توضیحاتی در مورد کتاب :
راهنمای مرجع کامل برای تسلط بر Nmap و موتور برنامه نویسی آن، پوشش وظایف عملی برای پرسنل فناوری اطلاعات، مهندسین امنیت، مدیران سیستم و علاقه مندان به امنیت برنامه ها ویژگی های کلیدی: با کمک دستور العمل های عملی نحوه استفاده از Nmap و سایر ابزارهای خانواده Nmap را بیاموزید. جدیدترین و قدرتمندترین ویژگیهای Nmap و موتور برنامهنویسی Nmap را کشف کنید بررسیهای امنیتی رایج برای برنامهها، محیطهای مایکروسافت ویندوز، اسکادا و مینفریمها را بررسی کنید شرح کتاب: Nmap یکی از قدرتمندترین ابزارها برای کشف شبکه و ممیزی امنیتی است که توسط میلیونها نفر استفاده میشود. متخصصان فناوری اطلاعات، از مدیران سیستم گرفته تا متخصصان امنیت سایبری. این نسخه سوم کتاب آشپزی Nmap: اکتشاف شبکه و حسابرسی امنیت Nmap و خانواده آن - Ncat، Ncrack، Ndiff، Zenmap و موتور اسکریپتنویسی Nmap (NSE) را معرفی میکند و شما را از طریق وظایف متعددی که به مهندسین امنیت امروزی مرتبط هستند راهنمایی میکند. اکوسیستم های فناوری این کتاب برخی از رایج ترین و مفیدترین وظایف را برای اسکن میزبان ها، شبکه ها، برنامه ها، مین فریم ها، محیط های یونیکس و ویندوز و سیستم های ICS/SCADA مورد بحث قرار می دهد. کاربران پیشرفته Nmap میتوانند با کاوش در قابلیتهای پنهان در Nmap و اسکریپتهای آن و همچنین گردشهای کاری پیشرفته و تنظیمات برای تنظیم دقیق اسکنهای خود از این کتاب بهرهمند شوند. کاربران باتجربه برنامهها و ابزارهای شخص ثالث جدیدی پیدا میکنند که میتوانند به آنها در مدیریت اسکنها و حتی شروع به توسعه اسکریپتهای NSE خود کمک کنند. مثالهای عملی که در قالب کتاب آشپزی ارائه میشوند، این کتاب را برای به خاطر سپردن سریع گزینههای Nmap، اسکریپتها و آرگومانها و موارد دیگر عالی میسازند. تا پایان این کتاب Nmap، میتوانید میزبانهای متعددی را با موفقیت اسکن کنید، از مناطق آسیبپذیر بهرهبرداری کنید و اطلاعات ارزشمندی را جمعآوری کنید. آنچه خواهید آموخت: سیستم ها را اسکن کنید و رایج ترین آسیب پذیری ها را بررسی کنید. محبوب ترین پروتکل های شبکه را کاوش کنید. نحوه شناسایی نقاط ضعف رایج در محیطهای ویندوز بهینهسازی عملکرد و بهبود نتایج اسکنها این کتاب برای چه کسانی است: این کتاب آشپزی Nmap برای پرسنل فناوری اطلاعات، مهندسین امنیت، مدیران سیستم، علاقهمندان به امنیت برنامهها یا هر کسی که میخواهد بر Nmap و اسکریپتنویسی آن مسلط باشد، میباشد. موتور این کتاب همچنین برای کسانی که به دنبال یادگیری در مورد ممیزی امنیت شبکه هستند توصیه می شود، به خصوص اگر علاقه مند به درک پروتکل ها و برنامه های کاربردی رایج در سیستم های مدرن هستند. کاربران پیشرفته و باتجربه Nmap نیز با یادگیری ویژگیها، گردش کار و ابزارهای جدید سود خواهند برد. قبل از شروع این کتاب، دانش اولیه شبکه، لینوکس و مفاهیم امنیتی مورد نیاز است.
فهرست مطالب :
Cover
Title Page
Copyright and Credits
Contributors
Table of Contents
Preface
Chapter 1: Nmap Fundamentals
Technical requirements
Building Nmap\'s source code
Getting ready
How to do it...
How it works...
There\'s more...
Finding online hosts
How to do it...
How it works...
There\'s more...
Listing open ports on a target
How to do it...
How it works...
There\'s more...
Fingerprinting OSes and services running on a target
How to do it...
How it works...
There\'s more...
Using NSE scripts against a target host
How to do it...
How it works...
There\'s more...
Scanning random targets on the internet
How to do it...
How it works...
There\'s more...
Collecting signatures of web servers
How to do it...
How it works...
There\'s more...
Scanning with Rainmap Lite
Getting ready
How to do it...
How it works...
There\'s more...
Chapter 2: Getting Familiar with Nmap\'s Family
Monitoring servers remotely with Nmap and Ndiff
Getting ready
How to do it...
How it works...
There\'s more...
Crafting ICMP echo replies with Nping
How to do it...
How it works...
There\'s more...
Managing multiple scanning profiles with Zenmap
How to do it...
How it works...
There\'s more...
Running Lua scripts against a network connection with Ncat
How to do it...
How it works...
There\'s more...
Discovering systems with weak passwords with Ncrack
Getting ready
How to do it...
How it works...
There\'s more...
Using Ncat to diagnose a network client
How to do it...
How it works...
There is more...
Defending against Nmap service detection scans
How to do it...
How it works...
There\'s more...
Chapter 3: Network Scanning
Discovering hosts with TCP SYN ping scans
How to do it...
How it works...
There\'s more...
Discovering hosts with TCP ACK ping scans
How to do it...
How it works...
There\'s more...
Discovering hosts with UDP ping scans
How to do it...
How it works...
There\'s more...
Selecting ports in UDP ping scans
Discovering hosts with ICMP ping scans
How to do it...
How it works...
There\'s more...
Discovering hosts with SCTP INIT ping scans
How to do it...
How it works...
There\'s more...
Discovering hosts with IP protocol ping scans
How to do it...
How it works...
There\'s more...
Discovering hosts with ARP ping scans
How to do it...
How it works...
There\'s more...
Performing advanced ping scans
How to do it...
How it works...
There\'s more...
Discovering hosts with broadcast ping scans
How to do it...
How it works...
There\'s more...
Scanning IPv6 addresses
How to do it...
How it works...
There\'s more...
Spoofing the origin IP of a scan
Getting ready
How to do it...
How it works…
There\'s more...
Using port scanning for host discovery
How to do it...
How it works...
There\'s more...
Chapter 4: Reconnaissance Tasks
Performing IP address geolocation
Getting ready
How to do it...
How it works...
There\'s more...
Getting information from WHOIS records
How to do it...
How it works...
There\'s more...
Obtaining traceroute geolocation information
How to do it...
How it works...
There\'s more...
Querying Shodan to obtain target information
Getting ready
How to do it...
How it works...
There\'s more...
Collecting valid email accounts and IP addresses from web servers
How to do it...
How it works...
There\'s more...
Discovering hostnames pointing to the same IP address
How to do it...
How it works...
There\'s more...
Discovering hostnames by brute-forcing DNS records
How to do it...
How it works...
There\'s more...
Matching services with public vulnerability advisories and picking the low-hanging fruit
How to do it...
How it works...
There\'s more...
Chapter 5: Scanning Web Servers
Listing supported HTTP methods
How to do it...
How it works...
There\'s more...
Discovering interesting files and folders on web servers
How to do it...
How it works...
There\'s more...
Brute forcing HTTP authentication
How to do it...
How it works...
There\'s more...
Brute forcing web applications
How to do it...
How it works...
There\'s more...
Detecting web application firewalls
How to do it...
How it works...
There\'s more...
Detecting possible XST vulnerabilities
How to do it...
How it works...
There\'s more...
Detecting XSS vulnerabilities
How to do it...
How it works...
There\'s more...
Finding SQL injection vulnerabilities
How to do it...
How it works...
There\'s more…
Finding web applications with default credentials
How to do it...
How it works...
There\'s more...
Detecting insecure cross-domain policies
How to do it...
How it works...
There\'s more...
Detecting exposed source code control systems
How to do it...
How it works...
There\'s more...
Auditing the strength of cipher suites in SSL servers
How to do it...
How it works...
There\'s more...
Chapter 6: Scanning Databases
Listing MySQL databases
How to do it…
How it works...
There\'s more...
Listing MySQL users
How to do it...
How it works…
There\'s more...
Listing MySQL variables
How to do it...
How it works...
There\'s more...
Brute forcing MySQL passwords
How to do it...
How it works...
There\'s more...
Finding root accounts with an empty password in MySQL servers
How to do it...
How it works...
There\'s more...
Detecting insecure configurations in MySQL servers
How to do it...
How it works...
There\'s more...
Brute forcing Oracle passwords
How to do it...
How it works...
There\'s more...
Brute forcing Oracle SID names
How to do it...
How it works...
There\'s more...
Retrieving information from MS SQL servers
How to do it...
How it works...
There\'s more...
Brute forcing MS SQL passwords
How to do it...
How it works...
There\'s more...
Dumping password hashes of MS SQL servers
How to do it...
How it works...
There\'s more...
Running commands through xp_cmdshell in MS SQL servers
How to do it...
How it works...
There\'s more...
Finding system administrator accounts with empty passwords in MS SQL servers
How to do it...
How it works...
There\'s more...
Obtaining information from MS SQL servers with NTLM enabled
How to do it...
How it works...
There\'s more...
Retrieving MongoDB server information
How to do it...
How it works...
There\'s more...
Detecting MongoDB instances with no authentication enabled
How to do it...
How it works...
There\'s more...
Listing MongoDB databases
How to do it...
How it works...
There\'s more...
Listing CouchDB databases
How to do it...
How it works...
There\'s more...
Retrieving CouchDB database statistics
How to do it...
How it works...
There\'s more...
Detecting Cassandra databases with no authentication enabled
How to do it...
How it works...
There\'s more...
Brute forcing Redis passwords
How to do it...
How it works...
There\'s more...
Chapter 7: Scanning Mail Servers
Detecting SMTP open relays
How to do it...
How it works...
There\'s more...
Brute-forcing SMTP passwords
How to do it...
How it works...
There\'s more...
Detecting suspicious SMTP servers
How to do it...
How it works...
There\'s more...
Enumerating SMTP usernames
How to do it...
How it works...
There\'s more...
Brute-forcing IMAP passwords
How to do it...
How it works...
There\'s more...
Retrieving the capabilities of an IMAP server
How to do it...
How it works...
There\'s more...
Brute-forcing POP3 passwords
How to do it...
How it works...
There\'s more...
Retrieving the capabilities of a POP3 server
How to do it...
How it works...
There\'s more...
Retrieving information from SMTP servers with NTLM authentication
How to do it...
How it works...
There\'s more...
Chapter 8: Scanning Windows Systems
Obtaining system information from SMB
How to do it...
How it works...
There\'s more...
Detecting Windows clients with SMB signing disabled
How to do it...
How it works...
There\'s more...
Detecting IIS web servers that disclose Windows 8.3 names
How to do it...
How it works...
There\'s more...
Detecting Windows hosts vulnerable to MS08-067 and MS17-010
How to do it...
How it works...
There\'s more...
Retrieving the NetBIOS name and MAC address of a host
How to do it...
How it works...
There\'s more...
Enumerating user accounts of Windows targets
How to do it...
How it works...
There\'s more...
Enumerating shared folders
How to do it...
How it works...
There\'s more...
Enumerating SMB sessions
How to do it...
How it works...
There\'s more...
Finding domain controllers
How to do it...
How it works...
There\'s more…
Detecting the Shadow Brokers\' DOUBLEPULSAR SMB implants
How to do it...
How it works...
There\'s more...
Listing supported SMB protocols
How to do it...
How it works...
There\'s more...
Detecting vulnerabilities using the SMB2/3 boot-time field
How to do it...
How it works...
There\'s more...
Detecting whether encryption is enforced in SMB servers
How to do it...
How it works...
There\'s more...
Chapter 9: Scanning ICS/SCADA Systems
Finding common ports used in ICS/SCADA systems
How to do it...
How it works...
There\'s more...
Finding HMI systems
How to do it...
How it works...
There\'s more...
Enumerating Siemens SIMATIC S7 PLCs
How to do it...
How it works...
There\'s more...
Enumerating Modbus devices
How to do it...
How it works...
There\'s more...
Enumerating BACnet devices
How to do it...
How it works...
There\'s more...
Enumerating Ethernet/IP devices
How to do it...
How it works...
There\'s more...
Enumerating Niagara Fox devices
How to do it...
How it works...
There\'s more...
Enumerating ProConOS devices
How to do it...
How it works...
There\'s more...
Enumerating Omrom PLC devices
How to do it...
How it works...
There\'s more...
Enumerating PCWorx devices
How to do it...
How it works...
Chapter 10: Scanning Mainframes
Listing CICS transaction IDs in IBM mainframes
How to do it...
How it works...
There\'s more...
Enumerating CICS user IDs for the CESL/CESN login screen
How to do it...
How it works...
There\'s more...
Brute-forcing z/OS JES NJE node names
How to do it...
How it works...
There\'s more...
Enumerating z/OS TSO user IDs
How to do it...
How it works...
There\'s more...
Brute-forcing z/OS TSO accounts
How to do it...
How it works...
There\'s more...
Listing VTAM application screens
How to do it...
How it works...
There\'s more...
Chapter 11: Optimizing Scans
Skipping phases to speed up scans
How to do it...
How it works...
There\'s more...
Selecting the correct timing template
How to do it...
How it works...
There\'s more...
Adjusting timing parameters
How to do it...
There\'s more...
Adjusting performance parameters
How to do it...
How it works...
There\'s more...
Adjusting scan groups
How to do it...
There\'s more...
Distributing a scan among several clients using dnmap
Getting ready
How to do it...
How it works...
There\'s more...
Chapter 12: Generating Scan Reports
Saving scan results in a normal format
How to do it...
How it works...
There\'s more...
Saving scan results in an XML format
How to do it...
How it works...
There\'s more...
Saving scan results to a SQLite database
Getting ready
How to do it...
How it works...
There\'s more...
Saving scan results in a grepable format
How to do it...
How it works...
There\'s more...
Generating a network topology graph with Zenmap
How to do it...
How it works...
There\'s more...
Generating HTML scan reports
Getting ready
How to do it...
How it works...
There\'s more...
Reporting vulnerability checks
How to do it...
How it works...
There\'s more...
Generating PDF reports with fop
Getting ready
How to do it...
How it works...
There\'s more...
Saving NSE reports in Elasticsearch
Getting ready
How to do it...
How it works...
There\'s more...
Visualizing Nmap scan results with IVRE
Getting ready
How to do it...
How it works...
There\'s more...
Chapter 13: Writing Your Own NSE Scripts
Making HTTP requests to identify vulnerable Supermicro IPMI/BMC controllers
How to do it...
How it works...
There\'s more...
Sending UDP payloads using NSE sockets
How to do it...
How it works...
There\'s more...
Generating vulnerability reports in NSE scripts
How to do it...
How it works...
There\'s more...
Exploiting an SMB vulnerability
How to do it...
How it works...
There\'s more...
Writing brute-force password auditing scripts
How to do it...
How it works...
There\'s more...
Crawling web servers to detect vulnerabilities
How to do it...
How it works...
There\'s more...
Working with NSE threads, condition variables, and mutexes in NSE
How to do it...
How it works...
There\'s more...
Writing a new NSE library in Lua
How to do it...
How it works...
There\'s more...
Writing a new NSE library in C/C++
How to do it...
How it works...
There\'s more...
Getting your scripts ready for submission
How to do it...
How it works...
There\'s more...
Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine
Generating vulnerability reports in NSE scripts
How to do it...
How it works...
There\'s more...
Writing brute-force password auditing scripts
How to do it...
How it works...
There\'s more...
Crawling web servers to detect vulnerabilities
How to do it...
How it works...
There\'s more...
Exploiting SMB vulnerabilities
How to do it...
How it works...
There\'s more...
Appendix A– HTTP, HTTP Pipelining, and Web Crawling Configuration Options
HTTP user agent
HTTP pipelining
Configuring the NSE httpspider library
Appendix B – Brute-Force Password Auditing Options
Brute modes
Appendix C – NSE Debugging
Debugging NSE scripts
Exception handling
Appendix D – Additional Output Options
Saving output in all formats
Appending Nmap output logs
Including debugging information in output logs
Including the reason for a port or host state
OS detection in verbose mode
Appendix E – Introduction to Lua
Flow control structures
Conditional statements – if, then, elseif
Loops – while
Loops – repeat
Loops – for
Data types
String handling
Character classes
Magic characters
Patterns
Captures
Repetition operators
Concatenation
Finding substrings
String repetition
String length
Formatting strings
Splitting and joining strings
Common data structures
Tables
Arrays
Linked lists
Sets
Queues
Custom data structures
I/O operations
Modes
Opening a file
Reading a file
Writing a file
Closing a file
Coroutines
Creating a coroutine
Executing a coroutine
Determining the current coroutine
Getting the status of a coroutine
Yielding a coroutine
Metatables
Arithmetic metamethods
Relational metamethods
Things to remember when working with Lua
Comments
Dummy assignments
Indexes
Semantics
Coercion
Safe language
Booleans
Appendix F – References and Additional Reading
Other Books You May Enjoy
Index
توضیحاتی در مورد کتاب به زبان اصلی :
A complete reference guide to mastering Nmap and its scripting engine, covering practical tasks for IT personnel, security engineers, system administrators, and application security enthusiasts Key Features: Learn how to use Nmap and other tools from the Nmap family with the help of practical recipes Discover the latest and most powerful features of Nmap and the Nmap Scripting Engine Explore common security checks for applications, Microsoft Windows environments, SCADA, and mainframes Book Description: Nmap is one of the most powerful tools for network discovery and security auditing used by millions of IT professionals, from system administrators to cybersecurity specialists. This third edition of the Nmap: Network Exploration and Security Auditing Cookbook introduces Nmap and its family - Ncat, Ncrack, Ndiff, Zenmap, and the Nmap Scripting Engine (NSE) - and guides you through numerous tasks that are relevant to security engineers in today\'s technology ecosystems. The book discusses some of the most common and useful tasks for scanning hosts, networks, applications, mainframes, Unix and Windows environments, and ICS/SCADA systems. Advanced Nmap users can benefit from this book by exploring the hidden functionalities within Nmap and its scripts as well as advanced workflows and configurations to fine-tune their scans. Seasoned users will find new applications and third-party tools that can help them manage scans and even start developing their own NSE scripts. Practical examples featured in a cookbook format make this book perfect for quickly remembering Nmap options, scripts and arguments, and more. By the end of this Nmap book, you will be able to successfully scan numerous hosts, exploit vulnerable areas, and gather valuable information. What You Will Learn: Scan systems and check for the most common vulnerabilities Explore the most popular network protocols Extend existing scripts and write your own scripts and libraries Identify and scan critical ICS/SCADA systems Detect misconfigurations in web servers, databases, and mail servers Understand how to identify common weaknesses in Windows environments Optimize the performance and improve results of scans Who this book is for: This Nmap cookbook is for IT personnel, security engineers, system administrators, application security enthusiasts, or anyone who wants to master Nmap and its scripting engine. This book is also recommended for anyone looking to learn about network security auditing, especially if they\'re interested in understanding common protocols and applications in modern systems. Advanced and seasoned Nmap users will also benefit by learning about new features, workflows, and tools. Basic knowledge of networking, Linux, and security concepts is required before taking up this book.