Scribd
Upload
129 views7 pages

Scanning and Enumeration: Getting Down To Business: CEH Test Prep Video Series

Scanning and Enumeration involves gathering information about a target network through active and passive methods to identify active machines, open ports, services, and operating systems. This process builds an inventory of targets and discovers potential entry points for attack. Common tools used in scanning and enumeration include ping, nmap, arp-scan, Wireshark, and tcpdump to detect live hosts, open ports, running services, and basic OS fingerprints. The objectives are to map the network topology and vulnerabilities.

Uploaded by

x
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
129 views7 pages

Scanning and Enumeration: Getting Down To Business: CEH Test Prep Video Series

Scanning and Enumeration involves gathering information about a target network through active and passive methods to identify active machines, open ports, services, and operating systems. This process builds an inventory of targets and discovers potential entry points for attack. Common tools used in scanning and enumeration include ping, nmap, arp-scan, Wireshark, and tcpdump to detect live hosts, open ports, running services, and basic OS fingerprints. The objectives are to map the network topology and vulnerabilities.

Uploaded by

x
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Scanning and Enumeration:

Getting Down to Business


CEH Test Prep Video Series
Scanning & enumeration
• Information gathering ✔️
• Determining network range ✔️
• Identifying active machines
• Finding open ports & access points
• OS and service fingerprinting
• Mapping the network
Objectives:
• Targets inventory
• Attack entry points
Identifying active hosts
• Active • Passive
• Common S/A tools • Sniffing and analyzing broadcast
• ping, telnet, traceroute, netstat traffic
• nbtscan, shareEnum • Wireshark, tcpdump, p0f
• Protocol scanners
• ICMP scanning (ping sweeps)
• ping, ping -b, nmap -sn
• ARP scanning
• arp, arp -a, arp-scan
• TCP scanning
• nmap -p, masscan, zmap
• Custom tools
• hping/nping, scapy
Identifying active services
• Manual observation • Automated scanning
• Web-browsers, file managers • amap, unicornscan, superscan
• Manual TCP connection • masscan, zmap
• nc, netcat, ncat
• telnet, ncat [-t] [-C] • NMap
• openssl s_client, ncat --ssl • SYN vs. Connect
• UDP issues
OS and services fingerprinting
• Difference in OSes • Universal
• TCP/IP stack: TTL, TCP window etc. • nmap -O -sV -p-
• Connection open/close/reset • Protocol-centric
timing
• snmpwalk
• Difference in services • nbtscan
• Banners wording • enum4linux
• Protocol nuances
Network mapping
• Topology mapping • Network issues
• Zenmap • Use of VPN on external pentests
• Maltego
• Use of VPN on internal pentests
• Visio
• Use of Tor and HTTP proxies
• Firewall evasion techniques
• Evidence handling
• Excel
• CherryTree • Final thoughts
• Growly Notes

• Evernote
• OneNote
References
• Tools
• Security Tools http://sectools.org
• Awesome Penetration Testing https://github.com/enaqx/awesome-pentest
• Network Tools https://github.com/enaqx/awesome-pentest#network-tools
• Reading
• Nmap book https://nmap.org/book/
• SANS nmap cheat sheet https://
pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0
• Pentest Tools Cheat Sheet – Recon and Enum
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#
recon-and-enumeration
• Firewall/IDS Evasion and Spoofing https://nmap.org/book/man-bypass-firewalls-ids.html

You might also like