Network Security Assessment

From ConShell
Jump to: navigation, search

Network Security Assessment is a wide field and can be broken down into various components. This page will show some of the tools and resources related to NSA. It is a work-in-progess.

Discovery

Passive

Passive discovery tools allow you to gather information about a network subnet or host without detection

  • Google Advanced Search - try site: and inurl: options for a start
    • TODO: add links to google hacking info
  • Netcraft's Whats that site running?
  • Netcraft's SearchDNS
  • whois - query Domain registries & registrars, ARIN (whois.arin.net), RIPE (whois.ripe.net), APNIC (whois.apnic.net)
  • p0f - versatile passive OS fingerprinting tool
  • dnstop - shows DNS traffic on your network
  • arpwatch - stealth monitoring of ARP pairings

Active

Active tools leave a mark, whether it be in the logfiles of the scanned host, triggers a intrustion detection system (HIDS/NIDS) and so on.

  • nmap - free open source utility for network exploration or security auditing
  • dig - swiss-army knife of DNS query tools, part of the BIND suite
  • Nessus - free/commercial vulnerability scanner by Tenable Security with vast assortment of plugins
  • nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names