Scribd
Upload
5 views26 pages

ROLE of Web in Modern Threat Detection

This document describes advanced threat detection and VAPT

Uploaded by

hamaza.javed1999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5 views26 pages

ROLE of Web in Modern Threat Detection

This document describes advanced threat detection and VAPT

Uploaded by

hamaza.javed1999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 26

ROLE OF VAPT IN

MODERN THREAT
DETECTION
Lecture by: Eman Hafeez
NMAP (active information
gathering
◦ Nmap is a powerful, open-source network scanning tool used for host
discovery, port scanning, and service enumeration. It is often the first tool
used in a Vulnerability Assessment to gather information about live systems
and open ports.
Main Features of Nmap:
• Host discovery (e.g., ping sweep)
• Port scanning (TCP/UDP)
• Service version detection
• Operating system detection
• Scriptable interaction with services (via NSE – Nmap Scripting Engine)
Enumeration
HTTP
◦ Hypertext Transfer Protocol (HTTP) is the most common protocol used for serving
web content. By default, it runs on port 80.
◦ Enumerating HTTP can reveal a lot of interesting information, including the
applications it is serving.
◦ Nikto is a specialized tool for enumerating the HTTP service and is part of the
default Kali Linux installation.
Nikto
◦ Nikto
◦ Install it from github
◦ Or sudo apt install nikto
◦ Nikto is an open-source web server
vulnerability scanner. It's a widely
used tool in cybersecurity for
identifying potential issues and
misconfigurations on web servers.
Here’s a breakdown of what Nikto is
and what it does:
Nikto
◦ We can enumerate an HTTP target
using the nikto -host command.
◦ nikto –host 192.168.56.102
Nikto
◦ We can enumerate an HTTP target
using the nikto -host command.
◦ nikto –host 192.168.56.102
Task Nmap Command

Scan a single IP nmap 192.168.1.1

Scan a range of IPs nmap 192.168.1.1-50

Nmap Scan entire subnet nmap 192.168.1.0/24

scanning
Detect open ports & services nmap -sV 192.168.1.1

OS Detection nmap -O 192.168.1.1

Aggressive Scan (version, OS,


nmap -A 192.168.1.1
scripts)

Use scripts for known nmap --script vuln


vulnerabilities 192.168.1.1
Nmap
◦ Nmap can also be effectively used for
enumerating HTTP.
◦ HTTP enumeration performed using
Nmap script.
◦ nmap --script http-enum
192.168.56.102
◦ The output of the http-enum Nmap
script shows server information along
with various interesting directories that
can be further explored.
Other Useful Nmap HTTP Scripts:
•http-title: Gets the title of the webpage
•http-headers: Retrieves HTTP headers
•http-methods: Checks what HTTP methods are
supported
•http-vuln-*: Detects specific vulnerabilities in web
apps
FTP
◦ The File Transfer Protocol (FTP) is a
commonly used protocol for transferring
files across systems.
◦ The FTP service runs by default on port
21. Enumerating FTP can reveal
interesting information such as the server
versionand if it allows for anonymous
logins.
◦ use Nmap to enumerate FTP service.
◦ nmap -p 21 -T4 -A -v 192.168.57.102
◦ It reveals that the FTP server is vsftpd
2.3.4, and it allows for anonymous logins
SMTP
◦ The Simple Mail Transfer Protocol (SMTP) is
the service responsible for transmission of
electronic mail.
◦ The service by default runs on port 25.
◦ It is useful to enumerate the SMTP service
in order to know the server version along
with the command it accepts.
◦ We can use the Nmap command
◦ nmap -p 25 -T4 -A -v 192.168.28.102
◦ It tells us that the SMTP server is of type
Postfix and also gives us the list of
commands it is accepting
DNS
◦ The Domain Name System (DNS) is the
most widely used service for
translating domain names into IP
addresses and vice versa.
◦ The DNS service by default runs on
port 53. We can use the Nmap syntax,
as follows, to enumerate the DNS
service.
◦ nmap -p 53 -T4 -A -v 192.168.57.102.
◦ type of DNS server on the target
system is ISC bind version 9.4.2
SSH
◦ Secure Shell (SSH) is a protocol used
for transmitting data securely
between two systems. It is an
effective and secure alternative to
Telnet.
◦ The SSH service by default runs on
port 22.
◦ nmap -p 22 -T4- A -v
192.168.56.102.
◦ It tells us that the target is running
OpenSSH 4.7p1.
http-methods
◦ The http-methods script will help us
enumerate various methods that are
allowed on the target web server.
◦ The syntax for using this script is as
follows: nmap --script http-methods
192.168.57.102
◦ It tells us that the target web server
is allowing the GET, HEAD, POST,
and OPTIONS methods.
What we can use to find
HUMAN INFORMATION
People
◦ To Gather information about peoples where are all lines websites available like
Spokeo, BeenVerified, Pipl, Wink, or Intelius. These sites can be used to search for
people, though searching for people may cost you money.
PeekYou
◦ There are other people search sites that
are more focused on looking at social
networking presence, and searches can
be done using usernames.
◦ The website PeekYou will do people
searches using real names.
◦ PeekYou also allows you to look for a
username.
◦ This username could be found across
multiple social network sites, as well as
other locations where a username is
exposed to the outside world.
Website vulnerability
assessment
Who is Lookup
Whois is a protocol used to query databases for ownership information of domains
and IP addresses

◦ https://www.whois.com/whois/
Wappalyzer
◦ Wappalyzer show’s all the technologies
that are used in website.
Shodan
Shodan is a search engine for Internet-connected devices. It can be used to find
information on public-facing devices and services.
Censys
Censys is similar to Shodan but provides more detailed results on the security posture of
Internet-facing devices.
https://search.censys.io/
TheHarvester
TheHarvester is an OSINT tool used to gather emails, subdomains, IPs, URLs, and
other information from various public sources like search engines.

Command: theHarvester -d CertifiedHacker.com -


b all
theHarvester -d zong.com.pk -b bing
theHarvester -d zong.com.pk -b all
theHarvester -d zong.com.pk -b yahoo
theHarvester -h

You might also like