Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this...
Transcript of Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this...
![Page 1: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/1.jpg)
Footprinting for securty auditors
Security track
Footprinting for security auditors
Jose Manuel Ortega@jmortegac
![Page 2: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/2.jpg)
Footprinting for securty auditors
Agenda
• Information gathering• Footprinting tools• Port scanning with nmap• Nmap scripts
![Page 3: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/3.jpg)
Footprinting for securty auditors
Security auditing phases
Analyze publicly available information. Set scope of attack and identify key targets.
Check for vulnerabilities on each target resource
Attack targets using library of tools and techniques
Footprint Analysis
Who isDNS Lookup
Search EnginesEnumeration
ExploitationBuffer Overflows
SpoofingPasswordRootkit
ScanningMachines
PortsApplications
Damage“Owning” IP Theft,Blackmail, Defacing,
Espionage, Destruction, DoS
![Page 4: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/4.jpg)
Footprinting for securty auditors
Security Track
Information Gathering
![Page 5: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/5.jpg)
Footprinting for securty auditors
Footprinting (gather target information)➔ names, addresses, system types, ...
Scanning (detect systems and services)➔ response from network stack, applications, ...
Fingerprinting (identify topologies & systems)➔ network layout, operating systems, services
passive
passiveor
active
active
Enumeration (collect access information)➔ list of user accounts, share names, …
Sniffing (collect network traffic)➔ addresses, names, information (passwords, ...)
Information gathering
![Page 6: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/6.jpg)
Footprinting for securty auditors
Footprinting
• Identify locations, domain names, IP address ranges, e-mail addresses, dial-in phone numbers, systems used, administrator names, network topology.
• Using public information.
• Without network /physical connection to the target.
![Page 7: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/7.jpg)
Footprinting for securty auditors
Security Track
Tools
![Page 8: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/8.jpg)
Footprinting for securty auditors
Kali Linux
![Page 9: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/9.jpg)
Footprinting for securty auditors
Whois Online Tools
• Get information about domains, IP address, DNS
• Identify the domain names and associated networks related to a particular organization
• https://www.whois.net/• https://tools.whois.net/• http://www.whois.com/whois• http://who.is• http://toolbar.netcraft.com/site_report• http://whois.domaintools.com/
![Page 10: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/10.jpg)
Footprinting for securty auditors
Netcraft• http://toolbar.netcraft.com/site_report/?url=fosdem.org
![Page 11: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/11.jpg)
Footprinting for securty auditors
Whois
![Page 12: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/12.jpg)
Footprinting for securty auditors
Whois command
![Page 13: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/13.jpg)
Footprinting for securty auditors
Host command
• Ge IPv4,v6,mail server
![Page 14: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/14.jpg)
Footprinting for securty auditors
Network tools
• http://network-tools.com/
![Page 15: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/15.jpg)
Footprinting for securty auditors
NETWORK Tools
• https://www.dnssniffer.com/networktools
![Page 16: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/16.jpg)
Footprinting for securty auditors
![Page 17: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/17.jpg)
Footprinting for securty auditors
Robtex
• Provides graphical information from DNS and Whois
• https://www.robtex.com/dns-lookup/fosdem.org
![Page 18: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/18.jpg)
Footprinting for securty auditors
Robtex
![Page 19: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/19.jpg)
Footprinting for securty auditors
Nslookup
• Query DNS server in order to extract valuable information about the host machine.
• Find names of machines through a domain/zone transfer
• Nslookup -d→ list all associated records for the domain
![Page 20: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/20.jpg)
Footprinting for securty auditors
Dig /DNS Resolver
![Page 21: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/21.jpg)
Footprinting for securty auditors
Dnsmap
![Page 22: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/22.jpg)
Footprinting for securty auditors
Dnsenum
![Page 23: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/23.jpg)
Footprinting for securty auditors
DnsRecon
![Page 24: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/24.jpg)
Footprinting for securty auditors
Zone Transfer
• How does one provide security against DNS Interrogation?
• Restrict zone transfers to authorized servers.
• Set your firewall or router to deny all unauthorized inbound connections to TCP port 53
• Best practice to restrict Zone transfers is review file configuration /etc/bind/named.conf.local
![Page 25: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/25.jpg)
Footprinting for securty auditors
Subdomains
• https://api.hackertarget.com/hostsearch/?q=fosdem.org
![Page 26: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/26.jpg)
Footprinting for securty auditors
The harvester
• Catalogue email address and subdomains from a specific domain.
• It works with all the major search engines including Bing and Google.
• The objective is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
![Page 27: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/27.jpg)
Footprinting for securty auditors
The harvester
![Page 28: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/28.jpg)
Footprinting for securty auditors
The harvester
![Page 29: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/29.jpg)
Footprinting for securty auditors
Maltego
![Page 30: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/30.jpg)
Footprinting for securty auditors
Maltego
∙ Company Stalker (this gathers email information)
∙ Footprint L1 (basic information gathering)
∙ Footprint L2 (moderate amount of information gathering)
∙ Footprint L3 (intense and the most complete information gathering)
![Page 31: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/31.jpg)
Footprinting for securty auditors
Maltego
![Page 32: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/32.jpg)
Footprinting for securty auditors
Shodan
![Page 33: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/33.jpg)
Footprinting for securty auditors
Censys.io
![Page 34: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/34.jpg)
Footprinting for securty auditors
Mr looquer
![Page 35: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/35.jpg)
Footprinting for securty auditors
Web robots
•https://wordpress.com/robots.txt• https://wordpress.com/sitemap.xml
![Page 36: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/36.jpg)
Footprinting for securty auditors
Web Archive
![Page 37: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/37.jpg)
Footprinting for securty auditors
Spider foot
![Page 38: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/38.jpg)
Footprinting for securty auditors
Spider foot
![Page 39: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/39.jpg)
Footprinting for securty auditors
Scanning tools
• Active footprinting
• Number and type of opened ports
• Type of services running in the servers
• Vulnerabilities of the services and software
• Nmap is a great tool for discovering Open ports, protocol numbers, OS details, firewall details, etc.
![Page 40: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/40.jpg)
Footprinting for securty auditors
Security Track
NMAP
![Page 41: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/41.jpg)
Footprinting for securty auditors
Nmap Port Scanner
• Unix-based port scanner
• Support for differentscanning techniques
• Detects operating systemof remote hosts
• Many configuration options - timing - scanned port range - scan method
• Various front endsfor easier handling
![Page 42: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/42.jpg)
Footprinting for securty auditors
Zenmap Port Scanner
![Page 43: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/43.jpg)
Footprinting for securty auditors
Zenmap Port Scanner
![Page 44: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/44.jpg)
Footprinting for securty auditors
Sparta
![Page 45: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/45.jpg)
Footprinting for securty auditors
Nmap whois
![Page 46: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/46.jpg)
Footprinting for securty auditors
Guessing the Operating System
• We can use the --osscan-guess option to force Nmap into discovering the OS.
![Page 47: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/47.jpg)
Footprinting for securty auditors
Banner Grabbing
nmap -p80 -sV -sT fosdem.org
![Page 48: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/48.jpg)
Footprinting for securty auditors
Nmap Script Engine
• Simple scripts to automate a wide variety of networking tasks
• Are written in Lua programming language.
• Network discovery
• Vulnerability detection
• Backdoor detection
• Vulnerability exploitation
![Page 49: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/49.jpg)
Footprinting for securty auditors
Nmap Script Engine
usr/local/share/nmap/scripts
![Page 50: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/50.jpg)
Footprinting for securty auditors
Nmap Script Engine
• https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts
![Page 51: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/51.jpg)
Footprinting for securty auditors
Banner grabbing with nmap script
nmap --script banner fosdem.org
![Page 52: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/52.jpg)
Footprinting for securty auditors
http-enum script
nmap -v --script http-enum.nse fosdem.org
![Page 53: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/53.jpg)
Footprinting for securty auditors
↘mysql-databases nmap -v -d -p3306 --script mysql-databases.nse --script-args='mysqluser=root' 192.168.100.8
![Page 54: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/54.jpg)
Footprinting for securty auditors
↘mysql-databases
![Page 55: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/55.jpg)
Footprinting for securty auditors
Find vulnerabilities with nmap
•XSS / SQL Injection
↘nmap -p80 –script http-unsafe-output-escaping <target>
↘http://svn.dd-wrt.com/browser/src/router/nmap/scripts/http-unsafe-output-escaping.nse?rev=28293
↘https://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.html
![Page 56: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/56.jpg)
Footprinting for securty auditors
Security Track
Vulnerability Scanner
![Page 57: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/57.jpg)
Footprinting for securty auditors
Nessus Vulnerability Scanner
![Page 58: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/58.jpg)
Footprinting for securty auditors
Arachni Vulnerability Scanner
![Page 59: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/59.jpg)
Footprinting for securty auditors
Links & References
• http://www.0daysecurity.com/penetration-testing/network-footprinting.html
• http://nmap.org/nsedoc/• https://secwiki.org/w/Nmap/External_Script_Library• https://nmap.org/book/man-os-detection.html• https://hackertarget.com/7-nmap-nse-scripts-recon/
![Page 60: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/60.jpg)
Footprinting for securty auditors
Books
![Page 61: Footprinting for security auditors - archive.fosdem.org · Maltego ∙ Company Stalker (this gathers email information) ∙ Footprint L1 (basic information gathering) ∙ Footprint](https://reader033.fdocuments.net/reader033/viewer/2022042307/5ed3aced89ea24219c3ce8ca/html5/thumbnails/61.jpg)
Footprinting for securty auditors
Security track
Thank you!
Jose Manuel Ortega@jmortegac