Netdiscover great tool for scaning and watching local network

Netdiscover is a great tool to scan your local network for locally attached devices. It is installed by default in Kali Linux. However, if you want to use it on a raspberry pi, you need to install it. You can do this as follows:

In virtualbox I have this setup of network in Kali Linux:

The very use of the tool requires specifying the subnetwork in which we are located. We can check it like this:

In this case, we can scan network 192.168.1.0/24, so in netdiscover we can use:

The screen will show the network scanner:

Netdiscover also gives you the option to direct the result to a file, in this case it refreshes the scan every 2 seconds:

Now we can also use nslookup to get hostname:

Also we can use nmap:

You can use more parameters in nmap for more information, however this will significantly increase the scan time. Still, sometimes it’s worth the wait.

Checking SSL certyfikat date using nmap and curl

This time I will use Kali Linux it is a great distro for pentesters. After all, nothing prevents you from using another distribution, such as Debian Linux.

Sometimes we need to check the certificate issuance date. Nmap and curl are a very good tool for this.
Both of these tools allow for advanced analysis of the SSL connection. Let’s try to check the certificate date with nmap:

To be more precise, let’s leave the date and time alone:

Here is the result:

In my experience nmap is a very good tool – however curl is much faster, to use it, do the following:

This is the effect:

It is worth getting acquainted with both tools. Besides checking the date of the certificate, they offer a number of other possibilities.

nmap scaning ciphers and ssl

In debian 11:

Nmap is one of more powerfull tools to scaning network.
We start the installation on debian as root:

and than we can check for example google.com:

It’s much slower than sslscan, but result is the same (tls 1.1, 1.2 and tls 1.3).

TLS 1.0:

TLS 1.1:

TLS 1.2:

The most important thing is don’t using vulnerable ciphers, and reading output of nmap, for example in this case:
“64-bit block cipher 3DES vulnerable to SWEET32 attack” – on SWEET32 vulnerability.
When we testing external website available from internet you can use www.ssllabs.com/ssltest/ but if we have internal server nmap in this case is very good solution to use.