Netdiscover is typically used by network administrators to identify all devices on a network and to detect any unauthorized devices that may be connected. It can also be used to identify the IP address of a device on a network that is not responding to conventional network scanning techniques.

Netdiscover is a command-line tool and has a range of options that allow it to be customized for specific network environments. For example, it can be set to scan a particular subnet or to use a specific network interface. Additionally, Netdiscover can output its results in a range of formats, including CSV and XML, making it easy to integrate with other tools and applications.

Overall, Netdiscover is a useful tool for network administrators who need to identify all devices on a network and detect any unauthorized devices that may be connected. Its ability to output results in a range of formats and its customizable options make it a versatile and valuable addition to any network security toolkit.

Netdiscover is a great tool to scan your local network for locally attached devices. It is installed by default in Kali Linux. However, if you want to use it on a raspberry pi, you need to install it. You can do this as follows:

# apt install netdiscover

In virtualbox I have this setup of network in Kali Linux:

The very use of the tool requires specifying the subnetwork in which we are located. We can check it like this:

# ifconfig

In this case, we can scan network 192.168.1.0/24, so in netdiscover we can use:

# netdiscover -r 192.168.1.0/24

The screen will show the network scanner:

Netdiscover also gives you the option to direct the result to a file, in this case it refreshes the scan every 2 seconds:

# netdiscover -r 192.168.1.0/24 -s 2 -P >> /tmp/file

Now we can also use nslookup to get hostname:

$ cat /tmp/file | grep '192\.' | grep -v Screen | cut -c1-14 | sort -u | nslookup | grep name | cut -f 2 | cut -c8-

Also we can use nmap:

# nmap `cat /tmp/file | grep '192\.' | grep -v Screen | cut -c2-34 | sort -u | awk '{ print $1 }' | tr '\n' ' '`

You can use more parameters in nmap for more information, however this will significantly increase the scan time. Still, sometimes it’s worth the wait.

Artykuł Netdiscover great tool for scaning and watching local network pochodzi z serwisu soban.

Sometimes we need to check the certificate issuance date. Nmap and curl are a very good tool for this.
Both of these tools allow for advanced analysis of the SSL connection. Let’s try to check the certificate date with nmap:

$ nmap -p 443 --script ssl-cert soban.pl

To be more precise, let’s leave the date and time alone:

$ nmap -p 443 --script ssl-cert soban.pl | grep after | awk '{ print $5 }'

Here is the result:

In my experience nmap is a very good tool – however curl is much faster, to use it, do the following:

$ curl -X GET -i 'https://google.com' | grep -i 'date:' | grep GMT

This is the effect:

It is worth getting acquainted with both tools. Besides checking the date of the certificate, they offer a number of other possibilities.

Artykuł Checking SSL certyfikat date using nmap and curl pochodzi z serwisu soban.

In this example we are working on Debian 11 (Bullseye). First, let’s confirm the system version:

# cat /etc/issue
Debian GNU/Linux 11 \n \l

Nmap is one of the most powerful network scanning tools available on Linux. It allows you to scan open ports, detect running services, identify software versions and analyze supported SSL/TLS protocols and cipher suites.

Installation on Debian 11 is simple:

# apt install nmap

After installation, we can test a remote HTTPS server. For example:

# nmap -sV --script ssl-enum-ciphers -p 443 google.com

The -sV option enables service version detection and --script ssl-enum-ciphers checks supported TLS versions and encryption ciphers. This allows you to verify which TLS versions are enabled (TLS 1.0, 1.1, 1.2, 1.3), whether weak ciphers like 3DES are supported and if potential cryptographic vulnerabilities exist.

Nmap is slower than tools like sslscan, but the level of detail is very good and useful especially for internal infrastructure testing.

TLS 1.0:

TLS 1.1:

TLS 1.2:

The most important thing when analyzing SSL/TLS configuration is checking for weak or vulnerable ciphers. For example, if you see: “64-bit block cipher 3DES vulnerable to SWEET32 attack”, it means the server still supports 3DES, which is vulnerable to the SWEET32 attack. In production environments such ciphers should be disabled.

If you are testing a public website, you can also use https://www.ssllabs.com/ssltest/. However, for internal servers, staging environments or private infrastructure, using Nmap directly from your Debian system is often the best solution. Regular SSL/TLS scanning helps keep your infrastructure secure and ensures that outdated protocols and weak encryption methods are eliminated.

Artykuł nmap scaning ciphers and ssl pochodzi z serwisu soban.