9. LBD:
Its full name is load balancing detector. It is the tool of kali Linux that is used for information gathering purpose. It is used to detect the load balancer of a specific website. Load balancer is used to manage the requests that are sent to web serve. For DOS and DDOS attack on a website identification of load balancer is very important that we can detect by lbd. So, a hacker should learn it. It is very easy to use. The important commands of lbd are following.
TO SEE ALL OPTIONS OF LBD:
(lbd -h)
TO DISCOVER THE LOAD BALANCER:
(lbd + domain of website) e.g. (lbd example.com)
Load balancer of our target website
TO CHECK A LOAD BALANCER ON A SPECIFIC PORT:
(lbd + domain of web -p + port number) e.g. (lbd example.com -p 80)
TO DISABLE THE RECURSIVE PROCESSING:
(lbd + domain of web -r) e.g. (lbd example.com -r)
TO FORCE LBD TO FIND LOAD BALANCER:
(lbd + domain of web -R + number) e.g. (lbd + domain of web -R 1000)
TO ENABLE TCP MODE TO DETECT LOAD BALANCER:
(lbd + domain -T) e.g. (lbd example.com -T)
TO ENABLE UOP MODE TO DETECT LOAD BALANCER:
(lbd + domain -U) e.g. (lbd example.com -U)
TO SEE THE DETAIL OF LOAD BALANCER:
(lbd + domain -V) e.g. (lbd example.com -V)
TO SET A SPECIFIC TIME FOR RESPONSE FROM TARGET WEBSITE:
(lbd + domain -W + time) e.g. (lbd example.com -W 5)
TO USE IPV4 FOR SCANNING:
(lbd -4 + ipv4 of target website) e.g. (lbd -4 192.168.8.1)
TO USE IPV4 FOR SCANNING:
(lbd -6 + ipv6 of target website) e.g. (lbd -6 xv13::481a: 9e4b:aa01:ef74%13)
You can some other options but important are those that I discussed.
10. NETMASK:
It is the basic information gathering tool of kali Linux. It is not big tool. It is used to discover ip range of domain in different formats like in standard format, binary format etc. It provides netmask a domain.
TO SEE ALL OPTION OF NETMASK:
(netmask -h)
TO PRINT OUTPUT IN STANDARD FORMAT:
(netmask -s +domain of website) e.g. (netmask -s google.com)
TO PRINT OUTPUT IN CIRD FORMAT:
(netmask -c +domain of website) e.g. (netmask -c google.com)
TO PRINT OUTPUT CRISCO FORMAT:
(netmask -i +domain of website) e.g. (netmask -i google.com)
TO PRINT OUTPUT IN FROM OF RANGE:
(netmask -r +domain of website) e.g. (netmask -r google.com)
Output of netmask showing network range of target domain
TO OUTPUT IN HEX FORMAT:
(netmask -x +domain of website) e.g. (netmask -x google.com)
TO PRINT IN OCTAL FORMAT:
(netmask -o +domain of website) e.g. (netmask -o google.com)
TO PRINT OUTPUT IN BINARY FORMAT:
(netmask -b +domain of website) e.g. (netmask -b google.com)
11. IKE-SCAN:
It is tool of kali Linux that is used to gather the information of website that uses VPN connections. Mostly website uses VPN to prevent hacking therefore ike-scan is very important tool of kali Linux that is used to scan such websites .So an ethical hacker must have knowledge about the ike-scan tool scan such websites. Now if we see the important commands of the ike-scan, these are following.
TO SEE ALL OPTIONS OF IKE-SCAN:
(ike-scan - h)
TO COLLECT INFORMATION ABOUT IKE-WEBSITE:
(ike-scan + ip address of website) e.g. (ike-scan 192.168.8.1)
TO SCAN IP ADDRESSES SAVED IN A FILE:
(ike-scan -f + path of file) e.g. (ike-scan -f /root/Desktop/ike.txt)
TO SCAN A SPECIFIC UDP SOURCE PORT:
(ike-scan + ip -s + port number) e.g. (ike-scan 192.168.1.8 -s 500)
TO SCAN SPECIFIC DESTINATION PORT:
(ike-scan + ip of website -d + port number) e.g. (ike-scan 192.168.1.8 -d 500)
Ike-scan output in terminal during scanning
TO SET NUMBERS OF ATTACKS PER HOST:
(ike-scan +ip -r + number) e.g. (ike-scan 192.168.1.8 -r 5)
TO SET A SPECIFIC TIME FOR ATTACK FOR SCANNING:
(ike-scan +ip -t + time) e.g. (ike-scan 192.16.1.9 -t 500)
TO DISPLAY SPECIFIC OUTPUT IN TERMINAL:
(ike-scan +ip address -v + any no) e.g. (ike-scan 192.18.1.8 -v 1)
You can use maximum (3) verbose level in ike-scan.
TO GET SMOOTH OUTPUT FROM IKE-SCAN IN REAL FORM:
(ike-scan +ip -q) e.g. (ike-scan 192.168.1.8 -q)
TO SEE OUTPUT OF EACH PAYLOAD SENT BY IKE-SCAN DURING ATTACK:
(ike-scan +ip -m) e.g. (ike-scan 192.168.8.1 -m)
TO SET BACK OFF FINGERPRINT TABLE:
(ike-scan +ip -o No.) e.g. (ike-scan 192.168.8.1 -o 25)
TO SET BACK OFF PATTERN FILE:
(ike-scan +ip -p -o +No. +path of file) e.g. (ike-scan 192.168.1.8 -o 25 p /root/desktp/ike-backoff-patterns)
TO SET IKE-SCAN IN AGGRESSIVE MODE (EFFECTIVE MODE):
(ike-scan +ip -A) e.g. (ike-scan 192.18.1.8 -A)
TO USE IDENTIFICATION VALUE:
(ike-scan +ip -n +any name or id -A) e.g. (ike-scan 192.1681.8 -n + test -A)
TO SET IDENTIFICATION TYPE:
(ike-scan +ip -y + no -A) e.g. (ike-scan 192.168.1.8 -y 3 -A)
TO SCAN A WEBSITE RANDOMLY:
(ke-scan +ip -R) e.g. (ike-scan 192.18.1.8 -R)
TO SET TCP PORT FOR SCANNING:
(ike-scan +ip -T +TCP port number) e.g. (ike-scan 192.168.1.8 -T 5oo)
TO SET A CONNECTION TIME WITH TCP PORT OF WEBSITE:
(ike-scan +ip -T +TCP port number -O +time) e.g. (ike-scan 192.168.1.8 -T 500 -O 9)
These were mostly used and very important commands of the ike-scan to scan a website that uses VPN servers. But I explained commands in simple way. You can also use the mixture of commands depending upon your work and power of your knowledge. According to me you should try mixtures in every tool of kali Linux to do your work in easy way.
12. MASSCAN:
Masscan is a scanning tool of the Linux that is used to scan port of victim and also used for analysis of security of victim. It helps in basic information gathering and useful tool. It is fastest in speed then all tools of scanning therefor it is named as masscan. The important commands of Masscan are following.
TO SEE ALL OPTIONS OF MASSCAN:
(masscan --help)
TO SCAN A SPECIFIC PORT OF SPECIFIC IPADDRESS:
(masscan +ip -p+port number or range) e.g. (masscan 192.186.1.8 -p8080) or (masscan 192.186.1.8 -p1-5535)
TO SCAN PORTS AT FASTER RATE:
(masscan +ip -p +port range --rate + RATE value) e.g. (masscan 192.186.1.8 -p1-65535 --rate 1000)
TO SCAN A SPECIFIC PORTS:
(masscan +ip -p +ports numbers) e.g. (masscan 192.186.1.8 -p22,23,21,80,81)
Output of masscan in kali Linux about target
TO SCAN A NETWORK RANGE:
(masscan +ip range -p+port number or range) e.g. (masscan 192.186.1.8 -p80 -800)
TO EXCLUDE SPECIFIC IP ADDRESSES RANGE:
(masscan +ip range -p +port numbers or range --excludefile +path of file having specific ip addresses) e.g. (masscan 192.168.1.8/24 -p1 -20 --excludefile /root/pass.txt)
TO SAVE OUTPUT IN SPECIFIC FILE:
(masscan +ip -p +port > + file path) e.g. (masscan 192.168.0.1 -p8080 > /root/Desktop/masscan.txt)
13. NBTSCAN:
Nbtscan is an information gathering tool of kali Linux that is used to discover NetBIOS information of a target ip address. NetBIOS name, MAC ip address and more useful information. It helps in basic information gathering and easy to use. So, a hacker must learn it for basic information gathering. The main commands of NBTscan are following;
TO SEE ALL OPTION OF NBTSCAN:
(nbtscan) or (man nbtscan)
TO SEE BASIC NETBIOS INFORMATION:
(nbtscan+ ip address of target) e.g. (nbtscan 192.168.0.101)
FOR DETAIL INFORMATION IN BEST WAY:
(nbtscan+ ip address of target -v) e.g. (nbtscan 192.168.0.101 -v)
TO SCAN A SPECIFIC RANGE OF IPADDRESSES:
(nbtscan+ ip of range -v) e.g. (nbtscan 192.168.0.101/155 -v)
Output of NBTScan about the target computer
TO DUMP OR RECEIVE ALL PACKETS AND FOR COMPLETE INFORMATION:
(nbtscan -d + ip address of target) e.g. (nbtscan -d 192.168.0.101)
TO DISCOVER WORKGROUP OF TARGET:
(nbtscan -v -s : + ip address or range of ips) e.g. (nbtscan -v -s:192.168.0.101/24)
TO SET A SPECIFIC TIME FOR SCANNING:
(nbtscan+ ip address t + time) e.g. (nbtscan 192.168.0.101 -t 25)
TO AVOID BANNERS AND ERROR MASSEGES DURING SCANNING:
(nbtscan+ ip address -q) e.g. (nbtscan 192.168.0.101 -q)
TO SCAN IP ADDRESSES FROM A FILE:
(nbtscan -f + file name or path) e.g. (nbtscan -f /root/Desktop/nbt.txt)
TO PRINT OUTPUT IN HUMAN REDBLE FORM:
(nbtscan + ip address or range -h) e.g. (nbtsan 192.168.1.0 -h)
14. ENUM4LINUX:
It is the basic information gathering tool of kali Linux that is written in Perl language. It provides the basic information about an ip address like MAC address, work group, operating system, shares, printer information, password policy, etc. The information provided by enum4Linux may be very helpful during hacking. The main commands of enum4Linux are following.
TO SEE ALL OPTIONOF ENUM4LINUX:
(enum4Linux -h)
TO SEE COMPLETE INFORMATION IN DETAILED INFORMATION:
(enum4Linux -a + ip address of target -v) e.g. (enum4Linux -a 192.168.0.1 -v)
TO GET COMPLETE MACHINE LIST, USERLIST AND SHARELIST:
(enum4Linux -M -d -a + ip address) e.g. (enum4Linux -M -d 192.168.0.1)
TO SCAN A TARGET USING USERNAME AND PASSWORD:
(enum4Linux -a -u + username -p + password + ip address) e.g. (enum4Linux -a -u test p pass 192.168.0.1)
TO FIND USERS BY RID CYCLING:
(enum4Linux -R +range -K +number) e.g. (enum4Linux -R 500-600 -K 999999)
Output of enum4Linux about the target computer
TO BRUTE FORCE SHARE NAME BY A FILE:
(enum4Linux -s + path of file having share names) e.g. (enum4Linux -s /root/sharees.txt 192.168.0.1)
TO FIND DEFAULT USERS THAT EXIT ON TARGET SYSTEM:
(enum4Linux -K + ip address) e.g. (enum4Linux -K 192.168.0.1)