INFORMATION GATHERING - LIVE HOST IDENTIFICATION Kali Linux
Updated: Jun 19, 2022
In this CyberSecurity blog, I will cover one of the best tools of Kali Linux for Information Gathering - Live Host Identification.
In this blog, I will cover one of the best tools of Kali Linux for Information Gathering - IDS/IPS identification.
Below are the Cyber Security tools which are available in Kali Linux for Penetration
Threat Intelligence Cybersecurity Hacking tools
thc-ipv6 - THC-IPV6-ATTACK-TOOLKIT - just run the tools without options and they will give you help and show the command line options. alive6 shows alive addresses in the segment. If you specify a remote router, the packets are sent with a routing header prefixed by fragmentation.
a) How to install: sudo apt install thc-ipv6 b) USAGE alive6 [-dlmrS] [-W TIME] [-i FILE] [-o FILE] [-s NUMBER] interface [unicast-or-multicast-address [remoterouter]] d) eg. alive6 eth1
arping pings a destination by sending ARP REQUEST packets to a neighbour host, using a given
How to install: sudo apt install arping
arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination eg. arping -f -c 1 -I wlan0 192.168.100.1 (Host 192.168.100.1 is alive -> Received 1 response(s)) eg. arping -f -c 1 -I eth0 192.168.100.2 (Host 192.168.100.2 isn't alive -> Received 0 response(s))
if a network sniffer is exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.
Features: Time intervals between CDP advertisements, Source MAC address, CDP Version, TTL, Checksum, Device ID, Software version, Platform, Addresses, Port ID, Capabilities, Duplex, Save packets in PCAP dump file format, Read packets from PCAP dump files, Debugging information (using the "-d" flag), Tested with IPv4 and IPv6
USAGE cdpsnarf -i OPTIONS cdpsnarf -h EXAMPLE ./cdpsnarf eth2
thc-ipv6 - THC-IPV6-ATTACK-TOOLKIT - just run the tools without options and they will give you help and show the command-line options. This tool detects new IPv6 addresses joining the local network. If the script is supplied, it is executed with the detected IPv6 address as an option.
Notes: Most tools can easily be detected by an IDS or specialized detection software. This is done on purpose to make rogue usage detection easier. The tools either specify a fixed packet signature, or generically sniff for packets (e.g. therefore also answering to icmp6 neighbour solicitations which are sent to a non-existing mac, and are therefore very easy to detect). If you don't want this, change the code.
USAGE detect-new-ip6 [script] Eg detect-new-ip6 eth0
thc-ipv6 - THC-IPV6-ATTACK-TOOLKIT - just run the tools without options and they will give you help and show the command-line options.
detect-sniffer6 - tests if systems on the local LAN are sniffing. Works against Windows, Linux, OS/X and *BSD. If no target is given, the link-local-all-nodes address is used, which however rarely works.
USAGE detect-sniffer6 interface [target6]
DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, TCP port scan, whois lookups, and more. The information is gathered with the following methods:
Perform an Internet Number whois lookup.
Retrieve possible uptime data, and system and server data.
Perform a SubDomain search on a target host.
Perform an E-Mail address search on a target host.
Perform a TCP Portscan on the host target.
A Modular program allowing user-specified modules
How to install: sudo apt install dmitry USAGE dmitry [options] EXAMPLE dmitry –help (DMitry help) EXAMPLE man dmitry (DMitry complete documentation) EXAMPLE dmitry -iwns -o example.out google.com
dnmap is a framework to distribute nmap scans among several clients. It reads an already created file with Nmap commands and sends those commands to each client connected to it. The framework uses a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed on the server. Nmap output is stored on both server and client.
Usually, you would want this if you have to scan a large group of hosts and you have several different internet connections (or friends that want to help you).
Clients can be run on any computer on the Internet. Do not have to be on a local cluster or anything.
It uses the TLS protocol for encryption
Put some nmap commands on a file like commands.txt 2. ./dnmap_server -f commands.txt (Start the dnmap_server) 3. ./dnmap_client -s -a (Start any number of clients)
If the server gets down, it keeps connecting to it until it gets up again.
Strip strange characters from the command sent by the server. Tries to avoid command injection vulns.
It only executes the nmap command. It deletes the command sent by the server and changes it by the known and trusted nmap binary on the system.
You can select an alias for your user.
You can change which port the client connects to.
If the command sent by the server does not have a -oA option, the client adds it anyway to the command, so it will always have a local copy of the output.
USAGE ./dnmap_client -s <server-ip> -a <alias> (start any number of clients) EXAMPLE (see dnmap)
If the server gets down, clients continue trying to connect until the server gets back online.
If the server gets down, when you put it up again it will send commands starting from the last command given before the shutdown. You do not need to remember where it was.
You can add new commands to the original file without having to stop the server. The server will read them automatically.
If some client goes down, the server will remember which command it was executing and it will re-schedule it for later.
It will store every detail of the operations in a log file.
It shows real-time statistics about the operation of each client
You can choose which port to use. Defaults to 46001. Only the Online clients are shown in the running stats.
USAGE ./dnmap_server -f commands.txt (start dnmap server) EXAMPLE (see dnmap)
fping is a program like a ping that uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding.
fping differs from ping in that you can specify any number of targets on the command line, or specify a filecontaining the lists of targets to ping. Instead of sending to one target until it times out or replies, fping will send out a ping packet and move on to the next target in a round-robin fashion. In the default mode, if a target replies, it is noted and removed from the list of targets to check; if a target does not respond within a certain time limit and/or retry limit it is designated as unreachable. Fping also supports sending a specified number of pings to a target, or looping indefinitely (as in ping). Unlike ping, fping is meant to be used in scripts, so its output is designed to be easy to parse.
USAGE fping [options] [targets...] EXAMPLE fping 192.168.100.1 (Responding host -> 192.168.100.1 is alive ) EXAMPLE fping 192.168.100.13 (Non-responding host -> 192.168.100.13 is unreachable )