Network Scanning 安全測試工具
這篇文章主要說明網路的安全測試常見有哪些工具與測試方法。
OSI ISO 7 Layers
這七層分別有對應的測試工具與方法。
| 網路層 | 建議測試工具 |
| Layer 2 Data Link Layer 主要針對 Mac Address ARP protocol操作 |
|
| Layer 3: Network Layer主要針對 IP Address 操作 |
|
| Layer 4: Transport Layer主要針對 TCP 封包操作 |
|
Port Scanning
Port Scanning 的用意是了解網路上有哪些 port 提供服務,常用的工具如下
- Scapy
- Nmap
- Metasploit
- hping3
Fingerprinting
透過網路封包回應的內容來判斷該系統為 Windows or Linux ,或是提供哪些服務。
筆者最推薦的是 Nmap or Scapy。這兩個工具幾乎可以涵蓋所有的Fingerprinting偵測技巧。
這樣的技巧又稱為 Fingerprinting,常用的工具技巧如下:
- Banner grabbing with Netcat
- Banner grabbing with Python sockets
- Banner grabbing with Dmitry
- Banner grabbing with Nmap NSE
- Banner grabbing with Amap
- Service identification with Nmap
- Service identification with Amap
- Operating system identification with Scapy
- Operating system identification with Nmap
- Operating system identification with xProbe2
- Passive operating system identification with p0f
- SNMP analysis with Onesixtyone
- SNMP analysis with SNMPwalk
- Firewall identification with Scapy
- Firewall identification with Nmap
- Firewall identification with Metasploit
Vulnerability掃描
弱點偵測掃描。針對網路上所提供服務的已知弱點進行掃描。例如舊版的 IIS,舊版的 Apache等。
這類的工具由於需要弱點資料庫,因此工具的選擇會受限於弱點資料庫的完整性。
目前就 Nmap Script Engine 或是 Nessus 最為常使用
- Vulnerability scanning with Nmap Scripting Engine
- Vulnerability scanning with MSF auxiliary modules
- Creating scan policies with Nessus
- Vulnerability scanning with Nessus
- Command-line scanning with Nessuscmd
- Validating vulnerabilities with HTTP interaction
- Validating vulnerabilities with ICMP interaction
DDOS 攻擊
關於DDOS 攻擊方式與工具,可以另外參考筆者這篇文章 http://www.qa-knowhow.com/?p=3661
- Fuzz testing to identify buffer overflows
- Remote FTP service buffer overflow DoS
- Smurf DoS attack
- DNS amplification DoS attack
- SNMP amplification DoS attack
- NTP amplification DoS attack
- SYN flood DoS attack
- Sock stress DoS attack
- DoS attacks with Nmap NSE
- DoS attacks with Metasploit
- DoS attacks with the exploit database
(建議參考書籍:Kali Linux Network Scanning Cookbook)
Web Application
最後網路應用程式最常見的Web,可以另外參考這篇文章
7+個Web Security XSS免費測試工具與XSS防護
其他工具彙整
| 密碼攻擊 | Allwords2, chntpw, Cisilia, Djohn, Hydra, John the Ripper, and Rcrack |
| 遠端存取 | Apache Server, IKE-Scan, Net-SNMP, SSHD, TFTPD, and VNC Server |
| 網路測試 | Driftnet, Dsniff, Ethereal, Ettercap, Kismet, Nessus, Netcat, Ngrep, Nmap, Ntop, and TCPdump |
| 無線網路 | Airsnarf, Airsnort, GPSdrive, Kismet, and MACchanger |
| 網路監聽 | Dsniff, Ettercap, Ethereal, Filesnarf, Kismet, Mailsnarf, Msgsnarf, Ngrep, Ntop, TCPdump, and Webspy |
| 網路相關 | Cryptcat, Ettercap, Firewalk, Netcat, Nmap, and P0fAmap, Netcat, Nmap, and P0fExodus, Firewalk, Nmap, and Snort |