How Hackers Scan the Internet?

A vast networks that connects computers from all over the world is called the internet.

Back in 2002 Google Dorking was in Lead for security research on the internet and in 2020 it is still in use, Specific queries were designed for exploring different types of files or ports across the internet, Finding vulnerable file using Google Dorking is still possible in 2020 with the same effort as in 2002 which takes a lot of time that is why developers made more efficient programs to make the work more reliable and extendable. (e.g. Nmap, Shodan.io, AMASS, fofa.so, ZoomEye). Starting from port scanning to make vulnerable report it requires a lot of steps but this blog is only about the scanning the internet which is more near to networks that is why we are demonstrating network applications which are used to scan an internet are listed down with description.

Source: giphy.com

NMAP (Network Mapper)

Nmap is an open-source Application and default Linux command line tool, This is used to perform network scan from which we can discover hosts and different services on a wide computer network by sending request packets to a computer server on the same network connected world wide or local and analyze the response, this can be measured as ping.

Nmap Application front-end

Download https://nmap.org/download.html

Basic Commands

1. Ping Scan ( nmap -sp 192.168.1.1 ) Replace 192.168.1.1 with your target IP.
2. Single Host Scan ( nmap example.com ) Replace Example.com with your Target domain.
3. Stealth Scan ( nmap -sS example.com ) Replace Example.com with your Target domain.
4. Port Scan ( nmap -p 192.168.1.1 ) Replace 192.168.1.1 with your target IP.
5. Aggressive Scan ( nmap -A example.com ) Replace Example.com with your Target domain.

AMASS (Automated Attack Surface Mapping)

AMASS is a project of OWASP programmed in Golang build to perform network mapping surface attacks and external Asset discovery using information gathering and reconnaissance techniques. AMASS uses prebuild binaries form dockers. This may push you to setup dockers first.

Source: AMASS Github

Download https://github.com/OWASP/Amass

Useful information from AMASS Github

If you prefer to build your own binary from the latest release of the source code, make sure you have a correctly configured Go >= 1.14 environment. More information about how to achieve this can be found on Golang.

Basic Commands

1. OSINT: Finding IP Range ( amass intel -org example )
2. Enumeration: Network Mapping ( mass enum -d xyz.com )

Shodan.io

Shodan is a computer search engine which let you explore the internet of things. Google only index webpages while Shodan index pretty useful things such as devices, Software, documents, daily in use products & much more. Shodan uses algorithms for searches and if you are familiar with those this means you are doing some serious kind of computer hacking.

Website shodan.io

Source: medium.com

Basic Shodan Algorithms

1. Generate a random IPv4 address.
2. Generate a random port to test from the list of ports that Shodan understands.
3. Check the random IPv4 address on the random port and grab a banner.
4. Goto 1

How Shodan Works

Lets suppose a computer service is running on an open ports. Open ports describes themselves on internet on a banner and a banner is set to declare a service on internet about what type of service is it and how to interact with it.

This is how it looks like:

200 xyz.pk FTP server (version 4.00LS) ready

on the other hand Shodan only index ports 80 and 443 for websites this means services running on other ports are offering specific information about other ports.

Correspondence : hassantahir.com