CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Dracnmap Scanning Tool

GitHub is a great source of software. It is based on a library or version control system, providing developers an outlet for open source software and related updates. I recently took a look at Dracnmap, which can be found at:

https://github.com/Screetsec/Dracnmap

Dracnmap is an open source program primarily used to exploit a network by gathering information with the help of Nmap (which stands for network mapper). Nmap comes with lots of options through a command line structure, resulting in a utility that is very robust but somewhat difficult to follow for new users. Dracnmap is somewhat of a dashboard and is designed to provide the ability to perform fast scanning using the script engine of Nmap. It enables the ability to more easily perform a variety of automatic scanning techniques by leveraging advanced Nmap commands in the background.

Nmap scripts are extremely powerful and can detect a wide range of vulnerabilities. Professional penetration testers leverage the power and speed of Nmap to scan for common vulnerabilities using Nmap plug-ins rather than using more complex vulnerability scanning tools.

By the way…Dracos and Screetsec have an awesome YouTube channel that walks you through Dracnmap. I am not going to be able to really do any justice covering anything they already have on those channels. You will not be disappointed if you spend some time going through them. Not only is their tutorial great on Dracnmap, but check out their other tools and videos.

On another side note, check out TheFatRat for another method of getting around antivirus applications. Interesting stuff that, oddly enough, completely distracted me. Go figure.Okay, let’s get back to playing with Dracnmap:

Getting Started


The installation and opening of Dracnmap is re

latively straight-forward, as always.


git clone https://github.com/Screetsec/Dracnmap.git

cd Dracnmap

chmod +x Dracnmap.sh

sudo ./Dracnmap.sh or sudo su ./Dracnmap.sh

Scanning with Dracnmap

As you play with Dracnmap (at least the way I am using it in the example below) you can see how it is more-or-less a front-end menu driven GUI for Nmap plugins.One of the common scans I run with Dracnmap is to look for cross-site scripting vulnerabilities. This is a quick way for me to check to see if potential problems or vulnerabilities exist within Web application implementations.


Here are the steps to run this type of scan:


Select option 7 for Web services

Select option 5 for Web base services

Enter target address (the system you want to scan)

View the results within the Nmap console that will appear


Other Scanning Options with Dracnmap

There some excellent scans built into Dracnmap. Some of my favorites include detecting Web application firewalls, open relays, Web servers vulnerable to Sloworis DDoS attacks, enumerating users from an SMTP server, SQL injection vulnerabilities, and brute force attacks with NSE scripts against various protocols and servers.

You can output scan results in different formats supported by Nmap, or use a XML export to import into other applications.

Other Scanning Considerations with Dracnmap

Nmap can be ‘noisy’, meaning it can be readily detected by many NGFWs and IPS systems, so please use Dracnmap sparingly. My friend (Keith) calls is ‘tripping over the garbage can lids’, which is pretty appropriate. Even though Nmap is a readily detected scanner, Dracnmap is a great way to get educated in Nmap plug-ins and how to use them as you explore the power of Nmap.

Credit Where Credit is Due

I wanted to include the credits as listed in the Dracnmap app below:


########################################################################## Credits

To##########################################################################


Special thanks to:Dracos Linux ( www.dracos-linux.org )

Offensive Security for the awesome OShttp://www.offensive-security.com/http://www.kali.org/http://www.kitploit.com/http://www.linuxsec.org/My Friend for help me ( Boy Suganda )Big Thanks to : http://www.github.com/Have fun with Dracnmap, but, as always…..be careful out there!

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos