Information gathering/Scanning - Learn More about your target🔥

“Knowing your enemy is winning half the war..” 

Similarly, when you know about your target, half the task of Hacking is done. There are different ways to gather information about your target. In the previous blog, I have explained how to gather information using Footprinting. But knowing basic information is not enough. So in this blog, I will tell you how to gather specific details of your target using Network Scanning for Ethical Hacking.

What is Network Scanning?

Network Scanning is the procedure of identifying active hosts, ports and the services used by the target application. Suppose you are an Ethical Hacker and want to find vulnerabilities in the System, you need a point in the System that you can try to attack. Network Scanning for Ethical Hacking is used to find out these points in the system that a Black Hat Hacker can use to hack the network. And then the respective teams work on improving the security of the network.

Every Organization has a Network. This network could be an internal network which consists of all the systems connected with each other, or it can be a network that’s connected to the internet. In either case, to hack the network, you will have to find a vulnerable point in the network that can be exploited. Network Scanning is used to find out such points in the network.

How is Network Scanning different from Reconnaissance?

Think of it like this: You are an army officer and you and your team are planning to attack a terrorist lair. You have found out the location of the lair and details about the surroundings and also found ways to send the team to the lair. You can consider all this as the information you’ve gathered using Reconnaissance. Now you have to find a point through which you can enter the lair and attack the enemy. This is Network Scanning.

In simple terms, Reconnaissance is used to gather information and understand your target, and Network Scanning is a method used to find possible vulnerable points in the network through which you can hack the network.

Depending on what kind of information the Scan identifies, Network Scanning can be classified into different types.

Types of Network Scanning for Ethical Hacking

Network Scanning can be classified into two main categories:

1. Port Scanning
2. Vulnerability Scanning

Port Scanning

As the name suggests, Port Scanning is a process used to find out active ports on the network. A Port Scanner sends client requests to the range of ports on the target network and then saves the details about the ports that send a response back. This is how active ports are found.

There are different types of Port Scanning. Below is a list of some of the most used ones:

• TCP scanning
• SYN scanning
• UDP scanning
• ACK scanning
• Window scanning
• FIN scanning

Vulnerability Scanning

Vulnerability Scanning is a type of Network Scanning for Ethical Hacking used to find out weaknesses in the network. This type of scanning identifies vulnerabilities that occur due to poor programming or misconfiguration of the network.

Now that you know what Network Scanning is, I will introduce you to some tools and tell you how to use them for Network Scanning.

How to use Network Scanning tools?

In this section of Network Scanning for Ethical Hacking blog, I will show you how to use some Network Scanning tools. The Operating System I am using for this is Kali Linux because it comes with many in-built tools for Hacking. If you want to learn how to install Kali Linux, refer to this previous blog.

1. Nmap for Network Scanning

Nmap is a free and open source network scanner. You can scan a network with Nmap either by using the IP address of the target:

$ nmap 1.2.3.4

Or using the hostname

$ nmap example.com

Note that it is illegal to scan the network of any organization without prior authorization by the organization. So don’t try to scan just any random network. But if we can’t scan any network without permission, then how will we learn about Nmap? Don’t worry, the Nmap Organization has provided a website for us to practice scanning using Nmap: scanme.nmap.org

Let’s try scanning this. Open a terminal in your system and run the below command:

$ nmap -v -A scanme.nmap.org

You can see how Nmap displays the open ports on the network in the result. In the above command, option ‘v‘ is for verbose output and option ‘A‘ is to detect the Operating System.

There are a lot of options that can be used with the Nmap tool to obtain different kinds of results. To understand more about using the Nmap tool, Follow this blog.

Next tool we are going to use is Nikto.

Nikto for Network Scanning

Nikto is a Web Server Scanner that tests for dangerous files and outdated service software. And these details can be exploited and used to hack the network. Nikto is designed to scan the web server in the quickest possible time. 

To use Nikto, open the terminal and run the following command:

$ nikto -host scanme.nmap.org

You should see a similar output

The highlighted part in the above screenshot shows the results that Nikto has found. These results are helpful to understand the weaknesses of the network or application being scanned. Once you find the weakness of the network, you can choose relevant attacks to hack the network.