1 00:00:00,060 --> 00:00:03,460 All right, folks, I think you are enjoying it. 2 00:00:03,480 --> 00:00:06,030 I hope you are really enjoying the scores. 3 00:00:06,510 --> 00:00:16,060 As of now, we have completed learning and scanner and even open scanners, but DBM scanner. 4 00:00:17,550 --> 00:00:23,760 Finally, we have reached to the end map and map is the most widely adopted. 5 00:00:24,510 --> 00:00:34,140 I don't say it is used by most of the enterprises because enterprises need more often, you know, more 6 00:00:34,140 --> 00:00:43,140 often or tool, which has a, you know, wider looking Dubai, you know, pretty much collaboration 7 00:00:43,140 --> 00:00:51,600 kind of woman does has its own segment, does hazards and map has its own target audience. 8 00:00:51,720 --> 00:00:52,610 And who are those? 9 00:00:52,800 --> 00:00:59,550 It's basically majorly the people who are into the penetration testing people, who manages the, you 10 00:00:59,550 --> 00:01:01,520 know, their customers. 11 00:01:01,980 --> 00:01:04,980 So it's the reason why it is so popular. 12 00:01:04,980 --> 00:01:07,560 It's because it's very, very quick. 13 00:01:07,920 --> 00:01:08,940 It's very seamless. 14 00:01:08,940 --> 00:01:14,550 And it all works on a command line, although it has some newer version with Xenopus. 15 00:01:14,780 --> 00:01:23,040 But it is widely popular because of its quick behavior, because of its fast response just through the 16 00:01:23,050 --> 00:01:24,950 KELLYE now. 17 00:01:25,860 --> 00:01:32,940 Well, first, getting to some, you know, basic understanding, as we have learned for most of our 18 00:01:32,940 --> 00:01:40,710 scanner earlier, when you get some overview about what exactly and MAP is and what are different suits 19 00:01:40,710 --> 00:01:43,530 and whatever, that why it is so different from that. 20 00:01:43,800 --> 00:01:50,880 You know, earlier, you know what, all your scanner we have completed, including NSA scanner and 21 00:01:50,880 --> 00:01:51,860 open mass as well. 22 00:01:52,350 --> 00:01:53,400 So let's get started. 23 00:01:53,760 --> 00:01:59,130 Open mass, just to give you an overview, it's completely free and open, open source. 24 00:01:59,130 --> 00:02:07,170 There's no premium virgin sort of stuff, just like the Nessus and open masses, but it's completely 25 00:02:07,170 --> 00:02:08,790 free and it is even open. 26 00:02:08,790 --> 00:02:14,940 So that means you can have the source code and you can go through it and can understand what is really 27 00:02:14,940 --> 00:02:20,370 going on and what happened when when somebody executed the code next. 28 00:02:20,640 --> 00:02:22,890 It actually does. 29 00:02:22,890 --> 00:02:27,780 The way we have been doing it did remind the host, always services everything. 30 00:02:28,050 --> 00:02:30,710 You know exactly what we have done all year. 31 00:02:30,780 --> 00:02:32,010 But it's very simple. 32 00:02:32,370 --> 00:02:33,210 It's powerful. 33 00:02:33,210 --> 00:02:41,840 It's because there has been attempts to get like thousands or thousands of holes in a second. 34 00:02:42,150 --> 00:02:49,470 So it's that fast and powerful that it can scan thousands of post per second. 35 00:02:49,740 --> 00:02:57,210 So you can even scan the whole Internet just with yours and my scanner, because there is no limit, 36 00:02:57,420 --> 00:03:02,330 because there is no, you know, IP address limit or something. 37 00:03:02,340 --> 00:03:05,310 So you you are authorized to do whatever you want to do. 38 00:03:05,310 --> 00:03:12,580 It just be cautious about, you know, the consequences if you go back into it for sure. 39 00:03:13,020 --> 00:03:21,120 OK, so now finally, it's easy and flexible because all you need to do is just to get the access to 40 00:03:21,120 --> 00:03:21,980 the cloud. 41 00:03:21,990 --> 00:03:22,910 That's all it mean. 42 00:03:23,210 --> 00:03:28,530 All right, let's talk about itude and map and a very brief. 43 00:03:28,530 --> 00:03:35,580 You have the cloud option, but other than the Seelie, what as you get it, is the Zend map. 44 00:03:35,970 --> 00:03:41,010 Then map is basically a Dubai version of a graphical user interface. 45 00:03:41,310 --> 00:03:49,980 Lets get get the give you more better appearance of the results and scanning status as well now. 46 00:03:49,980 --> 00:03:53,970 And Cat and cat is a tool that comes with the end map itself. 47 00:03:53,970 --> 00:04:00,960 It's for better data transfer or redirection at once debugging option altogether. 48 00:04:00,960 --> 00:04:06,900 Just in one two then we have and this is basically to compare these scanners. 49 00:04:06,900 --> 00:04:13,530 And so once you have an output from two different supposed, you can compare the host, you can actually 50 00:04:13,530 --> 00:04:20,910 compare the results and get to know what's what is exactly different and do more of this result than 51 00:04:20,910 --> 00:04:28,550 we have and bring this tool as major league for back generation and analyzing the response as well. 52 00:04:29,040 --> 00:04:30,200 So that's what it is. 53 00:04:30,210 --> 00:04:34,740 It's all free and there and sort of and map all together. 54 00:04:35,670 --> 00:04:37,530 Let's talk about phases. 55 00:04:38,250 --> 00:04:39,930 Why are we talking about fezzes? 56 00:04:39,930 --> 00:04:46,530 Why why we shouldn't really talk about it in the audio scanner because there wasn't any any strict police 57 00:04:46,560 --> 00:04:55,620 approach and map follows us very strict fezzes approach when we execute any scan for any hopes. 58 00:04:56,010 --> 00:04:56,400 All right. 59 00:04:56,730 --> 00:04:59,760 So it first start with the target information and. 60 00:05:00,280 --> 00:05:07,780 Enumeration it basically and mapped into the list of target IP addresses, as we mentioned, in the 61 00:05:07,780 --> 00:05:08,570 target list. 62 00:05:08,800 --> 00:05:15,040 So if you remember, we used to define the list of IP addresses, the target IP address there, maybe 63 00:05:15,040 --> 00:05:20,450 a network, maybe a single IP address or almost done so in the first place. 64 00:05:20,680 --> 00:05:25,120 It determined the list of all IP address that falls under your subnet. 65 00:05:25,300 --> 00:05:31,390 That's the first part of next advice to know perform the host discovery. 66 00:05:31,720 --> 00:05:40,180 In this case, it finds if, let's say you have got 24 and you have got all the range of IP addresses 67 00:05:40,180 --> 00:05:41,380 within the subnet. 68 00:05:41,440 --> 00:05:41,810 OK. 69 00:05:42,220 --> 00:05:52,360 So in that subnet, you know, the idea is to find out how many of the machines, how many of a machine 70 00:05:52,360 --> 00:05:57,320 are currently alive currently online at this moment out of the entire subnet. 71 00:05:57,340 --> 00:06:00,030 OK, so that happened on the discovery. 72 00:06:00,430 --> 00:06:02,610 Next is the reverse DNS resolution. 73 00:06:02,890 --> 00:06:09,400 It's as the name suggests, and basically uses the reverse DNS resolution to get the domain name onto 74 00:06:09,430 --> 00:06:10,450 each and every course. 75 00:06:10,930 --> 00:06:14,200 That gives a very, you know, easy information. 76 00:06:14,200 --> 00:06:21,970 Why it is useful is because even when most of the time, in order to understand what this device is 77 00:06:21,970 --> 00:06:29,310 all about, even the hostname itself give you more information as by this standard, you know, people 78 00:06:29,340 --> 00:06:36,430 put the organization, but their hostname of their firewall is saying F.W. in between. 79 00:06:36,430 --> 00:06:43,380 If so, if you find any device name that ends with the F W zero one zero two, you're pretty sure it's 80 00:06:43,390 --> 00:06:44,680 the firewall. 81 00:06:45,100 --> 00:06:50,650 If you have any device name ending with RDR, that most likely a router. 82 00:06:50,920 --> 00:06:55,300 If you find any device ending with as DeBlois, then it's most likely a switch. 83 00:06:55,720 --> 00:06:56,410 You got point. 84 00:06:56,740 --> 00:07:04,600 So in that way I don't that is really, really beneficial because finding out the hostname or the device 85 00:07:04,840 --> 00:07:12,790 domain name itself gives more and more information for, you know, reconnaissance process or for information 86 00:07:12,790 --> 00:07:14,050 gathering process. 87 00:07:14,050 --> 00:07:14,820 Everything. 88 00:07:15,430 --> 00:07:22,840 Next it comes the board scanning after this and I basically tend to probe this probe can be based on 89 00:07:22,840 --> 00:07:27,610 ICMP Code DCB, Go, DCB, ACH and all those stuff. 90 00:07:27,610 --> 00:07:33,020 It can be on the arc and many other stuff and gather the response coming in from the machine. 91 00:07:33,180 --> 00:07:34,900 OK, so that's what it is. 92 00:07:34,900 --> 00:07:42,010 And the washin detection, once it get to know what other ports the target is currently listening on 93 00:07:42,250 --> 00:07:48,850 and then try to find out the words, it's basically the step and maps and some request and determine 94 00:07:48,850 --> 00:07:50,440 the version based on the response. 95 00:07:50,450 --> 00:07:57,700 So let's say the version of MySQL, version of Apache or whatever the version you're running it. 96 00:07:57,790 --> 00:08:02,600 There are some, you know, straight away version, software version that you can possibly try to collect. 97 00:08:02,920 --> 00:08:10,510 There are some complex software version as well, like Skype for business version as well, some enterprise 98 00:08:11,560 --> 00:08:17,260 interface software version as well, some ghost complex, some needs a complex attention from the unmap. 99 00:08:17,260 --> 00:08:19,380 Some are pretty much standard on it. 100 00:08:19,750 --> 00:08:21,830 Let's keep keep getting updated as well. 101 00:08:22,390 --> 00:08:27,310 So once you get the idea about it, then it comes to the always detection, as the name suggests. 102 00:08:27,580 --> 00:08:31,450 You get to know what is what is the operating system running on the target machine. 103 00:08:31,930 --> 00:08:38,100 And once we get that, then initiated the Cristero to the target machine, if you need it now, see 104 00:08:38,260 --> 00:08:42,100 all the steps, it's by default there. 105 00:08:42,370 --> 00:08:47,830 If you want to skip any of the, you know, step that you want, you don't really need that information. 106 00:08:48,130 --> 00:08:50,020 You need an additional comment. 107 00:08:50,020 --> 00:08:56,370 You need an additional suffix to the command so that you don't discard that step. 108 00:08:56,420 --> 00:09:04,060 OK, but by default, whenever you perform any kind of scanning, it would go for all this stuff. 109 00:09:04,260 --> 00:09:07,510 OK, next, it comes to this script scanning. 110 00:09:07,810 --> 00:09:09,730 So you but unmap map. 111 00:09:09,730 --> 00:09:17,290 The most beautiful part is you can make use of it and mapped scripting engine that is called NFC. 112 00:09:17,530 --> 00:09:21,340 OK, but NFC, you can perform some advance scan. 113 00:09:21,520 --> 00:09:28,720 OK, this will help you to get go in very deep inside and collect more and more information that has 114 00:09:28,720 --> 00:09:33,880 been the security developer has been making. 115 00:09:33,880 --> 00:09:40,090 Many of the developers have been making, you know, multiple tenancy scripts that have that have helped 116 00:09:40,090 --> 00:09:46,930 multiple organization to detect any urgent vulnerabilities or weaknesses into their system. 117 00:09:47,350 --> 00:09:50,470 And that's the reason it's quick enough. 118 00:09:50,470 --> 00:09:57,610 And you don't really have to wait longer for buying any new expensive software or something to do that. 119 00:09:57,910 --> 00:09:58,720 It's pretty quick. 120 00:09:58,720 --> 00:09:59,350 It's all. 121 00:09:59,810 --> 00:10:06,110 Available on a map platform, you can download those NSA and you can run it on your system. 122 00:10:06,860 --> 00:10:12,380 It's going to scan all your system into the network and you'll get to know how many systems are going 123 00:10:12,380 --> 00:10:13,910 to be impacted by this. 124 00:10:14,210 --> 00:10:19,200 You know, one of keys or maybe it's a zero day attack, maybe zero to one as well. 125 00:10:19,550 --> 00:10:22,160 So that will give you more and more information. 126 00:10:22,400 --> 00:10:26,480 And at the end, you get to see your output. 127 00:10:26,520 --> 00:10:32,280 OK, so this is all about how you know, how your scan phases really looks like. 128 00:10:32,900 --> 00:10:34,750 Let's talk about the end map. 129 00:10:34,760 --> 00:10:35,270 Come on. 130 00:10:35,270 --> 00:10:37,880 Line up at the moment, you know all. 131 00:10:37,890 --> 00:10:39,110 Let's start with this. 132 00:10:39,890 --> 00:10:41,420 Putting the command and map. 133 00:10:41,420 --> 00:10:45,540 So the moment you type and map, you get to see all the output. 134 00:10:46,410 --> 00:10:50,540 OK, you just the end map command is more than enough. 135 00:10:50,540 --> 00:10:56,300 You know, the moment you type and map, you are good with all the possible output. 136 00:10:57,140 --> 00:10:58,070 You want to see that? 137 00:10:58,220 --> 00:10:59,780 Let me show you how that works. 138 00:11:00,080 --> 00:11:04,210 Let me go to the machine machine and let me show you how that works. 139 00:11:04,550 --> 00:11:06,430 The beauty is you don't really. 140 00:11:06,450 --> 00:11:08,920 OK, we already have Nessa's working over here. 141 00:11:09,260 --> 00:11:11,630 The beauty is you don't really have to install it. 142 00:11:11,780 --> 00:11:15,560 The reason is it's already built in with the cat, OK? 143 00:11:15,650 --> 00:11:22,400 Because it's the basic software when it comes to the, you know, hacking or penetration testing or 144 00:11:22,400 --> 00:11:28,520 whatever it is scanning for most of the engineers at the moment, you type and map, you get to see 145 00:11:28,520 --> 00:11:29,780 all possible commands. 146 00:11:30,470 --> 00:11:33,890 This even shows that a map is currently running on the machine. 147 00:11:34,190 --> 00:11:41,210 You get to know about the end map version, the first line that gives you the usage of this, you know, 148 00:11:41,480 --> 00:11:49,670 and map and possible way of making use of this commands and all these possible phases. 149 00:11:49,670 --> 00:11:52,820 Maybe Hosta for the command for forced discovery. 150 00:11:52,820 --> 00:11:55,130 First, what are the commands? 151 00:11:55,130 --> 00:11:56,150 Possible commands. 152 00:11:56,540 --> 00:11:58,670 Syntex for scan techniques. 153 00:12:00,330 --> 00:12:08,580 Possible command for port scanning is a service of origin detection as well, script scan, if you remember 154 00:12:08,580 --> 00:12:15,750 I told you about and has seen it and map scripting engine, you can make use of that from here that 155 00:12:15,750 --> 00:12:21,960 always detection in order to detect the always off target machine, you can make use of these possible 156 00:12:21,960 --> 00:12:27,600 option in order to understand or detect if there's any firewall in between. 157 00:12:27,600 --> 00:12:29,760 You can make use of these set of commands. 158 00:12:30,270 --> 00:12:39,510 And so when you have an example, as you know so and MAP has their own servers available and scan me 159 00:12:40,080 --> 00:12:45,750 and my daughter was available to be used as a as a target for us. 160 00:12:46,040 --> 00:12:46,400 All right. 161 00:12:46,710 --> 00:12:53,160 So this is all about an overview of and maps and maps scanner all together. 162 00:12:54,600 --> 00:12:56,580 I hope you like the video will capture some.