Network Security Testing Tools

Security Testing Tools
- Networking
Praveen Darshanam
http://darshanams.blogspot.com

for absolute beginners ….
http://disects.com/ Praveen Darshanam

Tools
• Operating Systems
– Kali/Backtrack, Fedora Security Spin, Knoppix
• Packet Crafting
– hping, ngrep, sendip, scapy
• Packet Replay
– tcpreplay, tcpreplay-edit, tcpdump
• Scanning
– nmap, nc, metasploit, nessus
• Fuzzing
– metasploit, nikto, nessus, spike, radamsa, webfuzz
• Stats
– dstat, ifstat, iftop, ntop
• Web
– wget, curl, ab
• Debugging
– ping, netstat, tracert, ngrep
• Benchmarking
– ab, iperf, netperf

Command Help
• man command_name
• man ps
• man hping
• command_name –help or
• command_name –h
• dig –h
• nc --help
• info command_name
• info nmap

Backtrack
• Operating System for Security Researchers, Penetration Testers etc
• Plethora of Tools
• Fuzzers, DoS Tools, Scanners, Exploits etc.
http://www.backtrack-linux.org/

nmap
• Port Scanning
• OS fingerprinting
• Version guessing
• nmap [Scan Type(s)] options target_ip/domain
• Useful options
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sV:Probe open ports to determine service/version info
-O: Enable OS detection

nmap snapshot

ngrep
grep patterns from pcap or live stream
• ngrep is to pcap what grep is to normal files
• Sniffer mode
ngrep –d any ‘HTTP/1.1 200 OK’ port 80
ngrep –d eth0 –i ‘user|pass’ port 21
• Pcap pattern match – regex pattern + BPF filter
ngrep -t ‘pattern’ –I pcap
ngrep –tx –X ‘0xhex pattern’ –I pcap
• Grep’ing, one packet at a time

ngrep snapshot

hping
• Packet crafting
• Port Scanning
• Tcl scripting engine
• Ars Packet Description(APD), string representation of TCP/IP packets
• hping –S 192.168.1.102 –p 80,21 –flood
• hping3>hping send
{ip(ihl=0x5,ver=0x4,tos=0x00,totlen=348,id=29974,fragoff=0,m
f=0,df=1,rf=0,ttl=64,proto=6,cksum=0x6a40,saddr=192.168.1.10
2,daddr=192.168.1.101)+tcp(sport=5555,dport=6666,seq=3879420
856,ack=3264306705,x2=0x0,off=5,flags=pa,win=18760,cksum=0xc
4a2,urp=0)+data(str=You are Hacked!!!)}

hping3 snapshot

nikto
• Web Server Scanner for known Vulnerabilities
• Options
-dbcheck Check database and other key filesfor syntax errors
-evasion Encoding technique (premature URL’s,long strings, tabs, fake
parameters)
-o output format (html, xml, csv)
#nikto -o htm -host 192.168.0.127

nikto snapshot

ethtool
view and change NIC settings
• View settings
– ethtool eth0
– ethtool –i eth0
– ethtool –k eth0
– ethtool –p eth0
• Change settings
– Speed;
ethtool –s eth0 speed 100
– Duplex
ethtool –s eth0 duplex full
– TSO,GSO,checksum
ethtool -K eth0 tso off gso off tx off

ping
• Ping
• Used for trouble shooting connectivity
• Uses ICMP protocol
• Based on raw sockets
• Uses different types, codes based on error
• Ping of death, pretty famous
• Options
-f fast ping -s data size
-c number of packets to send
#ping –f –s 65000 192.168.1.102

netstat
• netstat
-p display the PID and program name of the process owning a socket
-l displays the listening sockets
-t display TCP socket
-u display UDP socket
-c continuous display
--unix unix domain socket
Linux netstat –ant |grep 22
Windows netstat -an -p tcp | find "135"

ab
• Apache HTTP server benchmarking tool
• Part of apache2-utils
• Options
-n Number of requests to perform
-c Number of multiple requests to make
-k Use HTTP KeepAlive feature
#ab –n 1000 –c 50 -k

netcat
• Open and Connect to TCP/UDP Ports
• File Transfer
• Port Scanning
• Server
nc –l 4444
• Client
nc 192.168.1.102 80
• Port Scanning
nc -z 192.168.1.102 1-1023

metasploit
• Penetration testing tool
• Exploit Framework
use use an exploit
set set a variable value
info
infomation of
PAYLOAD/Exploit
PAYLOAD Shellcode to select
RHOST target/victim host
LPORT attackers TCP/UDP port
exploit/run launch exploit

metasploit banner snapshot

metasploit launching exploit snapshot

stats (dstat, ifstat,iftop)

tcpdump, tcpreplay, tcpreplay-edit,
tomahawk
• Tcpdump
• Captures/Sniffs Packets on an Interface
tcpdump –i eth0 –xX –s0 –w capture.pcap
• Tomahawk
• replayed using single machine with two interfaces
• Tcpreplay
• Replays packet captures
tcpreplay -K –C –i eth1 –M 400.00 capture.pcap
• tcpreplay-edit
• Similar to ‘tcpreplay’ with an option to edit the capture

tcpreplay-edit (setup)

tcpreplay-edit (commands)
• Command1 (refer above image)
tcpreplay-edit –C –M 400.00 –l 100000 –enet-
dmac=00:13:D3:A7:00:42,14:D6:4D:14:BB:BB –s
0.0.0.0/0:10.0.0.5/32 –d 0.0.0.0/0:10.0.0.6/32 –I eth1
*.pcap
• Command2 (refer above image)
tcpreplay-edit –C –M 400.00 –l 100000 –enet-
dmac=14:D6:4D:14:BB:BB, 00:13:D3:A7:00:42 –s
0.0.0.0/0:10.0.0.6/32 –d 0.0.0.0/0:10.0.0.5/32 –I eth0
*.pcap

netperf
• netperf - network performance benchmark
• Server
netserver
• Client
netperf –H 192.168.1.102

iperf
• iperf- perform network throughput tests
• Server
iperf –s –p 8888
• Client
iperf –c –p 8888

Snort IDS Testing
• stick
• IDSwakeup
• IDS Informer
• mucus
• sneeze.pl
• fpg
• NOTE: These are pretty old tools, pre PCRE.

SNMP
• SNMP is used for remote management and monitoring of network
devices
snmpwalk –v 1 –c mysnmp 192.168.1.1 hrSWRunState
• Options
-v version
-c community string or user name

snmpwalk snapshot

Network Time Protocol
• NTP is used to synchronise clocks
• Ntpupdate collects time samples from Time Server
ntpupdate ntp_server_ip
• Ntptrace gets source of time to a particular server
ntptrace
• Ntpdc used to query NTP daemons current state
ntpdc –c sysinfo ip_address
• Ntpq monitor NTP daemons operations and performance
ntpq ip_address

DoS
• tcpjunk
• slowloris.pl
• thc-ssl-dos tool
• many fuzzers
• few Metasploit auxiliary/ modules

References
• http://www.backtrack-linux.org/
• http://tcpreplay.synfin.net/
• http://nmap.org/
• http://wiki.hping.org/
• http://www.secdev.org/projects/scapy/doc/usage.html
• http://www.gnu.org/software/wget/manual/wget.html
• http://www.ntop.org/
• http://cirt.net/nikto2-docs/

Questions ???!
Please do it for me 
http://disects.com Praveen Darshanam

Network Security Testing Tools

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Network Security Testing Tools

Similar a Network Security Testing Tools (20)

Último

Último (20)

Network Security Testing Tools