Scanning with Masscan.
Hey there, it’s been a minute. I’ve been so busy with my internship and personal stuff + my laptop kinda gave up on me and I had to use some scrappy slow, old piece of junk but I’m back now and we’re back to learning and having some fun.
I thought I’d show you some other scanning tools that you might maybe fancy using, other options that you might prefer. I won’t be going into details with these tool, just to show you the basics of how to get them running and how they work,
First we’ll look at Masscan, which was built to scan the entire internet very fast. You can go through the readme on GitHub, see the usage and syntax, here’s the Masscan. It is built into Kali, just open up your terminal and type masscan.
Lets do a normal port scan with this tool, which should look like this:
So we put in the port range, which in our case is every port and type in what IP to scan.
You can see that we have -sS, remember the stealth scan we looked into, where we do SYN, SYN-ACK and then cut off the connection. The -Pn, from the Nmap post, means it’ll treat everything as though it’s alive. These are some similar nmap options and if you run the scan simultaneously with the Nmap scan, the Nmap will finish first, depends on the set parameters and the size of the sit/machine being scanned.
We can give the Masscan a time rate to follow, which will make the time scan less than without the time specification.
This is just another option for a scanning tool and you can familiarize yourself with it and see how well you like it.
Here’s another scanning tool.
Scanning with Metasploit.
Type in msfconsole int your terminal, like this:
Search for portscan, which should give you a few options back. We’ll be trying the syn scanner, which is the same as the stealth scan.
Type in options, to see the available options for the auxiliary scanner.
Set the rhosts to the IP of your kioptrix machine, then set ports to run to 1 through 65,535 and type run.
This is slow and doesn’t return much detail, but it’ll tell you if something is open and you can thread it to make it go a bit faster.
This is a great tool to get to know how to use.
Now the last scanning tool.
Scanning with Nessus.
Nessus is a vulnerability scanner, which you’ll probably use a lot as a pen-tester/ethical hacker
Go to your favorite browser and search for nessus download, click on the nessus -tenable result and make sure you choose to download the right specifications.
After download is complete, head back over to the terminal and change directory into your Downloads directory. We need to install the Nessus tool by typing the command dpkg (de-package), -i and type in the name of the downloaded tool, this should unpack and install the tool.
Once the command is done running, it’ll show how to start the Nessus tool, you can simply copy and paste it into the terminal.
After pasting the command, click enter, and copy the website below the command into your browser. It’ll say not secure, click advanced and add exception.
This is what should load up after running the link, choose the Nessus essentials.
Fill all the required fields, you need a valid email for an activation code. You should receive the activation code right away, fill it in and create a username and password, it’ll take a while to download the plugins, be patient.
Once it’s installed, you can login with the credentials you provided during the setup. You should have a screen like this:
Nessus has got quite a number of available scans it can perform but the common two (2) you’d be using are the basic & advanced scan.
This is the free edition of nessus, it lets us scan against any private IP address. click on new scan, we obviously haven’t scanned anything yet, and click on basic network scan. Fill in the fields, with your target name, description and IP address(s) and click save, then launch. This updates the vulnerabilities as it finds and also groups them.
I suggest trying out the advanced scan with the same target and see if you get different results, try the available options too.
This is it for the Information gathering, Scanning & Enumeration phase, we’ll be moving on to the Exploitation phase, website penetration testing and more.
Thanks for your patience guys, I appreciate. Have a fun & productive rest of the week and weekend.
Until next time, Keep learning. Keep hacking. And don’t forget to breathe!
Phoenix Information Security 