Footprinting and scanning tools
This is a selection of footprinting and scanning tools you may wish to
install in your MIS Lab VM machine in order to do the course assignments. Some of these tools are NOT safe to install in your home PCs.
You should be very careful in using these tools outside of the Lab.
Network administrators do not take lightly the probing of their
networks and may respond aggressively to your attempts to gain
information about them by using some of these tools. Please note that I
am emphasizing Windows tools, but we will see Linux/UNIX tools later.
I suggest you run these tools as administrator. If they are graphical,
right-click on the shortcut or .exe file and select run as admin.
Sam Spade
Download Sam Spade from this web site and install it. Sam Spade is a graphical tool which allows you to do DNS interrogation and many other things. See a tutorial here. The features which make Sam Spade a key security tool are:
- Advanced DNS - DIG tool requests all the DNS records for a host or domain
- Zone Transfer - ask a DNS server for all it knows about a domain
- SMTP Relay Check - check whether a mail server allows third party relaying
- Scan Addresses - scan a range of IP addresses looking for open ports
- Crawl Web site - search a Web site, looking for email addresses, offsite links, download a Web site
- Search IP block - finds the IP block for an organization
Sam Spade also does whois, traceroute, finger and dns lookup.SuperScan
Download SuperScan from its new location and install it. SuperScan
allows you to scan a range of IP addresses and do TCP port scanning. It
can check all ports, or the ones you select. It is a very fast and
powerful tool. You can see a tutorial here and a youtube video, too.
Nmap
Download Nmap from its Web site.
You will use it in both Windows and UNIX/Linux. It can do ping
sweeps, OS identification, in addition to what can be done
with SuperScan. You can see most of its options and commands at
its Web site Options summary. and more details can be seen in its online book version. Of course you can also see an youtube video on the nmap basics.
TcpView
TcpView is a free tool for Windows that
enables you to monitor all open TCP and UDP ports on the local
computer. You can download it from the Microsoft Sysinternals download site. As you can see in this image it
shows not only the open ports, but also what application in your PC is
linked to the open ports. If a connection is established with a remote
host you can see the remote host IP number. TcpView is not a Intrusion
Detection System, but provides a picture of is going on in your
computer regarding to ports and refreshes automatically, so you can see
the changes that are happening.
We will see, later in the course, how to set IDS and firewall software to attempt to protect your hosts.
This page is maintained by Al Bento
who can be reached at abento@ubalt.edu.
This page was last updated on August 20, 2017. Although we will attempt
to keep this information accurate, we can not guarantee the accuracy of
the information provided.
