pip install lxml requestsAction:
| Learning Domains/Level of Learning:
|
Army General Learning Outcomes:
| Safety Requirements:
|
To properly exploit or defend a target, cyber actors must fully understand the weaknesses in its organization, people, systems, etc. This can only be achieved with extensive information gathering through open source research, information collection, and technical fingerprinting/scanning.
During the lesson we will review the following topics:
Appropriate Documentation Practices
Use of Collected Data
Collection Methods
"produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for addressing a specific intelligence requirement."
Why is it important?
What should we include in documentation?
What do we want to collect?
How can it be used in operations?
Are there rules that guide our operations and collection parameters?
What are important factors when collecting data about a target?
Web Data
Sensitive Data
Publicly Accessible
Social Media
Domain and IP Data
Web Data |
Cached Content, Analytics, Proxy Web Application, Command Line Interrogation |
Sensitive Data |
Business Data, Profiles, Non-Profits/Charities, Business Filings, Historical and Public Listings |
Publicly Accessible |
Physical Addresses, Phone Numbers, Email Addresses, User Names, Search Engine Data, Web and Traffic Cameras, Wireless Access Point Data |
Social Media |
Twitter, Facebook, Instagram, People Searches, Registry and Wish Lists |
Domain and IP Data |
DNS Registration, IP Address Assignments, Geolocation Data, Whois |
Standardized markup language for browser interpretation of webpages
Client-side interpretation (web browser)
Utilizes elements (identified by tags)
Typically redirects to another page for server-side interaction
Cascading Stylesheets (CSS) for page themeing
DEMO: Simple HTML page
http://10.50.XX.XX/webexample/htmldemo.html
Data collection through scraping
pip install lxml requests#!/usr/bin/python
import lxml.html
import requests
page = requests.get('http://quotes.toscrape.com')
tree = lxml.html.fromstring(page.content)
authors = tree.xpath('//small[@class="author"]/text()')
print ('Authors: ',authors)What will it output?
Authors: ['Albert Einstein', 'J.K. Rowling', 'Albert Einstein', 'Jane Austen', 'Marilyn Monroe', 'Albert Einstein', u’Andr\xe9 Gide', 'Thomas A. Edison', 'Eleanor Roosevelt', 'Steve Martin']Host Discovery
Find hosts that are online
Port Enumeration
Find ports for each host that is online
Port Interrogation
Find what service is running on each open/available port
Advanced Scanning Techniques
During the lesson we will review the following topics:
Benefits of Scanning with Scripts
Script Management and Utilization
Usage and Examples
"(It) allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap."
Why use scripts, instead of normal scanning options?
Why are scripts important?
Network Discovery
Sophisticated Version Detection
Vulnerability Detection
Backdoor Detection
Vulnerability Exploitation
Scripts are stored in a subdirectory of the Nmap data directory by default:
/usr/share/nmap/scripts
Nmap Familiarization
nmap --script <filename>|<category>|<directory>
nmap --script-help "ftp-* and discovery"
nmap --script-args <args>
nmap --script-args-file <filename>
nmap --script-help <filename>|<category>|<directory>
nmap --script-traceUsage of Nmap NSE