1
00:00:00,800 --> 00:00:02,000
Hello, my name is Steve.

2
00:00:02,570 --> 00:00:09,500
In today's digital landscape, the hypertext transfer protocol Http stands as one of the most widely

3
00:00:09,500 --> 00:00:10,610
used protocols.

4
00:00:10,640 --> 00:00:17,540
Web servers have evolved from serving static pages to handling interactive web applications with user

5
00:00:17,540 --> 00:00:18,320
interaction.

6
00:00:18,350 --> 00:00:24,410
This technological progress has opened the door to a potential vulnerabilities, particularly through

7
00:00:24,410 --> 00:00:30,680
the tainted user input that can manipulate application logic and lead to unintended malicious actions.

8
00:00:30,710 --> 00:00:37,400
The ease of web application development using modern framework has further contributed to an increase

9
00:00:37,400 --> 00:00:38,450
in vulnerability.

10
00:00:38,480 --> 00:00:40,940
Vulnerable applications on Internet.

11
00:00:40,970 --> 00:00:43,730
To address these concerns.

12
00:00:44,630 --> 00:00:54,170
We The Nmap scripting engine NSC offers a growing collection of Http scripts, transforming Nmap into

13
00:00:54,170 --> 00:00:59,120
an invaluable web scanner for penetration testers with Nmap.

14
00:00:59,150 --> 00:01:05,870
Not only can vulnerabilities as misconfigurations be identified, but web applications can also be crawled

15
00:01:05,870 --> 00:01:08,630
to discover intriguing information.

16
00:01:08,660 --> 00:01:15,500
This section aims to teach you how to leverage Nmap for web server auditing, ranging from automating

17
00:01:15,500 --> 00:01:19,310
configuration checks to exploiting vulnerable web applications.

18
00:01:19,340 --> 00:01:25,340
Additionally, I will introduce some of the NSC scripts that I have developed over the years, which

19
00:01:25,340 --> 00:01:29,660
I found useful during web penetration test conducting at web.

20
00:01:30,140 --> 00:01:38,600
So let's explore the various sections and topics covered in this section here of our course.

21
00:01:38,600 --> 00:01:41,840
So we will firstly list supported Http methods.

22
00:01:42,260 --> 00:01:48,630
With practical side, we will enumerate all the Http methods supported by a web server and web servers

23
00:01:48,630 --> 00:01:53,460
over various Http methods, some of which can pose security risks.

24
00:01:53,460 --> 00:01:59,460
So it's essential for system administrators and penetration testers to quickly identify these methods

25
00:01:59,460 --> 00:02:02,460
and test their accessibility.

26
00:02:03,250 --> 00:02:12,670
So in maps, Http method script provides a convenient way to accomplish this task and we will also discover

27
00:02:12,670 --> 00:02:14,950
interesting files and folders on a web server.

28
00:02:14,950 --> 00:02:21,100
We will do practical examples such as we will use Nmap to identify intriguing files and directories

29
00:02:21,100 --> 00:02:22,360
on web servers.

30
00:02:22,360 --> 00:02:26,770
And the explanation of this topic is in Nmap.

31
00:02:27,280 --> 00:02:34,510
Http enum script enables the discovery of potentially sensitive or hidden files and folders on web servers.

32
00:02:34,540 --> 00:02:39,730
This information can be valuable for further analysis and vulnerability assessment.

33
00:02:39,760 --> 00:02:45,160
We will also do brute forcing Http authentication.

34
00:02:45,250 --> 00:02:53,620
We will perform brute force attacks on Http authentication mechanisms because Nmap http brute script

35
00:02:53,620 --> 00:02:59,980
automates the process of attempting various username and passwords combinations to gain unauthorized

36
00:02:59,980 --> 00:03:01,750
access to protected web servers.

37
00:03:01,750 --> 00:03:08,000
So this topic highlights the significance of the strong authentication credentials.

38
00:03:08,000 --> 00:03:09,920
We will brute force web applications.

39
00:03:09,920 --> 00:03:18,320
We will practically do Nmap to launch brute force attacks against web applications.

40
00:03:18,320 --> 00:03:24,050
So in web boot scripts extend its capabilities to target web applications login forms.

41
00:03:24,050 --> 00:03:27,020
So by systematically attempting different credentials.

42
00:03:27,020 --> 00:03:34,670
So this script helps identify weak authentication mechanisms and emphasizes the importance of implementing

43
00:03:34,670 --> 00:03:37,130
robust password policies.

44
00:03:37,400 --> 00:03:40,640
We will also detect web application firewalls.

45
00:03:40,730 --> 00:03:49,910
Practically, we will do examples how to detect the presence of web application firewalls EFS using

46
00:03:49,980 --> 00:03:50,660
maps.

47
00:03:50,660 --> 00:04:02,080
So Nmap has a http F detect scripts which aids in identifying the existence of a VFS that so a w by

48
00:04:02,090 --> 00:04:12,740
w a f, I mean the web application firewall fire firewall.

49
00:04:13,280 --> 00:04:19,730
And that may have been be protecting web applications and we will understand the presence of such security

50
00:04:19,730 --> 00:04:26,600
measures and which is they are crucial for further penetration testing and vulnerability assessment.

51
00:04:27,170 --> 00:04:33,280
And we will do a lot of examples, which we will also do X and x.

52
00:04:33,320 --> 00:04:39,350
We will detect x and X vulnerabilities by x east side here.

53
00:04:39,920 --> 00:04:51,020
Um, we will do practical examples such as identifying potential cross-site tracing XD cross site tracing

54
00:04:51,020 --> 00:04:53,990
vulnerabilities with nmap and nmap.

55
00:04:54,560 --> 00:05:02,660
Nmap http trace script http trace script detects if the trace method is enabled on web servers, which

56
00:05:02,660 --> 00:05:06,280
could lead to excessive vulnerabilities.

57
00:05:06,820 --> 00:05:16,270
So this topic emphasizes the importance of disabling the trace method to mitigate potential security

58
00:05:16,270 --> 00:05:16,800
risks.

59
00:05:16,810 --> 00:05:21,400
And we will also detect a famous ICS vulnerabilities.

60
00:05:21,400 --> 00:05:29,710
So we will practically identify cross-site scripting vulnerabilities using Nmap, cross-device, cross-site

61
00:05:30,070 --> 00:05:30,610
scripting.

62
00:05:30,610 --> 00:05:44,290
I mean the ICS vulnerabilities using Nmap and Nmap http http x ed scripts helps identify potential vulnerabilities

63
00:05:44,290 --> 00:05:49,840
in web applications by injecting specific payloads and analyzing the responses.

64
00:05:49,840 --> 00:05:56,230
So this topic here demonstrates the importance of input, validation and output encoding to prevent

65
00:05:56,260 --> 00:05:58,270
excess attacks.

66
00:05:59,180 --> 00:06:02,110
And we will find we will with Nmap.

67
00:06:02,120 --> 00:06:05,720
We will also find the SQL injection vulnerabilities.

68
00:06:05,720 --> 00:06:15,590
We will discover SQL injection vulnerabilities with Nmap, which is Nmap http SQL injection script assist

69
00:06:15,590 --> 00:06:20,120
in identifying potential SQL injection vulnerabilities in web applications.

70
00:06:20,120 --> 00:06:26,240
So this topic highlights the significance of proper input, sanitization and prepared statements to

71
00:06:26,240 --> 00:06:29,110
prevent these types of attacks.

72
00:06:29,120 --> 00:06:33,020
We will also find web applications with default credentials.

73
00:06:33,020 --> 00:06:38,120
We will identify web applications that may be using default credentials, for example, admin.

74
00:06:38,540 --> 00:06:46,340
For example, if you have a WordPress site and didn't assign specific password for it, the probable

75
00:06:46,400 --> 00:06:50,780
password will be admin, admin or admin pass here like this.

76
00:06:50,780 --> 00:06:58,550
So we will scan these websites and Nmap http default account script checks for the presence of web applications

77
00:06:58,550 --> 00:07:00,660
with default usernames and passwords.

78
00:07:00,660 --> 00:07:07,200
So this recipe underscores the importance of changing default credentials to enhance security on your

79
00:07:07,200 --> 00:07:15,600
website or server, we will detect insecure cross domain policies, which is we will identify insecure

80
00:07:15,600 --> 00:07:18,000
cross domain policies in web applications.

81
00:07:18,000 --> 00:07:22,260
And the Nmap also has the Http cross.

82
00:07:22,260 --> 00:07:27,360
Http cross domain cross domain XML script.

83
00:07:27,960 --> 00:07:36,300
Uh, with this script it will helps us to detect insecure cross domain policies which can lead to cross-site

84
00:07:36,300 --> 00:07:39,900
scripting and cross-site request forgery vulnerabilities.

85
00:07:39,930 --> 00:07:44,280
This highlights the need for proper cross domain policy configuration.

86
00:07:44,370 --> 00:07:49,800
And here we will also detect exposed source code control system.

87
00:07:49,800 --> 00:07:53,730
So identifying exposed source code control systems on web server.

88
00:07:53,730 --> 00:08:04,050
So Nmap also has a uh http svn enum script that scans web servers for export subversion SVN repositories

89
00:08:04,080 --> 00:08:07,470
revealing potentially sensitive source code and configuration files.

90
00:08:07,470 --> 00:08:12,840
This underlines the significance of securing version control systems.

91
00:08:12,840 --> 00:08:17,880
We will also audit the strength of Ciphersuites in SSL servers.

92
00:08:18,460 --> 00:08:26,680
And with practical examples, we will evaluate the strength of cipher suites used in SSL, TLS connections.

93
00:08:27,750 --> 00:08:31,260
And maps SSL enum ciphers.

94
00:08:31,560 --> 00:08:39,900
Enum Cipher script can assist in outputting SSL TLS servers by examining the supported cipher suites

95
00:08:39,900 --> 00:08:41,190
and their strength.

96
00:08:41,220 --> 00:08:47,520
This result emphasizes the importance of using secure cipher suites to protect sensitive data.

97
00:08:47,520 --> 00:08:57,240
So this section in this lecture we rely on the http https spider NSA libraries which offer extensive

98
00:08:57,240 --> 00:08:58,560
configuration options.

99
00:08:58,560 --> 00:09:06,900
So you will also learn how to get information and advanced configuration options related to Http, http

100
00:09:07,350 --> 00:09:09,420
pipelining and web crawling.

101
00:09:09,420 --> 00:09:16,890
So by utilizing the powerful Http scripts, you can enhance your web server auditing capabilities,

102
00:09:16,890 --> 00:09:21,150
discover vulnerabilities, and strengthen the security of your web applications.

103
00:09:21,150 --> 00:09:28,030
Stay proactive in your security efforts, and leverage these tools effectively to bolster your defenses.

104
00:09:28,120 --> 00:09:34,510
Remember, responsible and ethical use of web application scanning tools is essential to protect systems

105
00:09:34,510 --> 00:09:40,750
and networks and always have the proper authorization before conducting any security assessments or

106
00:09:40,750 --> 00:09:42,070
penetration testing.