of Cyber Security, all you have to do is send this command:

$ mkdir /tmp/webmap

$ docker run -d \

         –name webmap \

         -h webmap \

         -p 8000:8000 \

         -v /tmp/webmap:/opt/xml \

         rev3rse/webmap

$ # now you can run Nmap and save the XML Report on /tmp/webmap

$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml 192.168.1.0/24

Now point your browser to https://localhost:8000

Quick and easy

$ curl -sL https://bit.ly/webmapsetup | bash

Upgrading from the previous version

$ # stop running webmap container

$ docker stop webmap

$ # remove webmap container

$ docker rm webmap

$ # pull new image from dockerhub

$ docker pull rev3rse/webmap

$ # run WebMap

$ curl -sL https://bit.ly/webmapsetup | bash

Run without docker

This project is designed to run in a Docker container. In the opinion of cybersecurity specialists and digital forensics, it is not a good idea to run this in a custom installation of Django, but if you need it, you can find all the construction steps within the Dockerfile.

Features

• Importing and analyzing Nmap XML files
• Statistics and graphs of uncovered services, ports, operating systems, etc.
• Inspect a single host by clicking on its IP address
• Attach tags to a host
• Insert notes to a specific host
• Generate a PDF report with graphics, details, tags and notes
• Look for vulnerabilities and exploits based on the CPE compiled by Nmap

Variations on v2.1

• Better use of Django template
• Corrected Nmap XML analysis problems
• Exploits and vulnerabilities collection issues fixed
• A new network view was added

PDF report generation

XML filenames

When the PDF version of the Nmap XML report is created, the XML file name is used as the document title on the first page. According to experts in digital forensics, WebMap will replace some parts of the filename in the following way:

‘_’ will be replaced by a space

‘.xml’ will be deleted

Example: ACME_LTD..xml

PDF title: ACME Ltd.

Vulnerabilities and exploits

Thanks to Circl.lu’s incredible API services, WEBMAP can search for vulnerabilities and exploits for each CPE compiled by Nmap. Not all CPE are verified through the circl.lu API.

Network view

Security issues

This application is not intended for its Internet exposure. Developers recommend the user to use only their local host or, in case you cannot, be careful to filter who can access WebMap with a firewall rule or something like that. Exposing this application on the Internet could lead not only to a XSS condition, but also to a leak of confidential information about scanning your port. Please be smart when using WebMap.

DOWNLOAD WEBMAP

The post WebMap – A web dashboard for Nmap XML report appeared first on Information Security Newspaper | Hacking News.