1 00:00:00,800 --> 00:00:02,000 Hello, my name is Steve. 2 00:00:02,570 --> 00:00:09,500 In today's digital landscape, the hypertext transfer protocol Http stands as one of the most widely 3 00:00:09,500 --> 00:00:10,610 used protocols. 4 00:00:10,640 --> 00:00:17,540 Web servers have evolved from serving static pages to handling interactive web applications with user 5 00:00:17,540 --> 00:00:18,320 interaction. 6 00:00:18,350 --> 00:00:24,410 This technological progress has opened the door to a potential vulnerabilities, particularly through 7 00:00:24,410 --> 00:00:30,680 the tainted user input that can manipulate application logic and lead to unintended malicious actions. 8 00:00:30,710 --> 00:00:37,400 The ease of web application development using modern framework has further contributed to an increase 9 00:00:37,400 --> 00:00:38,450 in vulnerability. 10 00:00:38,480 --> 00:00:40,940 Vulnerable applications on Internet. 11 00:00:40,970 --> 00:00:43,730 To address these concerns. 12 00:00:44,630 --> 00:00:54,170 We The Nmap scripting engine NSC offers a growing collection of Http scripts, transforming Nmap into 13 00:00:54,170 --> 00:00:59,120 an invaluable web scanner for penetration testers with Nmap. 14 00:00:59,150 --> 00:01:05,870 Not only can vulnerabilities as misconfigurations be identified, but web applications can also be crawled 15 00:01:05,870 --> 00:01:08,630 to discover intriguing information. 16 00:01:08,660 --> 00:01:15,500 This section aims to teach you how to leverage Nmap for web server auditing, ranging from automating 17 00:01:15,500 --> 00:01:19,310 configuration checks to exploiting vulnerable web applications. 18 00:01:19,340 --> 00:01:25,340 Additionally, I will introduce some of the NSC scripts that I have developed over the years, which 19 00:01:25,340 --> 00:01:29,660 I found useful during web penetration test conducting at web. 20 00:01:30,140 --> 00:01:38,600 So let's explore the various sections and topics covered in this section here of our course. 21 00:01:38,600 --> 00:01:41,840 So we will firstly list supported Http methods. 22 00:01:42,260 --> 00:01:48,630 With practical side, we will enumerate all the Http methods supported by a web server and web servers 23 00:01:48,630 --> 00:01:53,460 over various Http methods, some of which can pose security risks. 24 00:01:53,460 --> 00:01:59,460 So it's essential for system administrators and penetration testers to quickly identify these methods 25 00:01:59,460 --> 00:02:02,460 and test their accessibility. 26 00:02:03,250 --> 00:02:12,670 So in maps, Http method script provides a convenient way to accomplish this task and we will also discover 27 00:02:12,670 --> 00:02:14,950 interesting files and folders on a web server. 28 00:02:14,950 --> 00:02:21,100 We will do practical examples such as we will use Nmap to identify intriguing files and directories 29 00:02:21,100 --> 00:02:22,360 on web servers. 30 00:02:22,360 --> 00:02:26,770 And the explanation of this topic is in Nmap. 31 00:02:27,280 --> 00:02:34,510 Http enum script enables the discovery of potentially sensitive or hidden files and folders on web servers. 32 00:02:34,540 --> 00:02:39,730 This information can be valuable for further analysis and vulnerability assessment. 33 00:02:39,760 --> 00:02:45,160 We will also do brute forcing Http authentication. 34 00:02:45,250 --> 00:02:53,620 We will perform brute force attacks on Http authentication mechanisms because Nmap http brute script 35 00:02:53,620 --> 00:02:59,980 automates the process of attempting various username and passwords combinations to gain unauthorized 36 00:02:59,980 --> 00:03:01,750 access to protected web servers. 37 00:03:01,750 --> 00:03:08,000 So this topic highlights the significance of the strong authentication credentials. 38 00:03:08,000 --> 00:03:09,920 We will brute force web applications. 39 00:03:09,920 --> 00:03:18,320 We will practically do Nmap to launch brute force attacks against web applications. 40 00:03:18,320 --> 00:03:24,050 So in web boot scripts extend its capabilities to target web applications login forms. 41 00:03:24,050 --> 00:03:27,020 So by systematically attempting different credentials. 42 00:03:27,020 --> 00:03:34,670 So this script helps identify weak authentication mechanisms and emphasizes the importance of implementing 43 00:03:34,670 --> 00:03:37,130 robust password policies. 44 00:03:37,400 --> 00:03:40,640 We will also detect web application firewalls. 45 00:03:40,730 --> 00:03:49,910 Practically, we will do examples how to detect the presence of web application firewalls EFS using 46 00:03:49,980 --> 00:03:50,660 maps. 47 00:03:50,660 --> 00:04:02,080 So Nmap has a http F detect scripts which aids in identifying the existence of a VFS that so a w by 48 00:04:02,090 --> 00:04:12,740 w a f, I mean the web application firewall fire firewall. 49 00:04:13,280 --> 00:04:19,730 And that may have been be protecting web applications and we will understand the presence of such security 50 00:04:19,730 --> 00:04:26,600 measures and which is they are crucial for further penetration testing and vulnerability assessment. 51 00:04:27,170 --> 00:04:33,280 And we will do a lot of examples, which we will also do X and x. 52 00:04:33,320 --> 00:04:39,350 We will detect x and X vulnerabilities by x east side here. 53 00:04:39,920 --> 00:04:51,020 Um, we will do practical examples such as identifying potential cross-site tracing XD cross site tracing 54 00:04:51,020 --> 00:04:53,990 vulnerabilities with nmap and nmap. 55 00:04:54,560 --> 00:05:02,660 Nmap http trace script http trace script detects if the trace method is enabled on web servers, which 56 00:05:02,660 --> 00:05:06,280 could lead to excessive vulnerabilities. 57 00:05:06,820 --> 00:05:16,270 So this topic emphasizes the importance of disabling the trace method to mitigate potential security 58 00:05:16,270 --> 00:05:16,800 risks. 59 00:05:16,810 --> 00:05:21,400 And we will also detect a famous ICS vulnerabilities. 60 00:05:21,400 --> 00:05:29,710 So we will practically identify cross-site scripting vulnerabilities using Nmap, cross-device, cross-site 61 00:05:30,070 --> 00:05:30,610 scripting. 62 00:05:30,610 --> 00:05:44,290 I mean the ICS vulnerabilities using Nmap and Nmap http http x ed scripts helps identify potential vulnerabilities 63 00:05:44,290 --> 00:05:49,840 in web applications by injecting specific payloads and analyzing the responses. 64 00:05:49,840 --> 00:05:56,230 So this topic here demonstrates the importance of input, validation and output encoding to prevent 65 00:05:56,260 --> 00:05:58,270 excess attacks. 66 00:05:59,180 --> 00:06:02,110 And we will find we will with Nmap. 67 00:06:02,120 --> 00:06:05,720 We will also find the SQL injection vulnerabilities. 68 00:06:05,720 --> 00:06:15,590 We will discover SQL injection vulnerabilities with Nmap, which is Nmap http SQL injection script assist 69 00:06:15,590 --> 00:06:20,120 in identifying potential SQL injection vulnerabilities in web applications. 70 00:06:20,120 --> 00:06:26,240 So this topic highlights the significance of proper input, sanitization and prepared statements to 71 00:06:26,240 --> 00:06:29,110 prevent these types of attacks. 72 00:06:29,120 --> 00:06:33,020 We will also find web applications with default credentials. 73 00:06:33,020 --> 00:06:38,120 We will identify web applications that may be using default credentials, for example, admin. 74 00:06:38,540 --> 00:06:46,340 For example, if you have a WordPress site and didn't assign specific password for it, the probable 75 00:06:46,400 --> 00:06:50,780 password will be admin, admin or admin pass here like this. 76 00:06:50,780 --> 00:06:58,550 So we will scan these websites and Nmap http default account script checks for the presence of web applications 77 00:06:58,550 --> 00:07:00,660 with default usernames and passwords. 78 00:07:00,660 --> 00:07:07,200 So this recipe underscores the importance of changing default credentials to enhance security on your 79 00:07:07,200 --> 00:07:15,600 website or server, we will detect insecure cross domain policies, which is we will identify insecure 80 00:07:15,600 --> 00:07:18,000 cross domain policies in web applications. 81 00:07:18,000 --> 00:07:22,260 And the Nmap also has the Http cross. 82 00:07:22,260 --> 00:07:27,360 Http cross domain cross domain XML script. 83 00:07:27,960 --> 00:07:36,300 Uh, with this script it will helps us to detect insecure cross domain policies which can lead to cross-site 84 00:07:36,300 --> 00:07:39,900 scripting and cross-site request forgery vulnerabilities. 85 00:07:39,930 --> 00:07:44,280 This highlights the need for proper cross domain policy configuration. 86 00:07:44,370 --> 00:07:49,800 And here we will also detect exposed source code control system. 87 00:07:49,800 --> 00:07:53,730 So identifying exposed source code control systems on web server. 88 00:07:53,730 --> 00:08:04,050 So Nmap also has a uh http svn enum script that scans web servers for export subversion SVN repositories 89 00:08:04,080 --> 00:08:07,470 revealing potentially sensitive source code and configuration files. 90 00:08:07,470 --> 00:08:12,840 This underlines the significance of securing version control systems. 91 00:08:12,840 --> 00:08:17,880 We will also audit the strength of Ciphersuites in SSL servers. 92 00:08:18,460 --> 00:08:26,680 And with practical examples, we will evaluate the strength of cipher suites used in SSL, TLS connections. 93 00:08:27,750 --> 00:08:31,260 And maps SSL enum ciphers. 94 00:08:31,560 --> 00:08:39,900 Enum Cipher script can assist in outputting SSL TLS servers by examining the supported cipher suites 95 00:08:39,900 --> 00:08:41,190 and their strength. 96 00:08:41,220 --> 00:08:47,520 This result emphasizes the importance of using secure cipher suites to protect sensitive data. 97 00:08:47,520 --> 00:08:57,240 So this section in this lecture we rely on the http https spider NSA libraries which offer extensive 98 00:08:57,240 --> 00:08:58,560 configuration options. 99 00:08:58,560 --> 00:09:06,900 So you will also learn how to get information and advanced configuration options related to Http, http 100 00:09:07,350 --> 00:09:09,420 pipelining and web crawling. 101 00:09:09,420 --> 00:09:16,890 So by utilizing the powerful Http scripts, you can enhance your web server auditing capabilities, 102 00:09:16,890 --> 00:09:21,150 discover vulnerabilities, and strengthen the security of your web applications. 103 00:09:21,150 --> 00:09:28,030 Stay proactive in your security efforts, and leverage these tools effectively to bolster your defenses. 104 00:09:28,120 --> 00:09:34,510 Remember, responsible and ethical use of web application scanning tools is essential to protect systems 105 00:09:34,510 --> 00:09:40,750 and networks and always have the proper authorization before conducting any security assessments or 106 00:09:40,750 --> 00:09:42,070 penetration testing.