trueNetLab logo
SW
Zana za usalama kwa wahandisi wa mitandao

Zana za usalama kwa wahandisi wa mitandao

5 min read
Network Security

Jedwali la yaliyomo

Ukiwa mhandisi wa mitandao au admin kwa muda, majina kama Nmap, Wireshark, tcpdump, Nessus, Greenbone, Burp Suite, Shodan, Suricata, Snort, Kali Linux, Metasploit, Hashcat na Cobalt Strike hurudi mara kwa mara.

Zana ya usalama si moja kwa moja zana ya hacker. Kinachoamua ni ruhusa, lengo, mfumo unaopimwa, nyaraka na sababu ya matumizi.

Zana haiwi salama au hatari kwa jina lake, bali kwa muktadha wa matumizi yake.

Mifano yote hapa ni kwa mifumo yako, lab, staging au majaribio yaliyoidhinishwa. Mifano ya usakinishaji inalenga Linux yenye apt.

Mazingira sahihi ya kazi

Kwa uchambuzi wa mtandao wa kitaalamu, siitumii kompyuta ya kila siku. Bora ni mashine ya Linux iliyotengwa, VM tofauti, snapshots, lab iliyotengwa na data ya mteja iliyolindwa.

  • Mashine ya kila siku: mawasiliano, nyaraka, tickets na password manager.
  • Mashine ya uchambuzi ya Linux: diski zilizosimbwa, packet capture, uchunguzi wa mtandao, lab na RAM ya VM kadhaa.
  • VM za usalama: Kali/Parrot kwa red team/AppSec, Debian/Ubuntu kwa admin na blue team.
  • Vifaa vya mtandao: USB Ethernet, switch managed, VLAN na mirror/SPAN.
  • Vifaa vya Wi-Fi: adapter USB Wi-Fi yenye monitor mode na packet injection kwa majaribio yaliyoidhinishwa tu.
  • Lab iliyotengwa: malengo ya majaribio na folda tofauti za miradi.
  • Mazingira ya mteja: kwa idhini, scope, muda na mtu wa mawasiliano.

Tenganisha tabaka kwanza

Tool hufanya kazi moja. Framework huleta modules. Platform huunganisha data na ripoti. Distribution ni mfumo wa kazi. Concept kama SIEM au IDS/IPS ni aina ya suluhisho.

Visibility: msingi

Nmap

sudo apt install nmap
nmap -sV scanme.nmap.org
nmap -Pn -p 22,80,443 scanme.nmap.org
mkdir -p scans
nmap -sV -oA scans/scanme-baseline scanme.nmap.org
nmap -sV 192.168.1.0/24

tcpdump

sudo apt install tcpdump
sudo tcpdump -D
sudo tcpdump -i eth0 -nn port 53
sudo tcpdump -i eth0 -nn host 192.0.2.10
sudo tcpdump -i eth0 -nn -w debug.pcap

Wireshark

sudo apt install wireshark

Wireshark husaidia kuelewa DNS, TLS, TCP, VoIP, SMB, LDAP na faili za pcap.

Shodan

Shodan huonyesha mifumo iliyo wazi kwenye Internet kutoka nje.

Censys

Censys husaidia kulinganisha hosts na certificates za umma na inventory ya ndani.

Maltego

Maltego huonyesha uhusiano wa OSINT kati ya domains, IP, watu, mashirika na miundombinu.

theHarvester

theHarvester -d example.com -b crtsh

Recon-ng

Recon-ng ni framework ya OSINT.

Amass

amass enum -passive -d example.com

OSINT Framework

OSINT Framework ni mkusanyiko wa vyanzo vya OSINT.

Gobuster

sudo apt install gobuster
gobuster dir -u https://staging.example.test -w wordlists/small.txt
gobuster vhost -u https://example.test -w wordlists/vhosts.txt

Udhaifu na hardening

CVSS, EPSS na CISA KEV husaidia kupanga vipaumbele vya hatari.

Greenbone / OpenVAS

Greenbone/OpenVAS ni stack ya vulnerability scanning.

Nessus

Nessus ni scanner ya kibiashara kutoka Tenable.

Lynis

sudo apt install lynis
sudo lynis audit system

HCL AppScan

HCL AppScan hutumika kwenye AppSec na DevSecOps.

InsightVM / Nexpose

InsightVM/Nexpose husaidia kupanga hatari.

Retina

Retina ni zaidi legacy.

Web Application Security

Burp Suite

Burp Suite ni proxy muhimu kwa majaribio ya web yaliyoidhinishwa.

ZAP

ZAP ni scanner/proxy ya web ya bure.

Nikto

sudo apt install nikto
nikto -host https://staging.example.test

WPScan

wpscan --url https://wp-staging.example.test

SQLMap

SQLMap ni nyeti sana kwa mifano ya umma ya kiutendaji.

AppSpider

AppSpider ni DAST ya Rapid7.

Nywila na uthibitishaji

John the Ripper

sudo apt install john
john --wordlist=policy-test.txt hashes.txt
john --show hashes.txt

Hashcat

sudo apt install hashcat
hashcat -m 0 hashes.txt policy-test.txt

Ophcrack

Ophcrack ni ya kihistoria zaidi.

Hydra / THC-Hydra

Hydra hujaribu logins online na inahitaji scope wazi.

Medusa

Medusa ni sawa na Hydra.

Cain & Abel

Cain & Abel ni zana ya zamani ya Windows.

Wireless Security

Aircrack-ng

sudo apt install aircrack-ng

Wifite

Wifite hu-automate ukaguzi wa Wi-Fi.

Kismet

Kismet ni kwa monitoring ya Wi-Fi.

AirSnort

AirSnort ni historia ya WEP.

NetStumbler

NetStumbler ni legacy.

Reaver

Reaver inaonyesha hatari za WPS.

Blue team, monitoring na detection

SIEM

SIEM hukusanya, kurekebisha, kuunganisha na kutoa alerts kutoka logs.

Splunk

Splunk ni platform ya data inayotumika sana kwenye security.

Elastic Stack

Elastic Stack hutoa logs, search na dashboards.

IDS/IPS

IDS hugundua; IPS inaweza kuzuia.

Suricata

sudo apt install suricata
mkdir -p suricata-logs
suricata -r sample.pcap -k none -l ./suricata-logs

Snort

snort -r sample.pcap
snort -c /usr/local/etc/snort/snort.lua -r sample.pcap -A alert_fast
snort -R local.rules -r sample.pcap -A alert_fast

Zeek

zeek -r sample.pcap
ls *.log

NetFlow / IPFIX

NetFlow/IPFIX ni metadata ya flow.

Full Packet Capture

Full Packet Capture huhifadhi traffic yote.

OSSEC

OSSEC ni IDS ya host.

Maelezo mafupi: OSCO, OSSEC au OSSIM?

OSCO si jina lililozoeleka hapa; angalia OSSEC au OSSIM.

Forensics na incident response

The Sleuth Kit

sudo apt install sleuthkit

Autopsy

Autopsy ni platform ya forensic.

Volatility

vol -f memory.raw windows.info
vol -f memory.raw windows.pslist

Guymager

Guymager hutengeneza images za forensic.

Foremost

sudo apt install foremost
foremost -i disk-image.raw -o recovered-files

Binwalk

sudo apt install binwalk
binwalk firmware.bin
binwalk -e firmware.bin

Red team na dual-use yenye hatari kubwa

Metasploit Framework

msfconsole

ExploitDB

ExploitDB husaidia kupanga hatari.

Core Impact

Core Impact ni platform ya pentest.

Cobalt Strike

Cobalt Strike ni kwa mazoezi yaliyoidhinishwa na leseni.

GoPhish

GoPhish ni kwa simulation ya phishing.

HiddenEye

HiddenEye iko karibu na matumizi mabaya.

SocialFish

SocialFish ni sawa.

EvilURL

EvilURL inahusu domains zinazofanana.

Evilginx

Evilginx inaonyesha mipaka ya MFA ya kawaida.

Distributions kama mazingira ya kazi

Kali Linux

Kali ni distribution ya security.

Parrot OS

Parrot OS ni distribution ya security/privacy.

Security Onion

Security Onion inalenga NSM, threat hunting, logs na incident response.

Ningechukua nini kama mhandisi wa mtandao

Visibility: Nmap, tcpdump, Wireshark.

External surface: Shodan, Censys, Amass, theHarvester.

Hardening: Lynis, Greenbone/OpenVAS, Nessus.

Web: Burp Suite, ZAP, Nikto, WPScan.

Detection: Suricata, Snort, OSSEC, SIEM.

NSM: Zeek, Security Onion, NetFlow/IPFIX, Full Packet Capture.

Forensics: Autopsy, The Sleuth Kit, Volatility, Guymager, Foremost, Binwalk.

Red team: Metasploit, Cobalt Strike, Core Impact, SQLMap, GoPhish, Evilginx tu kwa mandate na scope.

Hitimisho

Toolkit bora si ndefu zaidi, bali ile ambayo unajua kwa nini kila zana ipo.

Tutaonana tena,
Joe

Machapisho yanayohusiana

Shadowsocks na Xray: VPN inapozuiwa

Shadowsocks na Xray: VPN inapozuiwa

Sophos Connect: kwa nini admins hawapaswi kufukuza blog posts

Sophos Connect: kwa nini admins hawapaswi kufukuza blog posts

Patchday katika enzi ya AI: kasi inaongezeka

Patchday katika enzi ya AI: kasi inaongezeka

Tafuta