Network VAPT Research

Report

Introduction
RESEARCH ON DIFFERENT TOOLS AND METHODS FOR NETWORK SCANNING

Network scanning is a crucial aspect of cyber security and network

management. It involves identifying active devices on a network, their IP
addresses, operating systems, open ports, and services. This report provides an
overview of various tools and techniques used for network scanning.

1. Types of Network Scanning

Network scanning can be broadly categorized into the following types:

 Port Scanning: Identifies open ports and services on a network.

 Vulnerability Scanning: Detects vulnerabilities in network devices and
systems.
 Network Mapping: Visualizes the network structure and connected
devices.
 OS Detection: Identifies the operating systems running on network
devices.

2. Popular Network Scanning Tools

1. Nmap (Network Mapper)

o Description: Nmap is an open-source tool used for network
discovery and security auditing. It can perform various types of
scans such as SYN scan, TCP connect scan, UDP scan, etc.
o Key Features:
 Host discovery
 Port scanning
 OS detection
 Service version detection
 Scriptable interaction with the target


NMAP Scan provided details of

Ports and Services also provide
status of Ports.
NMAP is used to see
which hosts are up is
network

List IP address of
devices connected
to the network.
Using –traceroute, we can see the number of hops to connect
to target system.

We can extract
details for a
particular port
using –p option.

NMAP allows us to
scan for TCP ports only
using –sT option.

NMAP allows
us to scan for
UDP ports only
using –sU
option
 2. Angry IP Scanner
o Description: A fast and user-friendly IP address and port scanner
that is open-source and cross-platform.
o Key Features:
 Scans IP addresses and ports
 Provides detailed scan results
 Exports results in various formats
 Plugins for additional features
3. OpenVAS (Open Vulnerability Assessment Scanner)
o Description: An open-source framework for network vulnerability
scanning and management.
o Key Features:
 Comprehensive vulnerability scanning
 Regular updates of vulnerability definitions
 Detailed reporting
 Integration with other security tools
4. Nessus
o Description: A commercial vulnerability scanner with a free
version available for non-enterprise use.
o Key Features:
 Extensive vulnerability coverage
 Configuration audits
 Patch management integration
 Detailed and customizable reports
5. ZMap
o Description: A fast single-packet network scanner designed for
internet-wide network studies.
o Key Features:
 High-speed scanning
 Can scan the entire IPv4 address space in under 5 minutes
 Modular design for customization

3. Network Scanning Techniques

 1. Ping Sweep
o Description: Determines active devices on a network by sending
ICMP echo requests to multiple IP addresses.
o Tools: Nmap, Angry IP Scanner
2. Port Scanning
o Description: Identifies open ports and the services running on
them.
o Techniques:
 SYN Scan: Sends SYN packets and analyzes responses to
determine open ports.
 TCP Connect Scan: Completes the TCP handshake to identify
open ports.
 UDP Scan: Sends UDP packets to detect open UDP ports.
o Tools: Nmap, ZMap
3. OS Detection
o Description: Determines the operating system of network devices
by analyzing network responses.
o Techniques:
 TCP/IP Stack Fingerprinting: Analyzes variations in
responses from different OS implementations.
o Tools: Nmap
4. Service Version Detection
o Description: Identifies the versions of services running on open
ports.
o Tools: Nmap
5. Vulnerability Scanning
o Description: Scans network devices for known vulnerabilities.
o Techniques:
 Signature-Based Scanning: Uses a database of known
vulnerabilities.
 Behavior-Based Scanning: Analyzes the behavior of services
and applications.
o Tools: OpenVAS, Nessus

4. Best Practices for Network Scanning

 Use Multiple Tools: Different tools provide varied capabilities and

scanning techniques.
 Regular Scanning: Schedule regular scans to ensure up-to-date
information on network security.
  Ethical Considerations: Always obtain proper authorization before
scanning networks.
 Detailed Reporting: Use tools that provide comprehensive and
customizable reports for analysis.
 Update Tools and Databases: Ensure that scanning tools and their
vulnerability databases are regularly updated.

RESEARCH ON SCRIPT SCANNING TO IDENTIFY VULNERABLITIES

Introduction

Script scanning is a critical technique in the cyber security field for identifying
vulnerabilities in applications, websites, and network services. It involves using
scripts to automate the detection of security weaknesses. This report provides
an overview of script scanning, its techniques, popular tools, and best
practices.

1. Understanding Script Scanning

Script scanning leverages automated scripts to perform detailed security

assessments. These scripts can be customized to target specific vulnerabilities
or comprehensive scans across various systems. The primary goal is to identify
security flaws that could be exploited by malicious actors.

Nmap Scripting Engine (NSE)

 Description: NSE is a powerful extension of the Nmap scanner that

allows users to write and use custom scripts for vulnerability detection.
 Key Features:
o Wide range of pre-built scripts for various purposes (e.g., version
detection, vulnerability exploitation)
o Customizable to create specific scripts for unique vulnerabilities
o Integrates with Nmap’s robust scanning capabilities

Nmap‘s Scripting Engines has collection of scripts to automate a wide

variety of Networking task.
These scripts are used for Vulnerability Detection, Backdoor Detection,
and Vulnerability exploitation

Nmap <Target Address> -sc enables the most common scripts to scan
the target address
Nmap <Target Address> --script <Script Name> allows to choose your
own scripts to execute.

Running for all Host scripts

Running the host

scripts for Port
20 and 21.
 Running the
http-brute,
these are used
for Brute Force
Attacks to guess
authentication
credentials to
remote server.

Using smb-
system-info
script .

Using a category vuln,

this specifically checks
known vulnerabilities.
RESEARCH ON TOOLS AND TECHNIQUES ON NETWORK TRAFFIC ANALYSIS.

Introduction

Network traffic analysis involves monitoring, capturing, and analyzing network

data to understand network performance, detect anomalies, and identify
potential security threats. This report provides an overview of various tools
and techniques used for network traffic analysis.
1. Types of Network Traffic Analysis

Network traffic analysis can be broadly categorized into the following types:

 Real-time Analysis: Monitors network traffic as it occurs to detect

immediate issues or anomalies.
 Historical Analysis: Examines past network traffic data to identify trends
and patterns.
 Protocol Analysis: Analyzes the specific protocols used in network
communications.
 Flow Analysis: Focuses on the flow of data packets across the network to
understand traffic patterns.

2. Popular Network Traffic Analysis Tools

1. Wireshark
o Description: An open-source packet analyzer used for network
troubleshooting and analysis.
o Key Features:
 Deep inspection of hundreds of protocols
 Live capture and offline analysis
 Rich display filter language
 VoIP analysis and decryption support
2. TSHARK: Kali Linux Tool is a network protocol analyser. It lets you
capture packet data from a liver network, or read packets from a
previously saved capture file, either printing a decoded form of those
packets to Standard O/P or writing the packets to a file.
3. NetFlow Analyzer (by ManageEngine)
o Description: A comprehensive tool that uses NetFlow, sFlow,
IPFIX, and other flow technologies for real-time network traffic
analysis.
o Key Features:
 Bandwidth monitoring
 Traffic analysis by applications, protocols, and IPs
 Advanced security analytics
 Customizable dashboards and reports
4. SolarWinds Network Performance Monitor (NPM)
o Description: A powerful network monitoring tool that provides in-
depth network traffic analysis.
o Key Features:
 Network path analysis
 Intelligent alerts and reports
 Network insights for deeper visibility
 Integration with other SolarWinds tools
5. tcpdump
o Description: A command-line packet analyzer tool that allows
users to capture and display network traffic.
 o Key Features:
 Real-time packet capturing
 Filtering capabilities using expressions
 Support for various protocols
 Compatibility with multiple Unix-like systems
6. PRTG Network Monitor (by Paessler)
o Description: A versatile network monitoring tool that provides
comprehensive traffic analysis and performance monitoring.
o Key Features:
 Bandwidth usage monitoring
 Customizable sensor setup
 Real-time alerts and notifications
 Detailed traffic and performance reports

3. Network Traffic Analysis Techniques

1. Packet Capture and Analysis

o Description: Involves capturing network packets and analyzing
their content to understand network behavior and identify issues.
o Application: Useful for deep packet inspection and detailed
protocol analysis.
o Tools: Wireshark, tcpdump
2. Flow Analysis
o Description: Focuses on the flow of data packets across the
network, using flow records to analyze traffic patterns.
o Application: Effective for bandwidth monitoring and traffic trend
analysis.
o Tools: NetFlow Analyzer, SolarWinds NPM
3. Protocol Analysis
o Description: Examines the specific protocols used in network
communications to identify protocol-specific issues and
optimizations.
o Application: Essential for troubleshooting protocol-related issues
and ensuring protocol compliance.
o Tools: Wireshark, tcpdump
4. Real-time Monitoring
o Description: Involves continuously monitoring network traffic to
detect and respond to anomalies or performance issues in real-
time.
o Application: Crucial for maintaining network security and
performance.
 oTools: PRTG Network Monitor, SolarWinds NPM
5. Behavioral Analysis
o Description: Analyzes network traffic patterns to detect abnormal
behavior that may indicate security threats or network issues.
o Application: Important for identifying potential security breaches
and unusual network activity.
o Tools: NetFlow Analyzer, SolarWinds NPM

REFERENCES
 https://www.comptia.org/content/articles/what-is-wireshark-and-how-to-use-it
THANK YOU
 Done by
Prajakta Shende
Cybersecurity Intern
CyberSapiens