Nmap: Network Exploration and Security Auditing Cookbook - Second Edition oleh Paulino Calderon

Key FeaturesLearn through practical recipes how to use Nmap for a wide range of tasks for system administrators and penetration testers.Learn the latest and most useful features of Nmap and the Nmap Scripting Engine.Learn to audit the security of networks, web applications, databases, mail servers, Microsoft Windows servers/workstations and even ICS systems.Learn to develop your own modules for the Nmap Scripting Engine.Become familiar with Lua programming.100% practical tasks, relevant and explained step-by-step with exact commands and optional arguments descriptionBook DescriptionThis is the second edition of Nmap 6: Network Exploration and Security Auditing Cookbook. A book aimed for anyone who wants to master Nmap and its scripting engine through practical tasks for system administrators and penetration testers. Besides introducing the most powerful features of Nmap and related tools, common security auditing tasks for local and remote networks, web applications, databases, mail servers, Microsoft Windows machines and even ICS SCADA systems are explained step by step with exact commands and argument explanations.The book starts with the basic usage of Nmap and related tools like Ncat, Ncrack, Ndiff and Zenmap. The Nmap Scripting Engine is thoroughly covered through security checks used commonly in real-life scenarios applied for different types of systems. New chapters for Microsoft Windows and ICS SCADA systems were added and every recipe was revised. This edition reflects the latest updates and hottest additions to the Nmap project to date. The book will also introduce you to Lua programming and NSE script development allowing you to extend further the power of Nmap.What You Will LearnLearn about Nmap and related tools, such as Ncat, Ncrack, Ndiff, Zenmap and the Nmap Scripting EngineMaster basic and advanced techniques to perform port scanning and host discoveryDetect insecure configurations and vulnerabilities in web servers, databases, and mail serversLearn how to detect insecure Microsoft Windows workstations and scan networks using the Active Directory technologyLearn how to safely identify and scan critical ICS/SCADA systemsLearn how to optimize the performance and behavior of your scansLearn about advanced reportingLearn the fundamentals of Lua programmingBecome familiar with the development libraries shipped with the NSEWrite your own Nmap Scripting Engine scriptsAbout the AuthorPaulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software.Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017.He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.Table of ContentsNmap FundamentalsNetwork ExplorationReconnaissance TasksScanning Web ServersScanning DatabasesScanning Mail ServersScanning Windows SystemsScanning ICS SCADA SystemsOptimizing ScansGenerating Scan ReportsWriting Your Own NSE ScriptsHTTP, HTTP Pipelining, and Web Crawling Configuration OptionsBrute Force Password Auditing OptionsNSE DebuggingAdditional Output OptionsIntroduction to LuaReferences and Additional Reading