This article is from Hakin9 OPEN – Open Source Tools edition, which is available for download for free.
Although it might seem that there are tons of similar tools, most of them serve a particular need, or offer complex technical features for a cybersecurity measurement requirement. In this article, we present Cyberscan, an easy to use tool that ensures together features of tools such as Nmap, Zenmap, Wireshark, etc. But, CyberScan is very simple and compact. It is an open source toolkit for pentesting and ethical hacking.
For instance, CyberScan port scanner prevents intrusions by showing you the status of your network exposure by scanning the network to monitor open services and ports that can be exploited by exogenous traffic. Furthermore, it provides basic views of how the network is lead out in order to help identifying unauthorised hosts or applications and network host configuration errors that can cause serious security vulnerabilities.
Moreover, CyberScan Tool Kit is able to send and capture packets of several protocols, forging and decoding them to be used for most network tasks such as scanning, testing connectivity through probing and attacks ( Attacker ROI, DDOS Attack, SYN Flood, etc.)
In addition, it has some features like geolocation and deep packet inspection.
PS : This Workshop Is For Educational Purpose only, I am not responsible for your actions.
Figure 1: Sample usage of CyberScan
As shown in Figure 1, Cyberscan is part of BlackArch OS Tools. It is developed by BEN ALI Mohamed from ESPRIT School of Engineering, Tunisia. Written in Python language, it requires at least version 2.7 of Python.
It is noteworthy that Python is available by default installed in Mac OS, BlackArch, and derivatives.
In the following paragraphs, we detail features of our toolkit.
CyberScan works on different operating systems. Those we have tested are:
-
Windows XP/7/8/8.1/10
-
GNU/Linux
-
MacOSX
One can download CyberScan from https://github.com/medbenali/CyberScan /archive/master.zip or by using the following commands:
git clone https://github.com/medbenali/CyberScan.git cd CyberScan python CyberScan.py -v
CyberScan works out of the box with Python version 2.6.x and 2.7.x . One interesting note is that there is no need to install extra tools or libraries.
In order to make sure you have CyberScan in your machine, you can launch the same command as shown in Figure 2.
Figure 2: Checking CyberScan version and its help
This figure shows how to verify the available version of CyberScan. It also demonstrates how to list available options through its help manual.
In the following subsections, we describe briefly features offered by our tool.
3.1) Test Network Connectivity
One can perform ping active probe using several protocol’s measurement (ICMP, TCP, UDP, ARP, etc.).
a) LAN Hosts Discovery
The fastest way to discover hosts of a local Ethernet network is to use ARP. CyberScan uses ARP broadcasts used by hosts to resolve IP addresses in discovering connected machines and corresponds between couples of IP and MAC addresses.
Figure 3 illustrates this use case of CyberScan.
Figure 3: CyberScan ARP Host Discovery
b) ICMP Ping
In this case, one knows the network address or domain name of the host, it can test its connectivity thanks to an ICMP base of ping.
Figure 4: CyberScan ICMP Ping
Figure 4 highlights usage of our ICMP ping functionality.
c) TCP & UDP Ping
As it is known, some hosts and routers block ICMP echo reply requests on their interfaces for security reasons:
Another alternative is to use TCP active probing approach. As depicted in Figure 5, as TCP and UDP segments do not necessarily obtain the same processing at intermediate routers due to traffic engineering configurations, one can imagine also using UDP active probing to measure Round-Trip time (RTT) encountered when using real-time applications. CyberScan, as shown in Figure 6, allows using a UDP ping to specific destination.
Figure 5: CyberScan TCP Ping
Figure 6: CyberScan UDP Ping
3.2) Network Scanning
Another interesting tool of CyberScan is network scanning because it can be considered as being an entry point to a machine, or computer (box) that is connected to the internet.
a) Port Scanner
Port Scanning is one of the initial steps that a Penetration Tester (Ethical Hacker) will take to determine how secure a network or web application is from black hat hacker attacks.
Figure 7: CyberScan Port Scanner
Figure 7 shows a sample usage of the port scanning feature of our tool.
b) IP GeoLocation
CyberScan can find the physical location of an IP address. It helps, for example, an forensic investigator tracking down a suspect who wrote a threatening email or hacked someone’s company.
Figure 8: CyberScan Geolocation
One can verify the results of CyberScan tool, comparing them to those given by the website geolocaliser-ip.com.
As shown in figure 8 and figure 9, both of them give the same result when testing a Google DNS whose address is 8.8.8.8.
Figure 9 : Testing VS CyberScan Geolocation Result
3.3) Analyzing packet headers
The basic unit of network communication is the packet. CyberScan analyzes packets at different layers by the layers (IP, TCP, ICMP, UDP, etc.) and then corresponding to datagrams of each layers.
It corresponds to the third layer of the OSI model.
a) Ethernet Headers
One use of CyberScan (see Figure 11) could show header fields such as Mac address and EtherType.
Figure 10: Getting CyberScan Ethernet Headers
b) IP Headers
An IP Header is header information at the beginning of an IP packet that contains information about IP version, source and destination IP address, time-to-live, etc.
This is layer 3 protocol in the OSI model.
Figure 11: Getting CyberScan IP Headers
c) TCP & UDP Headers
TCP provides reliable, ordered and error-checked delivery of stream of octets between applications running on hosts communicating by an IP Network or major applications such as World Wide Web (WWW), email, remote administration and file transfer rely on TCP.
Applications that do not require reliable data stream service may use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability.
Figure 12: CyberScan TCP Headers
Figure 13: CyberScan UDP Headers
Figures 11 and 12 illustrate usage of CyberScan to respectively decorticate TCP and UDP fields of a received IP packet.
CyberScan is a open pentest tool. It can be used to analyse and decode packets and help to scan ports. It can also ping and track locations using IP Address.
If anyone is interested in this work, please take a look at my GitHub Account [1] https://www.github.com/medbenali as we have at least some public projects posted there.
If you have any needs or even just want to brainstorm, please feel free to connect.
About the Author
Mohamed BEN ALI is a student, currently at the fourth year in IT engineering at ESPRIT School of Engineering [2] (https://esprit.tn), pentester, developer, ethical hacker, interested in CyberSecurity, Robotics, Image Processing, Machine Learning, mobile development and embedded systems. He has been an intern research student at MINOS research team at Esprit.
Did you liked the article? If you want to read more similar tutorials check the full free edition
Hakin9 OPEN – Open Source Tools