Privacy v/s Anonymity


Anonymity and Privacy are not the same things but often they are confused with each other. Having privacy does not mean you have anonymity too and vice versa. 

Privacy

  • Google defines privacy as a state in which one is not observed or disturbed by other people or the state of being free from public attention.
  • It is about the content (messages, data, and etc.).
  • It is about maintaining the confidentiality and keeping secrets.
  • Encrypted data means you have privacy.
  • For example, people around you do not know what you do at home but knows you are at home.

Anonymity

  • Wikipedia defines anonymity as situations where the acting person's identity is unknown.
  • Means non-attribution to your actions. 
  • To be nameless or faceless.
  • For example, you connect to the internet using TOR and post something. Your identity is anonymous but everyone can read what you post. Thus, the message is not private.
  • Pseudo Anonymity is when a person with a fake identity follow by others. Like Marshmellow (the singer) or Satoshi Nakamoto (person who developed BitCoin)

You might also interested in TOR Networks

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Anonymity and Privacy are not the same things but often they are confused with each other. Having privacy does not mean you have ...

RustScan - Scripting Engine


RustScan is extensible by the RustScan Scripting Engine. This allows you to write a script that runs after the scan has completed, taking inputs of open ports and their respective IPs.

No Scripts

No scripts will be run like no custom RustScan script neither Nmap Scan
rustscan --script none

Custom Scripts

Custom Scripts runs after the program is done with scanning. RSE supports these languages:

  • Python
  • Shell
  • Perl
  • Any program which is binary and in $PATH
Script Engine Argument. There are 3 possibilities:
  • None
  • Custom
  • Default
RustScan’s Scripting Engine can be altered using the “ --scripts” argument.

To execute a custom script, we need a rustscan_scripts.toml file located at $HOME/.rustscan_scripts.toml.

The script file contents:

# Test/Example ScriptConfig file

# Tags to filter on scripts.
# Only scripts containing all these tags will run.
tags = ["core_approved", "example"]
# If it's present then only those scripts will run
# which has tag ports = "80".
# Not yet implemented.
# ex.:
# ports = ["80"]
# ports = ["80","81","8080"]
ports = ["80"]
# Only this developer(s) scripts to run.
# Not yet implemented.
developer = ["example"]

Python Script Example

# !/usr/bin/python3
# tags = ["core_approved", "example",]
# developer = [ "example", "https://example.org" ]
# trigger_port = "80"
# call_format = "python3 {{script}} {{ip}} {{port}}"

# Scriptfile parser stops at the first blank
# line with parsing.
# This script will run itself as an argument with
# the system installed python interpreter,
# only scanning port 80.
# Unused filed: ports_separator = ","
import sys
print('Python script ran with arguments', str(sys.argv))
  • Tags: Tags are categories of scripts. Only run scripts that match these categories.
  • Developer: Name of the developer/creator of the scripts.
  • Trigger State: what point the script should trigger.

Now everything after this metadata is the code itself. The script will receive arguments via sys.argv in the format specified in the call_format variable. Now with this data, we run the script, doing whatever we please!

To get your hands-on, Practice TryHackMe's RustScan Room

RustScan is still a good tool. It’s especially useful for local environments where you need extra speed on your scans like in CTFs. But if you need more complex configurations, such as changing the technique used to discover ports or to work on different protocols such as UDP, it might be better to the familiar, Nmap.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

RustScan is extensible by the RustScan Scripting Engine . This allows you to write a script that runs after the scan has complet...

Sublist3r - Subdomains Enumerator

Sublist3r is a python-based tool that is used to enumerate subdomains of a website. It helps penetration testers and bug hunters to find various subdomains for which they can find vulnerabilities. Sublist3r searches various subdomains using Google, Yahoo, Bing, Baidu, and Ask. It also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. 

The Repository is available on Github - https://github.com/aboul3la/Sublist3r


  •  Clone the repository in Linux using the git command. 
Cloning the repository
  • Re-direct into the folder which was just created. It will have files as shown below.
Files in Sublist3r
  • Before running the tool we need to install all the python modules required by the tool. To do that, run command - pip install -r requirements.txt
Install packages
  • Once the installation is finished. You can run the tool using python. Command - python3 sublist3r.py
Run Sublist3r
It shows you need to run the command with the -d option and a domain name or else use the help command.
  • For example, if you want to look for a subdomain for google.com. The command is - python3 sublist3r.py -d google.com
Finding Subdomains for google.com
The tool is able to find various subdomains of google.com, using this, pentesters and bug hunters can find vulnerabilities under a subdomain.
  • Also, some other flags like -d worth mentioning from the help command. To see other flags type - python3 sublist3r.py -h.
Help option
  • -t: command can be used to start a number of threads to make the process faster, python3 sublist3r.py -d google.com -t 50 ( means send 50 requests at a time)
  • -o: command can be used to save the output given by Sublist3r in a text file, python3 sublist3r.py -d google.com -o output.txt, here output.txt is a file where the output will save.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Sublist3r is a python-based tool that is used to enumerate subdomains of a website. It helps penetration testers and bug hunters t...

RustScan - Explained

As you all know the first thing that we all do after getting our hands-on with the IP address is scanning and the first tool that comes to mind is Nmap. A great and awesome tool but there is the main problem with this tool it’s tooooooo slow.


A full port scan take can up to 20–30 minutes, and after Nmap then comes the  Masscan, a fast tool that can scan any target so easily and can be so fast. We have seen people, starting with a Masscan and then use that result for Nmap scan but still, you have to do the manual work of starting a Nmap. That’s where RustScan is so useful. 

RustScan scan (Full port scan) — 39 seconds
nmap scan — 17 minute +

It's a lifesaver, most of us hate waiting for Nmap output results but this tool is a beast. However, apart from the long waiting time for output. Nmap is better than every tool out there for the port scan.

A comparison by the author of the tool

Installation Guide

Nmap is Required. If you do not have Nmap installed, follow the installation guideRustScan has many possibilities and options to choose from. It can be installed on Docker, on Kali Linux/Debian machine, and many more. Follow the installation guide of RustScan to install on the platform of your choice. 

Usage

rustscan -a <IP>
Normally after rustscan finishes the scan, it starts a Nmap scan against the target by specifying the flag -vvv (maximum verbosity) by default.


RustScan is faster, why?

  • Low-level kernel networking.
  • Written in a fast language (Rust)
  • Asynchronous scanning.
RustScan conducts a preliminary scan using its own internal discovery technique: it creates sockets against its targets and waits for their responses. In nutshell, RustScan uses a full TCP 3-way handshake connection via the built-in Rust sockets module.

Once this first scanning stage is completed it executes Nmap with the specific flags, by default, which aims to discover the targets’ operating systems.

RustScan is still a good tool. It’s especially useful for local environments where you need extra speed on your scans like in CTFs. But if you need more complex configurations, such as changing the technique used to discover ports or to work on different protocols such as UDP, it might be better to the familiar, Nmap.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

As you all know the first thing that we all do after getting our hands-on with the IP address is scanning and the first tool that comes...

RustScan - Basic Commands


A full port scan take can up to 20–30 minutes, and after Nmap then comes the  Masscan, a fast tool that can scan any target so easily and can be so fast. We have seen people, starting with a Masscan and then use that result for a Nmap scan but still, you have to do the manual work of starting a Nmap. That’s where RustScan is so useful. 

Basic Syntax

rustscan -a <IP>

Normally, after rustscan finishes the scan it starts a Nmap scan against the target by specifying the flag -vvv (maximum verbosity) by default. But many of you may want to run other flags. In our case we want to run -sC and -sV also -T4. So rustscan has this feature where you can specify -- flag and then the flags that you want to add as per Nmap. For example.
rustscan -b 600 -a 192.168.1.1 -- -A -sC -sV -T4
  • -b denotes the batch size. Normally, we use 600. It means scan 600 ports/second. You can use a higher value here. To be more fast and accurate, you can try to scan a machine in your private area with 600 batch size. Then. gradually increase the number till 65355. If at any point rustscan stops detecting the open port then that means that is the breaking point of your system. Do not use a batch size greater than that number. This will also give the maximum speed you can use. 
  • -- denotes that after this, all flags need to treated as Nmap flags. Do not parse these commands as RustScan flags this (--) is the end of RustScan flags and the start of Nmap flags.

Nmap Custom Flags

  • RustScan automatically runs nmap -vvv -p $PORTS $IP.
  • To make it run -A, execute the command rustscan 127.0.0.1 -- -A.
  • If you want to runs commands such as --script (vuln and safe). These commands need to be enclosed in quotation marks like --script '"(vuln or safe) or default"'.

Multiple IP Scanning

You can scan multiple IPs using a comma-separated list like so:
rustscan -a 127.0.0.1,0.0.0.0

Host Scanning

RustScan can also scan hosts, like so:
rustscan -a www.google.com,127.0.0.1

CIDR support

RustScan supports CIDR(Classless inter-domain routing):
rustscan -a 192.168.0.0/30

Hosts file as input

The file is a new line separated list of IPs / Hosts to scan:

hosts.txt
The argument is:
rustscan -a 'hosts.txt'

Individual Port Scanning

RustScan can scan individual ports, like so:
rustscan -a 127.0.0.1 -p 53

Multiple selected port scanning

You can input a comma-separated list of ports to scan:
rustscan -a 127.0.0.1 -p 53,80,121,65535

Ranges of ports

To scan a range of ports:
rustscan -a 127.0.0.1 --range 1-1000

Adjusting the Nmap arguments

RustScan, at the moment, runs Nmap by default. You can adjust the arguments like so:
rustscan -a 127.0.0.1 -- -A -sC

To run:
nmap -Pn -vvv -p $PORTS -A -sC 127.0.0.1

Random Port Ordering

If you want to scan ports in a random order (which will help with not setting off firewalls) run RustScan like this:
rustscan -a 127.0.0.1 --range 1-1000 --scan-order "Random"

Additional Features

This program, by default, scans 3000 ports at a time (3000 per second). So make sure you are not targeting real websites that you don’t own. There are 2 ways to slow down rustscan:
  • Decrease batch size rustscan -b 10 will run 10 port scans for 1 second, and then another 10 for 1 second, and so on.
  • Increase timeout rustscan -T 5000 will mean RustScan waits 5 seconds until it scans the next ports.

To get your hands-on, Practice TryHackMe's RustScan Room

RustScan is still a good tool. It’s especially useful for local environments where you need extra speed on your scans like in CTFs. But if you need more complex configurations, such as changing the technique used to discover ports or to work on different protocols such as UDP, it might be better to the familiar, Nmap.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

A full port scan take can up to 20–30 minutes, and after Nmap then comes the   Masscan , a fast tool that can scan any target so ...