Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Topology discover
From: "Laurent Constantin" <infos () aql fr>
Date: Fri, 23 Sep 2005 17:39:42 +0200

Hello,


I am currently performing a pen-test in the internal network of a company.
I am used to pen-testing systems and the set of applications they
support, looking for vulnerabilities in software version, logic or
misconfiguration.
I have also considered routing and protocol attacks as ARP spoofing and
RIP packet injection.
But I think I am missing some techniques to find out what the topology
is. [...]


There is a tool in my toolbox netwox which can help you :
  http://www.laurentconstantin.com/en/netw/

Tool 214 does several traceroutes to a range of computers :
 - TCP traceroute to port 21
 - TCP traceroute to port 22
 - TCP etc.
 - UDP traceroute to port 53
 - UDP etc.
 - ICMP traceroute
Then, a text graph, representing each computer, is drawn. This is not very
nice, but very useful.

For example :
  netwox 214 --ips "192.168.1.0/24" --tcpports \
    "21,22,23,25,53,79,80,88,110,113,119,139,143,389,443,445,1080,2401,6000" \
    --udpports "1,53,67,68,123,137,138,161,162,177,514" --icmp --min-ttl 4 \
    --max-ttl 7 --max-ms 300 --resolve --verbose

Just to be clear, this tool only discover computers, and does not search
for any vulnerabilities.

Regards,
Laurent Constantin
--
+--------+ Vigil () nce, vulnerabilities tracking +---------+
| http://vigilance.aql.fr/           tel: 02 99 12 50 00 |
| vigilance () aql fr                   fax: 02 99 63 70 40 |
+-------------------+ Personal website +-----------------+
| http://www.laurentconstantin.com/  (main server)       |
| http://go.to/laurentconstantin/    (first mirror)      |
+--------------------------------------------------------+

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]