Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Topology discover
From: "Laurent Constantin" <infos () aql fr>
Date: Fri, 23 Sep 2005 17:39:42 +0200


I am currently performing a pen-test in the internal network of a company.
I am used to pen-testing systems and the set of applications they
support, looking for vulnerabilities in software version, logic or
I have also considered routing and protocol attacks as ARP spoofing and
RIP packet injection.
But I think I am missing some techniques to find out what the topology
is. [...]

There is a tool in my toolbox netwox which can help you :

Tool 214 does several traceroutes to a range of computers :
 - TCP traceroute to port 21
 - TCP traceroute to port 22
 - TCP etc.
 - UDP traceroute to port 53
 - UDP etc.
 - ICMP traceroute
Then, a text graph, representing each computer, is drawn. This is not very
nice, but very useful.

For example :
  netwox 214 --ips "" --tcpports \
    "21,22,23,25,53,79,80,88,110,113,119,139,143,389,443,445,1080,2401,6000" \
    --udpports "1,53,67,68,123,137,138,161,162,177,514" --icmp --min-ttl 4 \
    --max-ttl 7 --max-ms 300 --resolve --verbose

Just to be clear, this tool only discover computers, and does not search
for any vulnerabilities.

Laurent Constantin
+--------+ Vigil () nce, vulnerabilities tracking +---------+
| http://vigilance.aql.fr/           tel: 02 99 12 50 00 |
| vigilance () aql fr                   fax: 02 99 63 70 40 |
+-------------------+ Personal website +-----------------+
| http://www.laurentconstantin.com/  (main server)       |
| http://go.to/laurentconstantin/    (first mirror)      |

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]