12 may 2013

Nmap 6 Network Exploration and Security Auditing Cookbook

Nmap 6: Network Exploration and Security Auditing Cookbook de Paulino Calderón Pale es un excelente y específico libro sobre el uso de Nmap como herramienta indispensable en proyectos de Test de Penetración.



Este excelente ejemplar tiene el siguiente contenido:

· Capitulo 1 ·
Nmap Fundamentals
Introduction
Downloading Nmap from the official source code repository
Compiling Nmap from source code
Listing open ports on a remote host
Fingerprinting services of a remote host
Finding live hosts in your network
Scanning using specific port ranges
Running NSE scripts
Scanning using a specified network interface
Comparing scan results with Ndiff
Managing multiple scanning profiles with Zenmap
Detecting NAT with Nping
Monitoring servers remotely with Nmap and Ndiff


· Capitulo 2 ·
Network Exploration
Introduction
Discovering hosts with TCP SYN ping scans
Discovering hosts with TCP ACK ping scans
Discovering hosts with UDP ping scans
Discovering hosts with ICMP ping scans
Discovering hosts with IP protocol ping scans
Discovering hosts with ARP ping scans
Discovering hosts using broadcast pings
Hiding our traffic with additional random data
Forcing DNS resolution
Excluding hosts from your scans
Scanning IPv6 addresses
Gathering network information with broadcast scripts


· Capitulo 3 ·
Gathering Additional Host Information
Introduction
Geolocating an IP address
Getting information from WHOIS records
Checking if a host is known for malicious activities
Collecting valid e-mail accounts
Discovering hostnames pointing to the same IP address
Brute forcing DNS records
Fingerprinting the operating system of a host
Discovering UDP services
Listing protocols supported by a remote host
Discovering stateful firewalls by using a TCP ACK scan
Matching services with known security vulnerabilities
Spoofing the origin IP of a port scan

Chapter 4: Auditing Web Servers

· Capitulo 4 ·
Listing supported HTTP methods
Checking if an HTTP proxy is open
Discovering interesting files and directories in various web servers
Brute forcing HTTP authentication
Abusing mod_userdir to enumerate user accounts
Testing default credentials in web applications
Brute-force password auditing WordPress installations
Brute-force password auditing Joomla! installations
Detecting web application firewalls
Detecting possible XST vulnerabilities
Detecting Cross Site Scripting vulnerabilities in web applications
Finding SQL injection vulnerabilities in web applications
Detecting web servers vulnerable to slowloris denial of service attacks


· Capitulo 5 ·
Auditing Databases
Introduction
Listing MySQL databases
Listing MySQL users
Listing MySQL variables
Finding root accounts with empty passwords in MySQL servers
Brute forcing MySQL passwords
Detecting insecure configurations in MySQL servers
Brute forcing Oracle passwords
Brute forcing Oracle SID names
Retrieving MS SQL server information
Brute forcing MS SQL passwords
Dumping the password hashes of an MS SQL server
Running commands through the command shell on MS SQL servers
Finding sysadmin accounts with empty passwords on MS SQL servers
Listing MongoDB databases
Retrieving MongoDB server information
Listing CouchDB databases
Retrieving CouchDB database statistics


· Chapter 6 ·
Auditing Mail Servers
Introduction
Discovering valid e-mail accounts using Google Search
Detecting open relays
Brute forcing SMTP passwords
Enumerating users in an SMTP server
Detecting backdoor SMTP servers
Brute forcing IMAP passwords
Retrieving the capabilities of an IMAP mail server
Brute forcing POP3 passwords
Retrieving the capabilities of a POP3 mail server
Detecting vulnerable Exim SMTP servers version 4.70 through 4.75


· Capitulo 7 ·
Scanning Large Networks
Introduction
Scanning an IP address range
Reading targets from a text file
Scanning random targets
Skipping tests to speed up long scans
Selecting the correct timing template
Adjusting timing parameters
Adjusting performance parameters
Collecting signatures of web servers
Distributing a scan among several clients using Dnmap


· Capitulo 8 ·
Generating Scan Reports
Introduction
Saving scan results in normal format
Saving scan results in an XML format
Saving scan results to a SQLite database
Saving scan results in a grepable format
Generating a network topology graph with Zenmap
Generating an HTML scan report
Reporting vulnerability checks performed during a scan


· Capitulo 9 ·
Writing Your Own NSE Scripts
Introduction
Making HTTP requests to identify vulnerable Trendnet webcams
Sending UDP payloads by using NSE sockets
Exploiting a path traversal vulnerability with NSE
Writing a brute force script
Working with the web crawling library
Reporting vulnerabilities correctly in NSE scripts
Writing your own NSE library
Working with NSE threads, condition variables, and mutexes in NSE


Por acá les comparto entonces la descarga del libro (descarga aquí) espero que lo disfruten ;);)
Un saludo ~ Kodeinfect