Module 03: Scanning Networks

Lab 1: Perform Host Discovery

Task 1: Perform Host Discovery using Nmap

## Commands used in this section : 

1. ARP Ping Scan : nmap -sn -PR [Target IP Address]
2. UDP Ping Scan : nmap -sn -PU [Target IP Address]
3. ICMP Echo Ping Scan : nmap -sn -PE [Target IP Address]
4. ICMP Ping Sweep Scan : nmap -sn -PE [Target Range of IP Addresses]
5. ICMP Timestamp Scan : nmap -sn -PP [Target IP Address]
6. ICMP Address Mask ping scan :  nmap -sn -PM [target IP address]
7. TCP Syn Scan : nmap -sn -PS [target IP address]
8. TCP ACK scan : nmap -sn -PA [target IP address]
9. IP Protocol ping scan : nmap -sn -PO [target IP address]

Lab 2: Perform Port and Service Discovery

Task 1: Explore Various Network Scanning Techniques using Nmap

##  Commands used :

 1. TCP Full Scan : nmap -sT -v [Target IP Address]
 2. TCP Stealth Scan : nmap -sS -v [Target IP Address]
 3. TCP XMAS Scan : nmap -sX -v [Target IP Address]
 4. TCP Maimon Scan : nmap -sM -v [Target IP Address]
 5. ACK Scan : nmap -sA -v [Target IP Address]
 6. UDP Scan :  nmap -sU -v [Target IP Address]
 7. IPID header scan : nmap -sI -v [target IP address]
 8. SCTP Init Scan : nmap -sY -v [target IP address]
 9. SCTP Cookie echo Scan : nmap -sZ -v [target IP address]
 10. Service Version Scan : nmap -sV [Target IP Address]

Lab 3: Perform OS Discovery

Task 1: Perform OS Discovery using Nmap Script Engine (NSE)

## Commands used in this section: 
1. NMAP Aggressive scan : nmap -A [Target IP Address]
2. OS Detection scan : nmap -O [Target IP Address]
3. OS Detection scan using NSE : nmap --script smb-os-discovery.nse [Target IP Address]

Lab 4: Scan beyond IDS and Firewall

Task 1: Scan beyond IDS/Firewall using various Evasion Techniques

## Commands used in this section : 
1. Fragment Split Scan : nmap -f [Target IP Address]
2. Source port manipulation : nmap -g 80 [Target IP Address]
3. Custom MTU Scan : nmap -mtu 8 [Target IP Address]
4. Random IPS Scan : nmap -D RND:10 [Target IP Address]
5. Custom MAC : nmap -sT -Pn --spoof-mac 0 [Target IP Address]

Lab 5: Perform Network Scanning using Various Scanning Tools

Task 1: Scan a Target Network using Metasploit

## Commands used  :
1. MSF module SYN : auxiliary/scanner/portscan/syn
    Options : 
        set INTERFACE eth0
        set PORTS 80
        set RHOSTS 10.10.1.5-23
        set THREADS 50
2. MSF Module TCP : auxiliary/scanner/portscan/tcp
    Options :
        set RHOSTS 10.10.1.20
3. SMB Version  : auxiliary/scanner/smb/smb_version
    Options : 
        set RHOSTS 10.10.1.5-23
        set THREADS 11

PreviousModule 02: Footprinting and Reconnaissance NextModule 04: Enumeration

Last updated 5 months ago

Lab 1: Perform Host Discovery

Task 1: Perform Host Discovery using Nmap

## Commands used in this section : 

1. ARP Ping Scan : nmap -sn -PR [Target IP Address]
2. UDP Ping Scan : nmap -sn -PU [Target IP Address]
3. ICMP Echo Ping Scan : nmap -sn -PE [Target IP Address]
4. ICMP Ping Sweep Scan : nmap -sn -PE [Target Range of IP Addresses]
5. ICMP Timestamp Scan : nmap -sn -PP [Target IP Address]
6. ICMP Address Mask ping scan :  nmap -sn -PM [target IP address]
7. TCP Syn Scan : nmap -sn -PS [target IP address]
8. TCP ACK scan : nmap -sn -PA [target IP address]
9. IP Protocol ping scan : nmap -sn -PO [target IP address]

Lab 2: Perform Port and Service Discovery

Task 1: Explore Various Network Scanning Techniques using Nmap

##  Commands used :

 1. TCP Full Scan : nmap -sT -v [Target IP Address]
 2. TCP Stealth Scan : nmap -sS -v [Target IP Address]
 3. TCP XMAS Scan : nmap -sX -v [Target IP Address]
 4. TCP Maimon Scan : nmap -sM -v [Target IP Address]
 5. ACK Scan : nmap -sA -v [Target IP Address]
 6. UDP Scan :  nmap -sU -v [Target IP Address]
 7. IPID header scan : nmap -sI -v [target IP address]
 8. SCTP Init Scan : nmap -sY -v [target IP address]
 9. SCTP Cookie echo Scan : nmap -sZ -v [target IP address]
 10. Service Version Scan : nmap -sV [Target IP Address]

## Commands used in this section: 1. NMAP Aggressive scan : nmap -A [Target IP Address] 2. OS Detection scan : nmap -O [Target IP Address] 3. OS Detection scan using NSE : nmap --script smb-os-discovery.nse [Target IP Address]

Lab 4: Scan beyond IDS and Firewall

Task 1: Scan beyond IDS/Firewall using various Evasion Techniques

## Commands used in this section : 
1. Fragment Split Scan : nmap -f [Target IP Address]
2. Source port manipulation : nmap -g 80 [Target IP Address]
3. Custom MTU Scan : nmap -mtu 8 [Target IP Address]
4. Random IPS Scan : nmap -D RND:10 [Target IP Address]
5. Custom MAC : nmap -sT -Pn --spoof-mac 0 [Target IP Address]

Lab 5: Perform Network Scanning using Various Scanning Tools

Task 1: Scan a Target Network using Metasploit

## Commands used  :
1. MSF module SYN : auxiliary/scanner/portscan/syn
    Options : 
        set INTERFACE eth0
        set PORTS 80
        set RHOSTS 10.10.1.5-23
        set THREADS 50
2. MSF Module TCP : auxiliary/scanner/portscan/tcp
    Options :
        set RHOSTS 10.10.1.20
3. SMB Version  : auxiliary/scanner/smb/smb_version
    Options : 
        set RHOSTS 10.10.1.5-23
        set THREADS 11