1
00:00:00,120 --> 00:00:07,530
So I want to show you some additional scanning tools that we can use especially other opportunities

2
00:00:07,530 --> 00:00:11,450
and options you might have out there that you might like more.

3
00:00:11,610 --> 00:00:16,110
And I'm going to show you a tool in this video called mass scan.

4
00:00:16,110 --> 00:00:18,530
We'll show how to scan with medicinally.

5
00:00:18,570 --> 00:00:24,210
And then last couple of videos will be on Nexus and I think nexus is super important to show because

6
00:00:24,210 --> 00:00:26,750
it is a tool you will use in your career.

7
00:00:26,880 --> 00:00:29,610
And it's a must have in terms of knowledge.

8
00:00:29,670 --> 00:00:35,250
So we're going to be using a tool called mass scan a mass scan was actually built to scan the entire

9
00:00:35,250 --> 00:00:37,180
Internet really fast.

10
00:00:37,410 --> 00:00:39,570
So it's a really fast port scanner.

11
00:00:39,690 --> 00:00:41,370
And if you want to read about it.

12
00:00:41,520 --> 00:00:41,970
Robert.

13
00:00:41,970 --> 00:00:45,420
David Graham here at get hub has mass scan.

14
00:00:45,420 --> 00:00:50,370
You're more than welcome to come through here and look at the usage and different syntax and even how

15
00:00:50,370 --> 00:00:51,920
to scan the entire Internet.

16
00:00:52,020 --> 00:00:56,340
Though I do not recommend this because you will have people knocking at your door pretty quick.

17
00:00:56,550 --> 00:00:58,290
So let's minimize this.

18
00:00:58,290 --> 00:01:02,430
And I will make this an attachment as a resource in case you're interested or you could just google

19
00:01:03,150 --> 00:01:04,520
Robert David Graham.

20
00:01:04,650 --> 00:01:10,370
So mass skin is actually built in you to start typing mass scan and then you hit tab.

21
00:01:10,380 --> 00:01:16,010
And what we're going to do is we're going to just do a regular old scan here.

22
00:01:16,050 --> 00:01:19,560
So this scan is going to look something like this.

23
00:01:19,560 --> 00:01:25,470
We're going to save port like this and we're just going to specify one through sixty five five thirty

24
00:01:25,470 --> 00:01:27,840
five OK.

25
00:01:28,040 --> 00:01:32,290
And we can choose a rate of how fast we want to go.

26
00:01:32,330 --> 00:01:37,400
We also need to pick you know what IP we want to scan.

27
00:01:37,400 --> 00:01:45,590
So we're going to go ahead and just scan 1 9 2 1 6 8 5 7 1 thirty nine.

28
00:01:45,810 --> 00:01:46,090
Sorry.

29
00:01:46,120 --> 00:01:47,300
One thirty four.

30
00:01:47,990 --> 00:01:51,830
And we're going to hit enter on this in one second.

31
00:01:51,830 --> 00:01:54,360
First I want to set up and map as well.

32
00:01:54,390 --> 00:01:58,430
Let's do the end map syntax from memory if you can.

33
00:01:58,430 --> 00:02:05,420
So we're going to do T4 again for speed dash P dash and we're going to leave off the dash a.

34
00:02:06,200 --> 00:02:06,680
All right.

35
00:02:06,830 --> 00:02:16,750
And we're just going to say same thing 1 9 2 1 6 8 5 7 dot 1 3 4 and then we're going to run this here

36
00:02:17,200 --> 00:02:23,920
and I'm going to run both at the same time and I just want to do this for the sole purpose of doing

37
00:02:23,950 --> 00:02:28,370
a speed scan and seeing how fast one is compared to the other.

38
00:02:28,450 --> 00:02:32,600
So you can see here too that we have forced options.

39
00:02:32,600 --> 00:02:34,580
We've got the dash little ass big ass.

40
00:02:34,580 --> 00:02:37,940
Now this should look like very familiar syntax right.

41
00:02:37,940 --> 00:02:43,660
This is that stealth scanning room of the stealth scan we go out and we say hey I want to kick to you

42
00:02:43,670 --> 00:02:44,150
sin.

43
00:02:44,150 --> 00:02:48,050
And they say yeah to me Sinek and then we say not just kidding.

44
00:02:48,200 --> 00:02:49,080
Reset.

45
00:02:49,280 --> 00:02:49,490
Right.

46
00:02:49,520 --> 00:02:55,580
So this is what it's doing it's doing this dash P capital P lowercase n if you remember from the end

47
00:02:55,580 --> 00:02:56,150
that video.

48
00:02:56,150 --> 00:03:00,070
This means treat everything as if it is a live.

49
00:03:00,170 --> 00:03:05,900
And then the rest we don't really have to worry about the settings but these are some similar and map

50
00:03:05,960 --> 00:03:07,940
options though not fully.

51
00:03:07,940 --> 00:03:13,400
So we do have to specify the ports here and this is running and you see this one actually finished first.

52
00:03:13,730 --> 00:03:16,940
So in this race and this is something that I want to point out too.

53
00:03:16,970 --> 00:03:22,160
This one's going actually pretty slow and it could be because we're not giving it enough threads so

54
00:03:22,190 --> 00:03:28,970
I'm a control C one more time here and we're gonna try this with something like dash dash rate of 1000

55
00:03:28,990 --> 00:03:32,310
thousand and see how much faster it goes.

56
00:03:32,690 --> 00:03:36,030
And you can see now the time is significantly less.

57
00:03:36,230 --> 00:03:42,770
So the rate is important and the nice thing about it too is typically when it finds a port it tells

58
00:03:42,770 --> 00:03:45,250
you about it see if out of port it tells you about it.

59
00:03:45,260 --> 00:03:51,500
So a lot of people like to run mass scan for the purpose of running it and getting quick results because

60
00:03:51,500 --> 00:03:54,320
now they can say hey four four threes open.

61
00:03:54,350 --> 00:03:58,430
I'm going to go out there and I'm going to go try to look at it while the rest of these results are

62
00:03:58,430 --> 00:04:04,210
coming through and it's finding 30 to 768 which didn't even know is open.

63
00:04:04,340 --> 00:04:05,220
But anyway.

64
00:04:05,800 --> 00:04:11,960
So OK we've got thirty two seven sixty eight which didn't show the first time did show the first time

65
00:04:11,960 --> 00:04:13,510
actually as RTC.

66
00:04:13,670 --> 00:04:20,060
So we're looking at these results and I want to go back and backtrack just a little bit here.

67
00:04:20,120 --> 00:04:24,650
So remember in the first video where I said we didn't have to do the dash a right away.

68
00:04:24,650 --> 00:04:28,910
This finished in five point six seven seconds which is pretty good.

69
00:04:29,030 --> 00:04:34,610
Sometimes mass gain is faster sometimes Cally is faster and that is faster here.

70
00:04:35,120 --> 00:04:43,220
And we've got one two three four five six ports open now strategy might say that instead of scanning

71
00:04:43,280 --> 00:04:56,930
like this where we say dash a 1 9 2 1 6 8 5 7 1 thirty four instead we say let's scan like this and

72
00:04:56,930 --> 00:05:09,960
then when we find out what we have we could say 20 to 80 111 130 9 4 4 3 and this 3 2 768 and then run

73
00:05:09,960 --> 00:05:16,140
that and instead of going out to every port trying to make that connection scanning with all we're only

74
00:05:16,140 --> 00:05:23,850
going to scan the ports that come back and this tiered scanning or this phased or stage scanning is

75
00:05:23,880 --> 00:05:25,260
a lot faster.

76
00:05:25,260 --> 00:05:29,970
Now again I've told you my preference my preference is just to add the dash and let it fly and then

77
00:05:29,970 --> 00:05:35,580
I'll go do other things but scanning but if you're in a competition or you need something to go fast

78
00:05:35,580 --> 00:05:37,910
or you're just like in a time crunch.

79
00:05:37,980 --> 00:05:42,390
This isn't a bad way to do it either you could actually script this out to do this for you.

80
00:05:43,080 --> 00:05:49,350
So again we're still finishing here we've got six seconds left and it's found all the same ports granted

81
00:05:49,410 --> 00:05:53,060
in a different order but it didn't find it as fast.

82
00:05:53,100 --> 00:05:54,690
So your mileage may vary.

83
00:05:54,690 --> 00:05:58,870
I've had times where any map has taken me an hour in Wall and map is going.

84
00:05:58,890 --> 00:06:02,220
I just go out and I say hey mass scan go ahead and scan everything for me.

85
00:06:02,250 --> 00:06:03,620
I want to know what's up.

86
00:06:03,840 --> 00:06:08,790
And in this instance when we're actually scanning against a host inside of our network it's a little

87
00:06:08,790 --> 00:06:10,680
bit quicker a little bit easier.

88
00:06:10,680 --> 00:06:15,690
So this is just an introduction into another tool something to get your self familiarized with with

89
00:06:15,750 --> 00:06:20,710
other options that are out there and we'll look at a couple more options and we'll be on the exploitation.

90
00:06:20,730 --> 00:06:22,140
So I'll see you over in the next video.