Scanning in Ethical Hacking
Scanning is the Second Phase of Ethical Hacking. In this phase, an Ethical Hacker finds a way to get access to the system using the information they collected during the Reconnaissance Phase. Here an Ethical Hacker uses various tools like Nmap, Wireshark, in order to get succeed in their mission.
Port Scanning, Network Mapping and Vulnerability Scanning are the main three types of Scanning.
Port Scanning involves identifying open ports on target systems, by using tools like Nmap. In Network Mapping, an Ethical hacker visualize the topology of a network and routers, and then they draw a network diagram with this information. In this way Ethical Hackers visualize the network’s layout and relationship between devices and systems. Vulnerability Scanning involves checking the weakness in a system, that may let malicious hackers to get in and cause problems.
Practical Scanning Methods (Finding out Open Ports)
In the Reconnaissance Phase, we use WhoisLookup website to figure out the IP Address, and other useful information about an organization. Now suppose we get an IP Address that ranges from 18.104.22.168/22, since we get this IP range from the internet so we don’t know what kind of different servers are under this IP, so to figure it out we will use Kali Linux.
NOTE:- Due to Google’s terms and conditions, we are not able to provide you with a practical demonstration of how to accomplish this.
Once we open the Kali Linux, we will use a basic tool namely ‘netdiscover‘, so this tool will help us to figure out what kind of different machines are working under this IP range. So type the command
netdiscover -r 22.214.171.124/22. Once it is done, it will give you the list of machines along with their IP Address that are working under this business.
Now we get the list of IP Addresses that are working under the business. Now you have to copy any IP Address from the above list and use nmap tool to scan the server. Simply type
nmap -sS -p- 126.96.36.199. Once this command completes its execution, it will show you the list of Ports running on the server including their services.
So here we first figure out which servers or IP Addresses are available by using the command
netdiscover -r 188.8.131.52/22. Then we figure out the ports which are open on the server, using the command
nmap -sS -p- 184.108.40.206.
Practical Scanning Methods (Vulnerability Scanning)
Vulnerability Scanning means identifying potential weakness in a network or a system. You can perform Vulnerability Scanning using an open source tool called OpenVAS. OpenVAS stands for Open Vulnerability Assessment System. Here is how you can install OpenVAS on Kali Linux.
First open Kali Linux and type following commands to install OpenVAS.
sudo apt update
sudo apt install openvas
Once the setup is complete you can now start an OpenVAS service using this command:
sudo systemctl start openvas-gsa openvas-gsd
Next you need to access the OpenVAS web interface, for that open a web browser and navigate to
https://localhost:9392 . Once you log into the OpenVAS web interface, create a new target and specify the IP range of a network or system you want to scan for Vulnerabilities.
Share This Post!