Network Mapping is a process by which the devices on the network and their connectivity types can be discovered. It is very important for network engineer as well as a penetration tester or a hacker to know this tool. The most preferred way of mapping is using Nmap.
What is Nmap?
“Nmap is a security scanner, originally written by Gordon Lyon, used to discover hosts and services on a computer network, thus building a “map” of the network.” (Ref: Wikipedia)
- On Linux: Kali Linux comes preinstalled with Nmap, so you can use right after the installation of Kali Linux
- On Windows: On Windows, Nmap can be installed using multiple ways as mentioned below.
- Download and install using Nmap Installer from here
- Get Pentest Box which have nmap included. Here is the download link
- On MAC: For MAC OS, download installer from here. More detailed instruction on installation can be found here
- To scan a particular ip or hostname:
nmap ip or hostname
- Scanning a specific port
nmap -p 22 192.168.1.1
The above command will scan the ip 192.168.1.1 for port 22
- For a range of ports
nmap 192.168.1.1 -p1-1000
The above command will scan the ip 192.168.1.1 from port range 1 to 1000
- To check what service a port is running
nmap -sV 192.168.1.1
- Scanning an entire IP range
- To scan all 65535 ports
nmap -p- 192.168.1.1
- OS detection
nmap -O 192.168.1.1
- To scan an IP using TCP conect
nmap -sT 192.168.1.1
- To scan using TCP SYN
nmap -sS 192.168.1.1
- For UDP scan
nmap -sU 192.168.1.1
Nmap comes preloaded with lot of features for various type of scan which can be used depending upon the requirement and how the target server is setup. To get all the options and flags supported by nmap use the help command:
Most of you might be hearing the term
Bug-Bounty the very first time!
What is bug bounties? What are the benefits of bug bounties? And how
to get successfully into bug bounties?
The answers to these questions are answered in this post in detail.
What is bug bounty?
It is a program run by websites and software developers who reward people for finding and reporting security related issues in their websites or products. All bugs can’t be considered valid in a bug bounty programs, but only those which can have impact on the security or integrity of the website or privacy of the customers data.
What are the benefits of bug bounty program?
Bug Bounty program benefits everyone directly or indirectly. It is a win-win situation,
where everybody gets some sort of benefit.
- Companies and Organisation running the bug bounty program gets benefited by patching the security holes. Thus, making their websites and infrastructures more secure and also protecting their customers data.
- The bug bounty hunter or the bug reporter gets paid generously for their work as well as appreciation for their contribution. Also, It generates a goodwill feeling that they are doing something which is helping the community. Moreover, you can opt application penetration testing as a career. There is a huge demand of security researchers in different fields and companies are investing billions to make internet a secure and safer place for everyone.
- The customers or the end consumers gets better protection of their data and privacy. Thus, leveraging their trust towards the Company.
Getting Started Into Bug Bounty
For beginners, it is like finding a corner in circle. There are hundreds of tutorials and resources available online which makes it difficult to plan what method should be followed. But still there are some specific way which are easy to follow with better results and understanding. Initially Bug Bounties takes a lot of time and efforts to start.
The path to reach success
First get to know about the vulnerabilities in detail which you will be going to find in the upcoming days. The method is simple which mostly works, pick any one type of bug and dig deeper about that. Here is the OWASP Top 10 list for reference to all type of bugs which are found in wild in web application and have severe impact. So, pick any one type from the list and learn more about it. Use google as extensively as possible.
Time to get wild:
Once you feel that you are ready to find bugs in live applications, signup at HackerOne or BugCrowd, which has a huge list of running bug bounty programs. Select any one of the programs and try to find the bugs using the knowledge you’ve gained. At first you might not get any bugs here as these sites have already been tented multiple times by many security researchers. So, you might have to keep trying, maybe for a week or few days.
It is important to read the program terms and scope very carefully. You can check Hackerone’s Hacktivity to understand the approaches followed by bug hunters and how they found bugs as well as how to make a good report. It is a very important to note that the report you send to any program for a bug which you found, should be in the specified format with clear instructions to replicate the bug and working proof of concepts.
Switch to Linux:
If you are still using windows, then switching to Linux is better. It is ideal to learn to use Linux, as most of the tools used in penetration testing can be found in Linux. Kali Linux by Offensive Security is one of the best penetration testing Operating System out there which includes thousands of tools pre-installed and ready to use.
Learn Burp Suite:
Burp Suite is a proxy tool which includes advanced features which is a must have tool for any web application penetration tester. Get a free version of burp suite from here. You can learn setting up burp and basic tutorial here.
All the above mentioned methods are enough to start your bug hunting journey. In the upcoming weeks, we will be posting more in-depth techniques and methods to sharpen your skills as well as resources covering particular topics.
Till then wish you all the best. Remember, “it takes patience and perseverance to achieve something worthy to boast about.”