Open In App

Scanning and its Tools

Last Updated : 01 Sep, 2020
Improve
Improve
Like Article
Like
Save
Share
Report

After making a list of attack-able IPs from Reconnaissance phase, we need to work on phase 2 of Ethical hacking i.e., Scanning. Process of scanning is divided into 3 parts.

  1. Determine if system is on and working.
  2. Finding ports on which applications are running.
  3. Scanning target system for vulnerabilities.

Ping and Ping Sweeps :
Simplest way to check if a system is alive is to ping that system’s IP address. A ping is a special form of packet called ICMP packet. On pinging a device IP, an ICMP echo request message is sent to target, and target system send an Echo reply packet in response of echo request message.

Echo reply message tells other valuable information other than telling whether system is alive. It also tells round trip time of packets i.e, time taken by ping message to reach back to us from target system. It also provides information about packet loss which can be helpful in determining reliability of network.

A ping sweep is a method of pinging a list of IP automatically. Pinging a large list of IPs can be time-consuming and problematic. Tool for Ping sweep is Fping. Fping can be invoked by following command.

Fping -a -g 172.16.10.1 172.16.10.20
  • The “-a” switch is used to show a list of only alive IP in our output.
  • “-g” switch is used to specify a range of IP.
  • In above command range of IP is 172.16.10.1 to 172.16.10.20.

Port Scanning :

In a Computer, there are a total of 65, 536 (0-65, 535) ports. Depending upon nature of communication and application using a port, it can be either UDP or TCP. Scanning system for checking which ports are alive and which ports are used by different applications gave us a better idea about target system.

Port Scanning is done by a tool called Nmap. Nmap is written by Gordon “Fyodor” Lyon. It is available in both GUI and command-line interface.

Command :

nmap -sT/U -p 172.16.10.5
  • “-s” is used to specify connection type.
  • -sT means TCP and -sU means UDP connection.
  • “-p” means to scan all ports of target IP.

Vulnerability Scanning :
Vulnerability is a weakness in software or system configuration that can be exploited. Missing patches may result in the vulnerability of software.

Software vendors regularly provide patches for known issues. Some Vulnerability leads to remote code execution which is a holy grail of hacking. One of the tools for vulnerability scanning is Nessus. It can be downloaded from website nessus.org. It contains thousands of plugins for vulnerability scanning. A plugin is a small block of code send to target system IP for purpose of vulnerability scanning.


Like Article
Suggest improvement
Previous
| | Question 36
Next
Count of Substrings having Sum equal to their Length
Share your thoughts in the comments

Similar Reads

Office Tools and Domain Specific Tools
Construct Full Binary Tree using its Preorder traversal and Preorder traversal of its mirror tree
SQL software and query optimization tools
Compiler construction tools
Basics of Computer and its Operations
Geographical information system (GIS) and its Components
Equation of parabola from its focus and directrix
Frequency Domain Filters and its Types
Spatial Filtering and its Types
Perspective Projection and its Types
author
adarsh_sahni
Article Tags :
Practice Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox