Scribd
Upload
27 views10 pages

21BCE3437 Nmap

Uploaded by

Joshua Francis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views10 pages

21BCE3437 Nmap

Uploaded by

Joshua Francis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

21BCE3437 12th Aug 2024

Joshua Vivian Francis

Cyber Security

Assignment

1. Find the ip address of a Webpage using netcraft extension.


Google.com
2. Perform the following commands
2.1. TCP connect scan
Command
nmap -sT 74.125.193.94

Description: This command performs a TCP connect scan using nmap, which tries to establish
a full TCP connection with each open port of the target host. It's a reliable method to check if
ports are open but can be easily logged by modern firewalls and intrusion detection systems.

Screenshot

2.2. TCP half Open Scans


Command
nmap -sS 74.125.193.94

Description: Known as a SYN scan, this scan sends a SYN packet (as if it's initiating a
connection) and waits for a response. If it receives a SYN-ACK, it indicates the port is open.
Instead of completing the three-way handshake, it sends an RST to close the connection. This
type of scan is stealthier than a full connect scan.

Screenshot
2.3. Xmas Scan
Command
nmap -sX 74.125.193.94

 Description: An Xmas scan sends packets with the FIN, PSH, and URG flags set. This scan
type is called "Xmas" because of the set flags lighting up the packet header like a Christmas
tree. It's used to probe for listening ports on the target system in a stealthy manner, though
not all systems respond predictably.

Screenshot

2.4. Fin Scan


Command
nmap -sF 74.125.193.94

 Description: A FIN scan sends TCP segments with just the FIN flag set to the target. Closed
ports are expected to reply with RST packets, while open or filtered ports ignore the FIN
segment. This type of scan can help bypass some firewalls.

Screenshot
2.5. Banner Grabbing
Command
nmap -sV 74.125.193.94

 Description: This command performs service detection or banner grabbing, which identifies
the service running on an open port along with its version information. This is useful for
identifying potential vulnerabilities of the services running on the host.

Screenshot

2.6. Ping Sweep


Command
nmap -sn 74.125.193.94 192.168.1.7 192.168.1.8

 Description: This conducts a ping sweep, where nmap sends ICMP echo requests (or other
methods if ICMP is blocked) to multiple hosts to check if they are alive. It helps in mapping
out live hosts in a network.

Screenshot
2.7. OS scan
Command
nmap -O 87.121.150.33

 Description: This OS detection command uses TCP/IP stack fingerprinting to identify the
operating system of the target host. It sends a series of TCP and UDP packets to the host and
examines the responses.

Screenshot

2.8. Xss Scan


Command
nmap --script http-xssed.nse -p 80,443 87.121.150.33

 Description: This uses a custom Nmap Scripting Engine (NSE) script to check for cross-site
scripting vulnerabilities in web applications hosted on the target server by testing known
URLs and parameters.

Screenshot
2.9. CSRF scan
Command
nmap -sV --script http-csrf 87.121.150.33

 Description: This command scans for Cross-Site Request Forgery vulnerabilities using
another NSE script. It attempts to find forms and URLs in the web application that might be
vulnerable to CSRF attacks.

Screenshot

2.10. Sql injection


Command
nmap -p 80,443 --script http-sql-injection.nse 87.121.150.33

 Description: Utilizes the http-sql-injection script to scan for SQL injection vulnerabilities in
the web services running on specified ports. It tests various injection techniques to identify
potential SQL injection flaws in the web application.

Screenshot
3. Draw the attack tree for the question given in the class.
3.1. Copy of a file
3.2. Web Application attack
4. Use Wireshark and perform the capture of username and password from the following website
http://testphp.vulnweb.com/

I wet to the provided link signed up with


username test and password test while wireshark is active

Next go to HTTP capture filter and open the userinfo packet

And scroll till you find the login details


5. Find the list of some security tools under

5.1. SAST - Veracode, SonarQube.


5.2. DAST - OWASP ZAP, Burp Suite.
5.3. IAST - Contrast Security, Synopsys Seeker.
5.4. MAST - NowSecure, Lookout.
5.5. SCA - WhiteSource, Snyk.
5.6. RASP - Imperva RASP, Signal Sciences.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy