Scanning Phase

The scanning phase is a crucial step in the ethical hacking process, which involves identifying potential vulnerabilities in a target system or network.

The goal of the scanning phase is to gather information about the target system or network, which can then be used to identify potential vulnerabilities and plan the next steps in the ethical hacking process.

Types of scanning

1. Network scanning
2. Vulnerability scanning
3. Port scanning
4. Sniffing

Target information

• IP addresses.
• Type of Operating system used.
• Open ports
• Running services
• Active Hosts

What can an attacker do with your IP address

1. Get system & network informatiion

• sysinfo, OS detection, Ports, Services

2. Vulnerabilities scan
3. Track geolocation

• IP gelocator - latitude, longitude, map

4. Retrieve personal information 

• webcam capture, remote desktop, Logs

5. MITM attack 

Network scanning(IP addresses, OS)

📌Threat Model: Where is the attacker

📌Threat Surface: What can the attacker reach

Network scannning tools

• Nmap

• Wireshark

• Angry IP scanner

• Aircrack-ng

   $nmap -sV 192.168.100.70

Types of NMap scans

• TCP connect scan(-sT)

• SYN scans(-sS) - stealthier

• UDP Scans(-sU) - fire & forget

    
  p => port
  sV => service versions
  A => OS type, version, script scan
  O => remote OS detection

  Copy

Stay Anonymous

1. VPN services
2. Proxy server
3. Tor browser
4. DNS server

---

Vulnerability scanning.

• Acunetix

• dnscan

• Knockpy

• Malware analysis sandbox 

• massdns 

• OpenVAS

• Nikto

• Netcat

• NeXpose

• Nessus

• Virus total

  
  $nc 192.168.1.203 80

  Copy

---

Port scanning(ports,services).

Port scanning Tools

• Angry IP scanner

• Nmap

• Masscan

• Wireshark

  
      $nmap -sT -p 1-1024 <target_ip>
                          

  Copy

📌 If the target has no vulnerabilities, create the vulnerability.

---

Sniffing(Analyze captured traffic).

Is the process of capturing and analyzing network traffic.

Sniffing Tools

1. Steel central packet analyzer
2. Capsa network analyzer
3. Omnipeek
4. Sniffer wicsp
5. Face niff

Vulnerable network protocols

1. Telnet port 23 - keystrokes
2. HTTP 80 - data
3. IMAP - password & data
4. FTP port 44- password & data
5. SMTP- password & data
6. IMAP - password & data
7. POP - password & data

---

Userful references

Books

Videos and tutorials

Websites

• Nmap documentaion