Linux and Open source Understanding Nmap Commands: In depth Tutorial with examples

Article by James Hawkins As we all know, Nmap (Network Mapper) is a stealth port scanner widely used by network security experts (including forensics & Pen-testing Experts). In this article we’ll see the different types of Nmap Scans, its techniques, understanding the purpose and goals of each scan , its advantages or disadvantages over other scanning tools, which could be better at evading firewalls & IDS (To a certain extent) and much more. In this first part, I have made my best to explain the basic scanning techniques, Host discovery options, port scanning options, techniques used in detecting Operating system & services running on the system. i also give Nmap as already installed on your system. Let’s start with one of the most basic and default scan, the one without using any parameters. This is a basic scan of the local IP address 192.168.1.34, we use sudo to gain administrator privileges, and then we give the target to Nmap. Discovery Port scanning options Performing Fast scan: Related: Commands (GNU/Linux UNIX)

reaver-wps - Brute force attack against Wifi Protected Setup Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. Intimidated by the command-line? Running Windows, OS X, or just don't want to run Linux, download, and compile the open source Reaver? Reaver Pro is now ONLY $69.99!!! Reaver Pro is a compact embedded device customized for Reaver attacks. Reaver Pro Features:

Kill All Processes with ps ax|grep pl|awk '{print $1}'|xargs kill Introduction Many times we write programs which runs many instances of itself, either while using fork or we manually run many copies of the same program, so during the development stage we may need to kill all running instances and modify the program and re-run, or there may be other situations where we may need to kill a ll perl programs running, etc etc. Till a few months back I used to do this job of killing manually process id by process id, like this Code: [root@pradeep test]# kill 31372 But recently I devised a command to kill all processes matching a pattern, I am sure someone else must have already done this, but there must any other to whom this might be helpful. The Command The command looks like this ps ax|grep pl|awk '{print $1}'|xargs kill Well, to some it might look confusing, let me break up the command a explain. [root@pradeep test]# ps ax|grep pl 31372 ? awk '{print $1}' Prints the first column returned by the previous command, in this case the PID e.g. - 31671

Sybil attack Description[edit] In a Sybil attack the attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous identities, using them to gain a disproportionately large influence. A reputation system's vulnerability to a Sybil attack depends on how cheaply identities can be generated, the degree to which the reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically. Evidence shows large-scale Sybil attack can be carried out in a very cheap and efficient way in the realistic system like BitTorrent Mainline DHT. [4][5] An entity on a peer-to-peer network is a piece of software which has access to local resources. A faulty node or an adversary may present multiple identities to a peer-to-peer network in order to appear and function as multiple distinct nodes. Prevention[edit] See also[edit] Ballot stuffing References[edit]

trustedsec/social-engineer-toolkit df(1): report file system disk space usage Name df - report file system disk space usage Synopsis df [OPTION]... [FILE]... Description This manual page documents the GNU version of df. df displays the amount of disk space available on the file system containing each file name argument. If an argument is the absolute file name of a disk device node containing a mounted file system, df shows the space available on that file system rather than on the file system containing the device node (which is always the root file system). Options Show information about the file system on which each FILE resides, or all file systems by default. Mandatory arguments to long options are mandatory for short options too. -a, --all include dummy file systems -B, --block-size=SIZE use SIZE-byte blocks --direct show statistics for a file instead of mount point --total produce a grand total -h, --human-readable print sizes in human readable format (e.g., 1K 234M 2G) -H, --si likewise, but use powers of 1000 not 1024 -i, --inodes -k like --block-size=1K -l, --local --no-sync

The Lazy Guide to Installing Knoppix on a USB Key Knoppix, the famous live Linux CD that practically started the live CD trend, needs no introduction to most people. One of the things that's so great about it is that you can take it with you and boot to a familiar Linux environment on almost any modern computer, without touching the OS that's already installed on it. Of course, it can be even more portable when it runs entirely off of an inexpensive USB key. So let's install it to a 1 GB USB key, and create a persistent home directory in which to store files. Only let's do it the lazy way, and keep use of the command prompt to a bare minimum. You will need a copy of the latest Knoppix CD (v5.1.1 as of this writing) and, of course, a 1 GB USB key. A note about the mysterious art of booting from USB keys. Generally speaking, there are two ways of booting from a USB key. The current way is to simply treat the USB key as if it were a hard drive. To get started, boot from the Knoppix CD. 1. 2. Next, insert your USB key. 3. 4. 5. 6. 7. 8. 9.

The Social-Engineer Toolkit (SET) The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community. The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. SET is included in the latest version of the most popular Linux distribution focused on security, Back|Track. git clone set/ Below are some videos on SET: Defcon 20 – Owning One to Rule Them All – Dave Kennedy and Dave DeSimone DerbyCon 1 – Adaptive Penetration Testing ft. Defcon 19 – Pentesting over Powerlines The Social-Engineer Toolkit v3.3 release.

man df - Fournit la quantité d'espace occupé des systèmes de fichiers. df - Fournit la quantité d'espace occupé des systèmes de fichiers. df [options] [fichier...] Options POSIX : [-kP] [--] Options GNU (versions courtes) : [-ahikmPv][-t type_fs][-x type_fs][--print-type][--no-sync][--sync][--help] [--version] [--] df indique les quantités d'espaces disques utilisées et disponibles sur les systèmes de fichiers. Sans argument, df indiquera les quantités correspondant à tous les systèmes de fichiers montés, quels que soient leurs types. Les valeurs sont indiquées en unités de 512 octets par défaut, mais si l'option -k est utilisée, l'unité est 1024 octets. Les valeurs sont fournies en unités de 1024 octets par défaut, sauf si la variable d'environnement POSIXLY_CORRECT existe, auquel cas le comportement POSIX est adopté. Si un fichier indiqué en argument est un périphérique disque contenant un système de fichiers monté, df affichera l'espace disponible sur ce système de fichiers plutôt que sur celui contenant le noeud du périphérique. -k -a, --all --block-size=nb

Backtrack alternative Xiaopan OS is a small Tiny Core Linux based operating system specific for wireless penetration testing, it comes with the XFE desktop environment, a very lightweight graphical front end, the distribution can run as a live CD, from a USB thumbdrive with Unetbootin or used inside a virtual machine. Numerous wireless card controllers are supported, including Atheros and Broadcom, the most widely used chipsets. As a result of the distribution being based on Tiny Core Linux all of the .tcz precompiled packages available for Tiny Core can be installed in Xiopan using the TCL Appbrowser, non hacking utilities like games, media player, CD burner, VoIP software and Truecrypt can all be optionally added to Xiopan OS. Wifi hacking Linux distribution Xiaopan This Linux live CD is first class penetration testing tool to audit wireless access points security and replaces Beini, a very similar distribution no longer active. Xiaopan Linux WPA2 hacking Visit Xiaopan OS homepage

John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. To verify authenticity and integrity of your John the Ripper downloads, please use our PGP public key. There's a wiki section with John the Ripper user community resources.