====== Info Gathering ======

**Post-Connection Attacks:** After you connect to a newtork... the first thing you will likely want to do is know what is out there. Info gathering. Recon.
  * Find out what is attached to the network: IP, MAC, OS, Ports, Services... 

If you need a practice machine, download a free VM: [[https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/|Win10]]
  * Make sure to create and use a snapshot of that VM so you can reset by creating a new snapshot from the original VM when the time runs out.

**Tools:** Tools: netdiscover (simple) and nmap (more detailed)
  * After you get your feet wet with nmap, read [[https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_3|The Book]]. 

----

===== NetDiscover =====

**netdiscover:** quickly discover all devices connected to our network...

<code>netdiscover -r 192.168.0.1/24  # -r sets range, /24 gives entire subnet</code>

**Provides:**
  - IP Address
  - MAC Address
  - Vendor Info

----
===== ZenMap =====

ZenMap is a GUI frontend for Nmap. 

**Run:** ``zenmap``
  * __Target__: 192.168.1.1/24  (to specify the entire subnet as the range)
  * __Command__: shows you the nmap command that will be excuted when you click "Scan"
  * __Profile__: Several differnt nmap scan set-ups to choose from...
    * __Ping scan__: very quick & simple (pings every possible IP in the range, similar to netdiscover but more info)
    * __Quick scan__: Ping + Open Ports on discovered devices
    * __Quick scan plus__: slower but shows more info (o/s, device type, program and program version running on discovered ports)

**Installation Instructions:** Zenmap is not being maintained upstream any longer therefore Kali dropped the package. Therefore, do the following...

1. [[https://nmap.org/download.html|Download the rpm]] labeled "Optional Zenmap GUI (all platforms)"

2. If you haven't already, install Alien:

<code>apt install alien dpkg-dev debhelper build-essential<\code>

3. Convert the rpm to debian format:

<code>alien packagename.rpm</code>

4. Use dpkg to install the shiny new .deb package:

<code>dpkg -i packagename.deb</code>


----

===== Nmap =====

This is the mother of all tools... Buy and read [[https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_3|The Book]].

----