Categories
Apps & Packages

Network Scanning Tools (part 1)

In this article we take a look at Network Scanning / Mapping tools that are available for Pentesting and Ethical Hacking.

Recently we launched a Poll asking you to vote for your preferred choice of Top Network Scanner. In this article we are going to look at the first 5 of those options to better understand what they are about, key features, and some examples.

arping

ARP stands Address Resolution Protocol and is used for mapping an IP address onto the Ethernet address (MAC address) of a computer that is connected to a network. The arping utility is run via the CLI (Command Line Interface) and sends ARP requests to a specified host and displays the replies. It is similar to performing a ping.

Example of an arp request to find hosts connected to the same network followed by arping request against a specified host. MAC Addresses have been blurred for privacy.

For further detail on this tool please checkout the following resources:

DMitry

DMitry is short for Deepmagic Information Gathering Tool and is a Linux CLI-based utility. Its aim is to gather information about a host such as subdomains, email addresses, uptime, TCP port scan, and whois lookup.

Example of performing a ‘whois’ lookup on a specified domain using dmitry.

For further detail on this tool please checkout the following resources:

ike-scan

IKE stands for Internet Key Exchange and is a standard protocol for ensuring security whilst establishing a VPN (Virtual Private Network) connection.

ike-scan is a tool for discovering and fingerprinting IKE hosts i.e. VPN servers. IKE servers can be found by performing an ‘ike’ search at shodan.io.

Example of running ike-scan with the ‘multiline’ and ‘verbose’ settings.

For further detail on this tool please checkout the following resources:

Kismet

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (Wireless Intrusion Detection System) framework.

‘Wardriving’ is the act of searching for Wi-Fi wireless networks by an attacker usually in a moving vehicle, using a laptop or smartphone.

wikipedia.org

Kismet supports both Wireless and Bluetooth adapters.

Example of accessing Kismet via the web browser at http://localhost:2501 after starting the server using the command kismet -c wlan1 to specify the wireless adapter as a Data Source. MAC Addresses and SSID’s blurred out for privacy.
Example of a popup screen showing a Wireless Access Point from the list on the previous screenshot. MAC Address and SSID blurred out for privacy.

For further detail on this tool please checkout the following resources:

legion

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems.

GoVanguard

Some of the key features include:

  • Automated reconnaissance and scanning using a variety of 3rd party scripts such as NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, and webslayer.
  • Automatic detection of CPE’s* and CVE’s**.
  • Ties CVEs to Exploits as detailed in the Exploit Database.

* CPE stands for Common Platform Enumeration which is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise’s computing assets.

** CVE stands for Common Vulnerabilities and Exposures which is a system that provides a reference-method for publicly known information-security vulnerabilities and exposures.

Example of specifying Legion to run against the local network (IP Range = 192.168.1.0/24).
Example of running an ‘nmap host discovery’ with the router highlighted. A ‘staged nmap scan’ could have also been run.

For further detail on this tool please checkout the following resources:


If you have not yet voted in our poll then please check out the Top Network Scanner page.

Check back soon for our upcoming part 2 of this article.

If you have any questions or comments on the above please feel free to add them below.

Leave a Reply