Testing & Ethical

Unit :Hacking&
2 Ethical
Hacking
Scanning

By:
Dr. Sumitra
 Scanning Tools

Kali Linux contains various tools that can be used for

network scanning. These tools are:
 Use Hping3 for Network Scanning
 Hping3  Perform a TCP Scan Using Dmitry
 Dmitry  Use Netcat for Port Scan
 Netcat  Use Netdiscover for Scanning the
 Network
Netdiscover
 Perform Stealth Scanning Using
 Nmap Nmap
 Fping  Use fping for Network Scanning
 Msfconsole Use Msfconsole to Perform TCP
Stealth on a Network
 Hping3

 You can perform an ICMP discovery of a

single host using hping3.

hping3 192.168.3.30 --icmp

 The hping3 command will continue for

an indefinite time unless you stop it.
 To do this, press the Ctrl + C keys.
Hping3
 You can also limit the command to perform
ICMP discovery for a limited number. To do
this, type the following command:

hping3 192.168.3.118 --icmp –c 5

 You can also use the hping3 command to

scan for a specific TCP port.

hping3 192.168.3.118 --scan 80 –S -

V
 Hping3

 You can also scan for multiple ports

using the hping3 command. To do this,
type the following command:
hping3 192.168.3.118 --scan 22,80,443 –S
-V
Hping3
Hping3
 You can also scan for a range of ports. To
do this, you need to specify the first and
the last port. Type the following command:

hping3 192.168.3.118 --scan 1-80 –S

-V
Perform a TCP Scan Using Dmitry
 Dmitry is an information gathering tool. It
has the capability to gather the following
types of information:
 Subdomains
 E-mail addresses
 Uptime information
 TCP port scan
 WHOis lookups
Dmitry
Dmitry

 You will now use the -p parameter along

with the dmitry command to perform a
TCP scan
dmitry -p 192.168.3.118
Dmitry

You can also send the dmitry output to a

text file. In this step, you will send the
output to a text file named abc.

dmitry -p 192.168.3.118 -o abc

Netcat for Port Scan
 Netcat, or nc, is a tool that is used for
monitoring network connections and can
also be used for port scanning.
 To view the list of parameters of nc
command, type the following:

nc -h
Netcat
 Netcat

 To scan for a specific port, type the following

command:
nc -nvz 192.168.0.1 80

The -n parameter states that an IP address

will be used. The -z parameter is used for
scanning. The -v parameter is used for
verbose output.
Use Netdiscover for Scanning the
Network
 Netdiscover is a tool that can perform
Layer 2 discovery. You can pass the range
of IP address in the CIDR notation, and
Netdiscover can scan the entire range.
 To view the list of parameters of the
netdiscover command, type the following:

netdiscover -r 192.168.3.0/24
Netdiscover
 Netdiscover

 If you are scanning an entire system, it

can alert an Intrusion Detection System
(IDS) or Intrusion Prevention System
(IPS). This is because ARP requests are
broadcasted all over the subnet, which can
alert an IDS or IPS.
 You can run the netdiscover command in
stealth mode using the -p parameter.
netdiscover -p
 Use fping for Network
Scanning
 The fping tool is similar to the ping tool
but has additional features. One of the
additional features is that it can be used as
a scanning tool.

 You can simply pass the IP address to the

fping command as a parameter to check if
a system is alive on the network
fping 192.168.3.118
fping

 Using the -g parameter, you can scan for

more than one system on the network.

fping -g 192.168.3.30 192.168.3.118

Using the -g parameter, you can scan an

entire subnet using the CIDR notation.

fping -g 192.168.0.0/24
Niklto

 Nikto is a free command line web

vulnerability scanner that scans web
servers and detects over 6700
potentially dangerous files/CGIs,
outdated server software, other
vulnerabilities and misconfigurations.

 Nikto can also detect the installed

software on the target web server.
Nikto

To scan a target using Nikto, first we need

to specify a target. To set the target, we
need to use the “host” option or can use -h.
This is shown below.
Nikto --host 192.168.3.118

The target can be IP address of the

webserver or URL of the website
Nikto
Nikto

To scan a website with HTTPS enabled with nikto,

we can use the “SSL” option.

Nikto -h google.com -ssl

By default, Nikto scans the default HTTP and

HTTPS ports when specified. However, if the
target web server is running on a custom port
you can set Nikto to scan a different port by
using the “port” option.
Nikto -h google.com –port 8180
Nikto
Nikto

To scan for the presence of all CGI directories on

the target webserver, the “cgidirs” option can be
used.

Nikto -h 192.168.3.118 –cgidirs all

Nikto display
Nikto

Nikto -h 192.168.3.118 –Display 1

Nikto -h 192.168.3.118 –Display V

Using the “maxtime” option, we can specify

the maximum time to spend for scanning a
target. This time can be specified in seconds.

Nikto -h 192.168.3.118 –maxtime 1

Nikto

If you want to just find the HTTP(S) ports of a

target without performing any security scan, you
can use the “–findonly” option. Specifying this
option allows Nikto to connect to HTTPS or HTTP
ports and report the server header.

Nikto -h 192.168.3.118 –findonly

By using “–Pause” option of Nikto, we can specify

delay between each test Nikto performs.

Nikto -h 192.168.3.118 –pause 10

Nikto

With the “-id” option you can use Nikto to perform

basic authentication to the target.

Nikto -h http://192.168.3.118 /dvwa –id

admin:password

With the “-Tuning” option, we can control the

test that Nikto will use against a target.
Nikto
Nikto

Nikto -h 192.168.3.118 –Tuning 2