Post on 07-Apr-2018
transcript
8/4/2019 Automated Security Scanning Guide
1/17
AUTOMATED SECURITY
SCANNING GUIDE
Hacke rTa rge t . com LLCEveryone is a Target
peter hackertarget.comhttp://hackertarget.com
This work is licensed under aCreative Commons Attribution-NoDerivs 3.0 Unported License.
http://hackertarget.com/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://www.facebook.com/pages/HackerTargetcom-LLC/156516474419705?sk=app_2309869772http://twitter.com/hackertarget/http://hackertarget.com/http://creativecommons.org/licenses/by-nd/3.0/8/4/2019 Automated Security Scanning Guide
2/17
AUTOMATED SECURITY SCANNING GUIDE
Table of Contents
GETTING STARTED..............................................................................................................3
INTRODUCTION....................................................................................................................3
REGISTRATION......................................................................................................................3FREE USER PROCESS.........................................................................................................3
MEMBERSHIP OPTION......................................................................................................3
OVERVIEW OF SCAN OPTIONS........................................................................................ 4
RECON TO VULNERABILITY DISCOVERY......................................................................4
Intelligence Collection....................................................................................................... 4
Server / IP Address Analysis.............................................................................................4
Web Site Fingerprinting and Testing..............................................................................4
Content Management Systems (CMS)...........................................................................4
AUTOMATED SCANS DETAILED......................................................................................5DOMAIN PROFILER.............................................................................................................. 5
HOSTING SERVER INFO ..................................................................................................... 6
NMAP PORT SCAN............................................................................................................... 7
OPENVAS VULNERABILITY SCAN................................................................................... 8
SSL SECURITY CHECK.......................................................................................................... 9
NIKTO WEB SERVER SCAN..............................................................................................10
SQL INJECTION TEST........................................................................................................ 11
WHATWEB WEBSITE FINGERPRINT.............................................................................12
BLINDELEPHANT VERSION TEST..................................................................................13
WORDPRESS SECURITY SCAN........................................................................................14
JOOMLA SECURITY SCAN...............................................................................................15
DRUPAL SECURITY SCAN................................................................................................16
MANUAL SECURITY ASSESSMENT...............................................................................17
HACKERTARGET.COM LLC Page 2
http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/8/4/2019 Automated Security Scanning Guide
3/17
AUTOMATED SECURITY SCANNING GUIDE
GETTING STARTED
INTRODUCTIONThere are 12 automated scanning tools available from HackerTarget.com;each of these tools perform a variety of security tests and informationgathering functions. This guide will outline the process and detail thepurpose of the tools.
On-line SecurityScans are an easyand convenient
way to test public
facing Internethosts.
REGISTRATION
All scans are available for Free and there is also a membership basedoption that includes the ability to perform a higher number of scans eachday along with some other advanced capabilities.
FREE USER PROCESS
1. First time scan users are sent an email confirmation link2. Once confirmed all scans are available for Free3. Up to 4 scans can be performed each day
MEMBERSHIP OPTION
1. Select membership option2. Make payment with Paypal or Credit Card
3. Email is registered and all scans are available up to daily limit
HACKERTARGET.COM LLC Page 3
http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://creativecommons.org/licenses/by-nd/3.0/http://hackertarget.com/http://hackertarget.com/scan-membership/http://hackertarget.com/8/4/2019 Automated Security Scanning Guide
4/17
AUTOMATED SECURITY SCANNING GUIDE
OVERVIEW OF SCAN OPTIONS
RECON TO VULNERABILITY DISCOVERY
Intelligence Collection
Collect information about organizations from open source resources,the domain name system and Internet search engines. These scanssend only a limited amount of data to the target and can be hard todetect.
Domain Profiler ScanHosting Server Info
Server / IP Address Analysis
Discover network details, firewall issues and security vulnerabilitieswith these types of scans.
Nmap Port ScanOpenVas Security Vulnerability ScanSSL Security Check
Web Site Fingerprinting and Testing
Attackers commonly target the web site as it is often the most publicand vulnerable part of an organizations infrastructure.
Nikto Web Server ScanSQL Injection ScanWhatWeb Site AnalysisBlindElephant application version testing
Content Management Systems (CMS)
The three most popular CMS systems are the open sourceWordPress, Joomla and Drupal. These external tests, give a quickoverview of the security status of the installation.
WordPress Security ScanJoomla Security ScanDrupal Security Scan
See the detailedscan page for more
information oneach scan type
HACKERTARGET.COM LLC Page 4
http://hackertarget.com/domain-profiler/http://hackertarget.com/server-info/http://hackertarget.com/nmap-scan/http://hackertarget.com/openvas-scanhttp://hackertarget.com/ssl-checkhttp://hackertarget.com/website-scanhttp://hackertarget.com/free-sql-scanhttp://hackertarget.com/whatweb-scanhttp://hackertarget.com/blindelephant-scanhttp://hackertarget.com/wordpress-security-scan/http://hackertarget.com/joomla-security-scan/http://hackertarget.com/drupal-security-scan/http://hackertarget.com/server-info/http://hackertarget.com/nmap-scan/http://hackertarget.com/openvas-scanhttp://hackertarget.com/ssl-checkhttp://hackertarget.com/website-scanhttp://hackertarget.com/free-sql-scanhttp://hackertarget.com/whatweb-scanhttp://hackertarget.com/blindelephant-scanhttp://hackertarget.com/wordpress-security-scan/http://hackertarget.com/joomla-security-scan/http://hackertarget.com/drupal-security-scan/http://hackertarget.com/domain-profiler/8/4/2019 Automated Security Scanning Guide
5/17
AUTOMATED SECURITY SCANNING GUIDE
AUTOMATED SCANS DETAILED
DOMAIN PROFILER
With only a domain name (myexampledomain.com) this scan type willattempt to discover other related systems and IP addresses, that you cantarget with other security testing tools.
A PDF report is created and delivered to the user. The report containsdetails of sub-domains, IP addresses, virtual web hosts on IP addresses,data from the Shodan security search engine and IP address reputation /black list checks.
Domain Profilerscans are used todiscover targets
for other scantypes
HACKERTARGET.COM LLC Page 5
http://www.shodanhq.com/http://hackertarget.com/domain-profiler/http://hackertarget.com/sample/domain-profiler-sample.pdfhttp://www.shodanhq.com/8/4/2019 Automated Security Scanning Guide
6/17
AUTOMATED SECURITY SCANNING GUIDE
HOSTING SERVER INFO
This report checks an IP address for virtual web hosts that are sharing the
IP address. It then performs a reputation lookup on the websites sharing thatIP. Great for finding out the quality of your web host by discovering sharedsites hosting hosting Malware and Spam.
A PDF report is created and delivered to the user. The report containsdetails of the IP address, including hosting, netblock owner and geolocation.Additionally any web sites found to be sharing the IP are also listed withreputation analysis.
This scan is non-intrusive, no packets are sent to the target host.
This scan type canalso be used when
researchingmalware spreading
web hosts.
HACKERTARGET.COM LLC Page 6
http://hackertarget.com/sample/server-info-sample.pdfhttp://hackertarget.com/server-info/8/4/2019 Automated Security Scanning Guide
7/17
AUTOMATED SECURITY SCANNING GUIDE
NMAP PORT SCAN
Nmap is the most popular and well known port scanning tool. It provides a
technical report that details open ports, closed ports and filtered ports.Taking the time to look through results can reveal firewall problems, identifyinternet services and determine operating system of the host.
This is a test run against the nmap test server (scanme.nmap.org)
** Thank you for using the HackerTarget.com Nmap Scanning Service **
HackerTarget.com Membership Status: Non-member
Starting Nmap 5.51 ( http://nmap.org ) at 2011-08-07 19:22 EDTNmap scan report forscanme.nmap.org (74.207.244.221)Host is up (0.076s latency).rDNS record for74.207.244.221: li86-221.members.linode.comNot shown: 996 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7 (protocol 2.0)80/tcp open http Apache httpd 2.2.14 ((Ubuntu))9929/tcp open nping-echo Nping echo31337/tcp open tcpwrappedService Info: OS: Linux
Service detection performed. Please report any incorrect results athttp://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 7.99 seconds
Discoverinteresting
services; find holesin your firewall
HACKERTARGET.COM LLC Page 7
http://nmap.org/http://scanme.nmap.org/http://scanme.nmap.org/http://74.207.244.221/http://74.207.244.221/http://li86-221.members.linode.com/http://nmap.org/submit/http://www.nmap.org/http://hackertarget.com/nmap-scan/http://nmap.org/http://scanme.nmap.org/http://74.207.244.221/http://li86-221.members.linode.com/http://nmap.org/submit/8/4/2019 Automated Security Scanning Guide
8/17
AUTOMATED SECURITY SCANNING GUIDE
OPENVAS VULNERABILITY SCAN
The Open Vulnerability Assessment System (OpenVAS) is an applicationconsisting of several services and tools that offers a comprehensivevulnerability scanning solution.
By providing this tool online HackerTarget.com makes this tool available tothose who may not have the knowledge, skills or time required to configurethe system.
There are two scan options, a default html report that is the raw output fromthe OpenVas system and an advanced PDF report that has some additionalinformation and tests; along with the relevant vulnerabilities found in theOpenVas scan.
A report is created and delivered to the users designated email address.This scan can take some time to perform as it has a database of over 20000security checks.
Find securityvulnerabilitiesbefore the bad
guys do with thispowerful scan
HACKERTARGET.COM LLC Page 8
http://hackertarget.com/sample/openvas-sample.pdfhttp://www.openvas.org/http://hackertarget.com/openvas-scan8/4/2019 Automated Security Scanning Guide
9/17
AUTOMATED SECURITY SCANNING GUIDE
SSL SECURITY CHECK
Using advanced nmap ssl testing scripts and openssl, this scan revealsimportant information regarding the SSL configuration on a web server.Weak ciphers, SSL versions and certificate information are all revealed.
PCI Compliance hasspecific
requirementsregarding SSLconfiguration.
HACKERTARGET.COM LLC Page 9
http://www.nmap.org/http://hackertarget.com/ssl-check8/4/2019 Automated Security Scanning Guide
10/17
AUTOMATED SECURITY SCANNING GUIDE
NIKTO WEB SERVER SCAN
Nikto is a Web server scanner that tests Web servers for dangerousfiles/CGIs, outdated server software and other problems. It performs genericand server type specific checks. It also captures and prints any cookiesreceived.
Nikto is an oldschool securitytesting too thatstill finds lots of
interesting things.
HACKERTARGET.COM LLC Page 10
http://cirt.net/nikto2/http://hackertarget.com/website-scan8/4/2019 Automated Security Scanning Guide
11/17
AUTOMATED SECURITY SCANNING GUIDE
SQL INJECTION TEST
SQL Injection is a devastating web application attack that can reveal entiredatabases of information to an attacker, or even act as a stepping stone tofull server compromise.
Enter a URL with HTTP GET parameters such as this:
See the handy introductory guide to sql injection on the HackerTarget.comweb page.
If the results from this test identify any SQL Injection vulnerabilities you willneed to upgrade your web site application or contact your developer.
Enter a URL andhave it quicklytested for SQL
InjectionVulnerabilities
HACKERTARGET.COM LLC Page 11
http://hackertarget.com/sql-injection/http://hackertarget.com/sql-injection/http://sqlmap.sourceforge.net/http://hackertarget.com/free-sql-scanhttp://hackertarget.com/sql-injection/http://hackertarget.com/sql-injection/8/4/2019 Automated Security Scanning Guide
12/17
AUTOMATED SECURITY SCANNING GUIDE
WHATWEB WEBSITE FINGERPRINT
WhatWeb discovers the details about web technologies and scripts in useby a web site. It gathers this information from analyzing the raw html fromregular web requests.
Find technologiesand scripts being
used by yourfavorite sites withthis non-intrusive
scan.
HACKERTARGET.COM LLC Page 12
http://www.morningstarsecurity.com/research/whatwebhttp://hackertarget.com/whatweb-scan8/4/2019 Automated Security Scanning Guide
13/17
AUTOMATED SECURITY SCANNING GUIDE
BLINDELEPHANT VERSION TEST
Using a variety of techniques that test for known files in web application thistool attempts to accurately determine the version of the application.
This is important when looking at security as old web applications are acommon attack vector and entry point.
To ensure securitypatches andupdates are
applied alwayskeep your web
applications up todate.
HACKERTARGET.COM LLC Page 13
http://blindelephant.sourceforge.net/http://hackertarget.com/blindelephant-scan8/4/2019 Automated Security Scanning Guide
14/17
AUTOMATED SECURITY SCANNING GUIDE
WORDPRESS SECURITY SCAN
Wordpress is the leading open source CMS system. It runs on over 10% ofthe top 1 Million sites. This makes it a popular target. Following some basicsystems management best practice will ensure your site does not gethacked. Run a non-intrusive security scan to check for obvious problems.
A PDF report is created and delivered to the user. The report containsdetails of common WordPress vulnerabilities and application weaknesses.See the sample report for full details.
Wordpress is aneasy to use web
site contentmanagement
systems that is apopular target for
hackers.
HACKERTARGET.COM LLC Page 14
http://hackertarget.com/2011/03/web-tech-2011-report/http://hackertarget.com/2011/03/web-tech-2011-report/http://hackertarget.com/2011/03/web-tech-2011-report/http://hackertarget.com/sample/wordpress-security-scan-sample.pdfhttp://hackertarget.com/wordpress-security-scanhttp://hackertarget.com/2011/03/web-tech-2011-report/http://hackertarget.com/2011/03/web-tech-2011-report/8/4/2019 Automated Security Scanning Guide
15/17
AUTOMATED SECURITY SCANNING GUIDE
JOOMLA SECURITY SCAN
Keeping Joomla installations secure is an ongoing process that involvesgood systems management and keeping all plugins, extensions and corecomponents up to date.
A PDF report is created and delivered to the user. The report containsdetails of sub-domains, IP addresses, virtual web hosts on IP addresses,data from the Shodan security search engine and IP address reputation /black list checks.
Joomla is apopular opensource CMS.
Test Security ofyour installation
now with this non-intrusive scan.
HACKERTARGET.COM LLC Page 15
http://www.shodanhq.com/http://hackertarget.com/sample/joomla-security-scan-sample.pdfhttp://hackertarget.com/joomla-security-scan/http://www.shodanhq.com/8/4/2019 Automated Security Scanning Guide
16/17
AUTOMATED SECURITY SCANNING GUIDE
DRUPAL SECURITY SCAN
Drupal installations are wide ranging and highly customized; this externalsecurity overview will provide an idea of the security posture of theinstallation and other information of note.
A PDF report is created and delivered to the user. The report containsdetails of sub-domains, IP addresses, virtual web hosts on IP addresses,data from the Shodan security search engine and IP address reputation /black list checks.
Drupal runs sitesranging from
personal blogs tocorporate, political,
and governmentsites including
whitehouse.govand data.gov.uk.
HACKERTARGET.COM LLC Page 16
http://www.shodanhq.com/http://hackertarget.com/sample/drupal-security-scan-sample.pdfhttp://hackertarget.com/drupal-security-scan/http://www.shodanhq.com/8/4/2019 Automated Security Scanning Guide
17/17
AUTOMATED SECURITY SCANNING GUIDE
MANUAL SECURITY ASSESSMENT
Automated testing is an easy and convenient way to quickly gagethe security of your Internet facing systems and infrastructure. It isnot a comprehensive audit and is often prone to false positivesand / or false negatives.
Manual Security Assessments involve a hybrid of automated andmanual testing techniques that provides a greater level ofassurance that your systems are secure.
HackerTarget.com has a comprehensive security assessmentoffering that is in effect a simulated hacker attack against thetarget system or organization. This assessment by its nature is much more aggressive than the
automated tests and provides a full report detailing any security holes found along withrecommendations for increasing the security of the system.
HACKERTARGET.COM LLC Page 17
http://hackertarget.com/http://hackertarget.com/assessment-request/http://hackertarget.com/