Network Scanning with Nmap and Nessus

 

• Nmap• Open source network mapper (Nmap)• Used for pen testing as well as a network

inventory too my network admins• Has a GUI called Zenmap -> mainly for Windows

(on BackTrack 5r3 as well)• Windows, Linux, Mac OS X

• Nessus• Vulnerability scanner

• Scans Windows, Unix, network infrastructure• Mobile device audits• Works well with Nmap and Metasploit

• Free for home use• Paid version for enterprise use• Certifications for Nessus and other products

Connecting to CrashNet

• Log into BackTrack and start GUI session• Startx

• Always update before using BT• Apt-get update

• Go to https://139.78.9.9:943• Accept cert warning• Login and download user config file

• Named client.ovpn

• Open a shell and run command• openvpn –config /path/where/file/is

• Most likely root

Should look something like this

Nmap: Zenmap

• Applications | BackTrack | Information Gathering | Network Analysis | Network Scanners | Zenmap

• Run scan on CrashNet

• 192.168.216.0/24

• Should get roughly 11 machines• Zenmap has different scan profiles available

by default• Can change scan options to suite needs

Nmap: Zenmap

Nmap: Zenmap

Nessus

• Start Nessus• Applications | Vulnerability Assessment | Vulnerability

Scanners | Nessus | Nessus

• Must register with Tenable at their website for the home user license

• Emails you license• Use nessus-fetch -- register “license”

• Add user• Nessus-adduser• Give admin privelages

• Go to 127.0.0.1:8834 • Login with new user account

Nessus

• Start initialization process

• Login with user created

• Select “Scan Tab”

• Add a scan• External Network

• IP Range = 192.168.216.0/24• Single addresses work as well

• Run

Nessus

Nessus

• Check out the exploits

• Look up CVE number• This will give more info about exploit

• Also, you can import text files from an nmap scan to add to nessus so it knows what range to scan.

QUESTIONS??