Quick Chat: Nmap, fping, TheHarvester, Nessus, OpenVAS
What’s up folks! So my teacher wants me to write about some of the tools we’ve used in class. Yea no joke. I know I didn’t post last week, I’ve been busy the standard excuse. But I’m gonna start making some videos for y’all about networking this weekend. You know like Active Directory, DNS, etc. So stay tuned! But for know I gotta get this homework done, literally look at the image above, I gotta just talk about some of the tools. I’m not gonna go into a deep dive of them in this post but if you would like me to do a post about something send me a tweet or contact me via the site!
Here We Go!
Nmap: Short for network mapper. It’s a free and open source utility for network discovery and security auditing. Sysadmins(System Administration) also use it for network inventory, and monitoring host up time.
It’s a super powerful tool. I haven’t even scratched the surface of its true potential. Check out some common Nmap scripts: https://nmap.org/nsedoc/
There’s a lot of cool stuff. I personally use Nmap when I’m trying to build a network diagram. It allows you to see what ports are open and more!
Fping: fping is a program like ping which uses the Internet Control Message Protocol ( ICMP ) echo request to determine if a target host is responding. fping differs from ping in that you can specify any number of targets on the command line, or specify a file with a list of hosts. (Source: https://fping.org/fping.1.html)
It’s basically just a ping with some more capabilities, specifically pinging more than one host.
The Harvester & Metagoofil: Honestly these two are phenomenal OSINT tools. I <3 em my boi Marvi spent the Summer doing a lot of OSINT he’s a very smart dude. I wouldn’t do OSINT justice, but I’ll add OSINT to the blog list. Let’s leave it to Marvi for now. Let him have his thing ;P
Google them and check em out. Like they’re dope.
OpenVAS: Open VAS is a Vulnerability Scanner. It’s very plug and play. You download it set it up and just enter an IP. It has different levels of scanning, and it’s ok. I mean ya know it’s not the best, but it’s ok. Greenbone develops OpenVAS as part of their commercial vulnerability management product family “Greenbone Security Manager” (GSM). Greenbone provides OpenSource IT-Solutions. I’m very bias so let’s just go to a fan favorite.
NESSUS: LES GO!!!! Fun fact: OpenVAS is old old old Nessus. Nessus is awesome! Now I’m bias b/c I interned with Tenable last semester. I don’t think i’m allowed to really plug it. So I’ll just refer you to my friend Claire who’ll talk about being an intern: https://careers.tenable.com/blogs/careers-blog/our-2019-summer-interns-have-arrived
They’re the best vulnerability scanner out there. Granted that’s b/c they’re the only legit vuln scanner i’ve used but it just works so well! So if you want me to try your vulnerability scanner, hmu! I’m looking for a sponsor 😛 😛 😛 Hell it would force me to make my writing become more professional XD
Side Note From The Future: Qualys is another Vulnerability Management tool that competes with Nessus and I’ve Heard Good Things About Them Too