![]() The takeaway when comparing results between these tools is that they seem to be geared at different purposes. Below is an example of a port scan with Angry IP Scanner: You do need to expand the port range if you are looking to do a port scan. The tool is pretty intuitive, you input the IP of the target and run it. ![]() Type in ipscan at the command prompt to launch the ipscan interface. We should run ipscan at this point to compare the results. Not going to waste time going through every option with nmap, for the purposes of this test I ran SYN, UDP, and version scans. Results are being recorded in KeepNote, an open source reporting tool included in the Kali build. I’m sticking with results on Lorien just to save time. It’s now ready to scan.įirst we start off with nmap. Navigate to the web console at 127.0.0.1:9392 and you log into the console with admin as the username and the password generated during setup. Once it is done, it will give you the admin password. This will set up the OpenVAS database and download plugins. After downloading and installing OpenVAS, run the initial setup script: So a reminder, make sure the basics of your system are good, or at least take a snapshot of your VM so you don’t end up like me spending a day rebuilding. At this point, I ran out of space on my hard drive and had to take a brief detour. Now to install OpenVAS, the Open Security folks have kindly packaged it up and put it in the Kali repo. Sudo dpkg -i ipscan_(versionnum)_(cpu).debĮasy. Installing ipscan is simple, we open a browser on Morgoth and navigate to and download the. Neither of these are tools I have any experience with but they give that alternative comparison. So I chose to install Angry IP Scanner and OpenVAS. Nmap is great and I know Nessus well, but if we’re going to do this I want to see what results look like from multiple sources and compare, then try and figure out why they might give different results. Kali comes with a ton of tools but I want a couple non-standard ones just to have a comparison. ![]() To suit up first off we need to add a couple of things to Morgoth. In my lab, keep these names in mind: Morgoth is our attacker (Kali rolling release, whatever they’re up to), Lorien is an XP machine running SP2, and Ulmo is a Win7 machine running SP1 with no updates. Each tool may have strengths and weaknesses, but understanding what the tool is telling you is more important. Easy enough, but important to consider when planning. We do scans in order to identify attack surface and possible vulnerabilities. How do we get there? Let’s break it down. The ultimate goal in our case is access to data on a target machine. Why? Each action must be considered in context of the ultimate goal. Yes, you’re running nmap, but why are you running it? To identify system attributes. This is a pretty simple concept, but important to keep in mind. We perform reconnaissance in order to learn about the environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |