Network Vulnerability Scanning

Nessus

Deploy Nessus as a Docker Image

docker run --name "nessus" -d -p 8834:8834 tenableofficial/nessus

Ask for an activation code: https://es-la.tenable.com/products/nessus/activation-code

Update

sudo docker exec -it [container_id_or_name] sudo /opt/nessus/sbin/nessuscli update

---

DNS Amplification

A DNS amplification attack is a popular form of DDoS that relies on the use of publicly accessible Open DNS resolvers — DNS resolvers are DNS servers that can serve to anyone’s DNS request for e.g. Google’s DNS server 8.8.8.8 is one of the publicly available DNS resolvers that translates domain name to an IP address — to overwhelm a victim system with DNS response traffic. Launching a DNS amplification attack isn’t that difficult, as it relies on UDP, which doesn’t have handshake mechanism like TCP, so the source IP verification step is skipped, and the reason it’s called an amplification attack is because the attacker only needs a small fraction of bandwidth to choke the bandwidth of the victim.

Interesting articles:

• https://medium.com/@vasiqmz/dns-amplification-ddos-attack-d4957b45bc66

• https://isc.sans.edu/diary/Testing+for+DNS+recursion+and+avoiding+being+part+of+DNS+amplification+attacks/20567

Nmap

 nmap -sU -p53 --script=dns-recursion -iL <DOMAIN_LIST> -oA dns-recursion -v2 -Pn

dns_amplification_scanner

Clone the repository

git clone https://github.com/pcastagnaro/dns_amplification_scanner/
cd dns_amplification_scanner

Create a Virtual Environment

python3 -m venv myenv; source myenv/bin/activate

Install Dependancies

pip install colorama

Run the Script

python dns_amplification_scanner.py <DNS> --domains <DOMAIN_LIST> --type ANY 

Example

python dns_amplification_scanner.py 8.8.8.8 --domains domains.txt --type ANY