• Network Scanning 安全測試工具

    這篇文章主要說明網路的安全測試常見有哪些工具與測試方法。

     

    OSI ISO 7 Layers

    這七層分別有對應的測試工具與方法。

    網路層 建議測試工具
    Layer 2 Data Link Layer
    主要針對 Mac Address ARP protocol操作
    • ARPingNmap
    • NetDiscover
    • Metasploit
    Layer 3: Network Layer主要針對 IP Address 操作
    • ICMPScapy
    • Nmap
    • fping
    • hping3
    Layer 4: Transport Layer主要針對 TCP 封包操作
    • ScapyNmap
    • hping3

     

     

    Port Scanning

    Port Scanning 的用意是了解網路上有哪些 port 提供服務,常用的工具如下

    • Scapy
    • Nmap
    • Metasploit
    • hping3

    Fingerprinting

    透過網路封包回應的內容來判斷該系統為 Windows or Linux ,或是提供哪些服務。

    筆者最推薦的是 Nmap or Scapy。這兩個工具幾乎可以涵蓋所有的Fingerprinting偵測技巧。

     

    這樣的技巧又稱為 Fingerprinting,常用的工具技巧如下:

    • Banner grabbing with Netcat
    • Banner grabbing with Python sockets
    • Banner grabbing with Dmitry
    • Banner grabbing with Nmap NSE
    • Banner grabbing with Amap
    • Service identification with Nmap
    • Service identification with Amap
    • Operating system identification with Scapy
    • Operating system identification with Nmap
    • Operating system identification with xProbe2
    • Passive operating system identification with p0f
    • SNMP analysis with Onesixtyone
    • SNMP analysis with SNMPwalk
    • Firewall identification with Scapy
    • Firewall identification with Nmap
    • Firewall identification with Metasploit

     

     

    Vulnerability掃描

    弱點偵測掃描。針對網路上所提供服務的已知弱點進行掃描。例如舊版的 IIS,舊版的 Apache等。

    這類的工具由於需要弱點資料庫,因此工具的選擇會受限於弱點資料庫的完整性。

    目前就 Nmap Script Engine 或是 Nessus 最為常使用

    • Vulnerability scanning with Nmap Scripting Engine
    • Vulnerability scanning with MSF auxiliary modules
    • Creating scan policies with Nessus
    • Vulnerability scanning with Nessus
    • Command-line scanning with Nessuscmd
    • Validating vulnerabilities with HTTP interaction
    • Validating vulnerabilities with ICMP interaction

    DDOS 攻擊

    關於DDOS 攻擊方式與工具,可以另外參考筆者這篇文章 http://www.qa-knowhow.com/?p=3661

    • Fuzz testing to identify buffer overflows
    • Remote FTP service buffer overflow DoS
    • Smurf DoS attack
    • DNS amplification DoS attack
    • SNMP amplification DoS attack
    • NTP amplification DoS attack
    • SYN flood DoS attack
    • Sock stress DoS attack
    • DoS attacks with Nmap NSE
    • DoS attacks with Metasploit
    • DoS attacks with the exploit database

    (建議參考書籍:Kali Linux Network Scanning Cookbook)

    Web Application

    最後網路應用程式最常見的Web,可以另外參考這篇文章

    7+個Web Security XSS免費測試工具與XSS防護

    其他工具彙整

    Security Toolkit Samples

    密碼攻擊 Allwords2, chntpw, Cisilia, Djohn, Hydra, John the Ripper, and Rcrack
    遠端存取 Apache Server, IKE-Scan, Net-SNMP, SSHD, TFTPD, and VNC Server
    網路測試 Driftnet, Dsniff, Ethereal, Ettercap, Kismet, Nessus, Netcat, Ngrep, Nmap, Ntop, and TCPdump
    無線網路 Airsnarf, Airsnort, GPSdrive, Kismet, and MACchanger
    網路監聽 Dsniff, Ettercap, Ethereal, Filesnarf, Kismet, Mailsnarf, Msgsnarf, Ngrep, Ntop, TCPdump, and Webspy
    網路相關 Cryptcat, Ettercap, Firewalk, Netcat, Nmap, and P0fAmap, Netcat, Nmap, and P0fExodus, Firewalk, Nmap, and Snort

     

     

     

    Posted by Tony @ 4:03 pm

  • Leave a Reply

    Your email address will not be published.