Kali Linux Network Scanning Cookbook -- Table of Contents -- Kali Linux Network Scanning Cookbook -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers, and more -- Why subscribe? -- Free access for Packt account holders -- Disclaimer -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. Getting Started -- Configuring a security lab with VMware Player (Windows) -- Getting ready -- How to do it… -- How it works… -- Configuring a security lab with VMware Fusion (Mac OS X) -- Getting ready -- How to do it… -- How it works… -- Installing Ubuntu Server -- Getting ready -- How to do it… -- How it works… -- Installing Metasploitable2 -- Getting ready -- How to do it… -- How it works… -- Installing Windows Server -- Getting ready -- How to do it… -- How it works… -- Increasing the Windows attack surface -- Getting ready -- How to do it… -- How it works… -- Installing Kali Linux -- Getting ready -- How to do it… -- How it works… -- Configuring and using SSH -- Getting ready -- How to do it… -- How it works… -- Installing Nessus on Kali Linux -- Getting ready -- How to do it… -- How it works… -- Configuring Burp Suite on Kali Linux -- Getting ready -- How to do it… -- How it works… -- Using text editors (VIM and Nano) -- Getting ready -- How to do it… -- How it works… -- 2. Discovery Scanning -- Using Scapy to perform layer 2 discovery -- Getting ready -- How to do it… -- How it works… -- Using ARPing to perform layer 2 discovery -- Getting ready -- How to do it… -- How it works… -- Using Nmap to perform layer 2 discovery -- Getting ready -- How to do it… -- How it works… -- Using NetDiscover to perform layer 2 discovery.

Getting ready -- How to do it… -- How it works… -- Using Metasploit to perform layer 2 discovery -- Getting ready -- How to do it… -- How it works… -- Using ICMP ping to perform layer 3 discovery -- Getting ready -- How to do it... -- How it works… -- Using Scapy to perform layer 3 discovery -- Getting ready -- How to do it... -- How it works… -- Using Nmap to perform layer 3 discovery -- Getting ready -- How to do it... -- How it works… -- Using fping to perform layer 3 discovery -- Getting ready -- How to do it... -- How it works… -- Using hping3 to perform layer 3 discovery -- Getting ready -- How to do it... -- How it works… -- Using Scapy to perform layer 4 discovery -- Getting ready -- How to do it… -- How it works… -- Using Nmap to perform layer 4 discovery -- Getting ready -- How to do it… -- How it works… -- Using hping3 to perform layer 4 discovery -- Getting ready -- How to do it… -- How it works… -- 3. Port Scanning -- UDP port scanning -- TCP port scanning -- UDP scanning with Scapy -- Getting ready -- How to do it… -- How it works… -- UDP scanning with Nmap -- Getting ready -- How to do it… -- How it works… -- UDP scanning with Metasploit -- Getting ready -- How to do it… -- How it works… -- Stealth scanning with Scapy -- Getting ready -- How to do it… -- How it works… -- Stealth scanning with Nmap -- Getting ready -- How to do it… -- How it works… -- Stealth scanning with Metasploit -- Getting ready -- How to do it… -- How it works… -- Stealth scanning with hping3 -- Getting ready -- How to do it… -- How it works… -- Connect scanning with Scapy -- Getting ready -- How to do it… -- How it works… -- Connect scanning with Nmap -- Getting ready -- How to do it… -- How it works… -- Connect scanning with Metasploit -- Getting ready -- How to do it… -- How it works… -- Connect scanning with Dmitry -- Getting ready -- How to do it….

How it works… -- TCP port scanning with Netcat -- Getting ready -- How to do it… -- How it works… -- Zombie scanning with Scapy -- Getting ready -- How to do it… -- How it works… -- Zombie scanning with Nmap -- Getting ready -- How to do it… -- How it works… -- 4. Fingerprinting -- Banner grabbing with Netcat -- Getting ready -- How to do it… -- How it works… -- Banner grabbing with Python sockets -- Getting ready -- How to do it… -- How it works… -- Banner grabbing with Dmitry -- Getting ready -- How to do it… -- How it works… -- Banner grabbing with Nmap NSE -- Getting ready -- How to do it… -- How it works… -- Banner grabbing with Amap -- Getting ready -- How to do it… -- How it works… -- Service identification with Nmap -- Getting ready -- How to do it… -- How it works… -- Service identification with Amap -- Getting ready -- How to do it… -- How it works… -- Operating system identification with Scapy -- Getting ready -- How to do it… -- How it works… -- Operating system identification with Nmap -- Getting ready -- How to do it… -- How it works… -- Operating system identification with xProbe2 -- Getting ready -- How to do it… -- How it works… -- Passive operating system identification with p0f -- Getting ready -- How to do it… -- How it works… -- SNMP analysis with Onesixtyone -- Getting ready -- How to do it… -- How it works… -- SNMP analysis with SNMPwalk -- Getting ready -- How to do it… -- How it works… -- Firewall identification with Scapy -- Getting ready -- How to do it… -- How it works… -- Firewall identification with Nmap -- Getting ready -- How to do it… -- How it works… -- Firewall identification with Metasploit -- Getting ready -- How to do it… -- How it works… -- 5. Vulnerability Scanning -- Vulnerability scanning with Nmap Scripting Engine -- Getting ready -- How to do it… -- How it works….

Vulnerability scanning with MSF auxiliary modules -- Getting ready -- How to do it… -- How it works… -- Creating scan policies with Nessus -- Getting ready -- How to do it… -- How it works… -- Vulnerability scanning with Nessus -- Getting ready -- How to do it… -- How it works… -- Command-line scanning with Nessuscmd -- Getting ready -- How to do it… -- How it works… -- Validating vulnerabilities with HTTP interaction -- Getting ready -- How to do it… -- How it works… -- Validating vulnerabilities with ICMP interaction -- Getting ready -- How to do it… -- How it works… -- 6. Denial of Service -- Fuzz testing to identify buffer overflows -- Getting ready -- How to do it… -- How it works… -- Remote FTP service buffer overflow DoS -- Getting ready -- How to do it… -- How it works… -- Smurf DoS attack -- Getting ready -- How to do it… -- How it works… -- DNS amplification DoS attack -- Getting ready -- How to do it… -- How it works… -- SNMP amplification DoS attack -- Getting ready -- How to do it… -- How it works… -- NTP amplification DoS attack -- Getting ready -- How to do it… -- How it works… -- SYN flood DoS attack -- Getting ready -- How to do it… -- How it works… -- Sock stress DoS attack -- Getting ready -- How to do it… -- How it works… -- DoS attacks with Nmap NSE -- Getting ready -- How to do it… -- How it works… -- DoS attacks with Metasploit -- Getting ready -- How to do it… -- How it works… -- DoS attacks with the exploit database -- Getting ready -- How to do it… -- How it works… -- 7. Web Application Scanning -- Web application scanning with Nikto -- Getting ready -- How to do it… -- How it works… -- SSL/TLS scanning with SSLScan -- Getting ready -- How to do it… -- How it works… -- SSL/TLS scanning with SSLyze -- Getting ready -- How to do it… -- How it works… -- Defining a web application target with Burp Suite -- Getting ready.

How to do it… -- How it works… -- Using Burp Suite Spider -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite engagement tools -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite Proxy -- Getting ready -- How to do it… -- How it works… -- Using the Burp Suite web application scanner -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite Intruder -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite Comparer -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite Repeater -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite Decoder -- Getting ready -- How to do it… -- How it works… -- Using Burp Suite Sequencer -- Getting ready -- How to do it… -- How it works… -- GET method SQL injection with sqlmap -- Getting ready -- How to do it… -- How it works… -- POST method SQL injection with sqlmap -- Getting ready -- How to do it… -- How it works… -- Requesting a capture SQL injection with sqlmap -- Getting ready -- How to do it… -- How it works… -- Automating CSRF testing -- Getting ready -- How to do it… -- How it works… -- Validating command injection vulnerabilities with HTTP traffic -- Getting ready -- How to do it… -- How it works… -- Validating command injection vulnerabilities with ICMP traffic -- Getting ready -- How to do it… -- How it works… -- 8. Automating Kali Tools -- Nmap greppable output analysis -- Getting ready -- How to do it… -- How it works… -- Nmap port scanning with targeted NSE script execution -- Getting ready -- How to do it… -- How it works… -- Nmap NSE vulnerability scanning with MSF exploitation -- Getting ready -- How to do it… -- How it works… -- Nessuscmd vulnerability scanning with MSF exploitation -- Getting ready -- How to do it… -- How it works… -- Multithreaded MSF exploitation with reverse shell payload.

Getting ready.