CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

OWASP NINJA PingU – Not Just A Ping Utility

Table of Contents

P { margin-bottom: 0.08in; }H2 { margin-bottom: 0.08in; }H2.western { font-family: “Liberation Sans”,sans-serif; font-size: 14pt; font-style: italic; }H2.cjk { font-family: “Droid Sans”; font-size: 14pt; font-style: italic; }H2.ctl { font-family: “FreeSans”; font-size: 14pt; font-style: italic; }

http://www.ehacking.net/2014/06/owasp-ninja-pingu-not-just-ping-utility.html
NINJA-PingU
Is Not Just a Ping Utility is a free open-source high performance
network scanner tool for large scale analysis. It has been designed
with performance as its primary goal and developed as a framework to
allow easy plugin creation. It comes out of the box with a set of
plugins for services analysis embedded devices identification and to
spot backdoors.

How NINJA PingU
Works?


NINJA
PingU takes advantage of raw sockets to reduce the three-way TCP
handshake latency and it’s state. Directly sending IP packets also
avoids the TCP stack overhead.
It
also implements non-blocking networking I/O in the plugin’s interface
by means of epoll. Each component is multithreaded and they have
built-in caches to minimize synchronization points. In addition, the
results persistment operations are buffered to reduce disk writes.

Why NINJA PingU?


It
has been developed to easily allow developers build their custom
plugins. Samples of those can be found in its codebase. NINJA PingU
also integrates gnuplot to automatically plot the analysis results.
In addition, a custom terminator has been embedded for enhanced data
visualization.
NINJA PingU V1.0 is available here.  

Requirements

NINJA PingU comes with all the necessesary dependencies out of the box. The following platform is requiered, though.

- gcc
- Linux box. Will not work neither on *BSD or Windows OS.
- Root Privileges


note: root is required to create raw socket descriptors.

Getting Started

NINJA-PingU currently, only works under Linux and the gcc compiler is required. To get pingu, you can run:

$ cd /tmp; wget https://github.com/OWASP/NINJA-PingU/archive/v1.0.1.tar.gz; tar -xvf v1.0.1.tar.gz; cd NINJA-PingU-1.0.1/; ./npingu.sh

The Makefile will build the binary bin/npingu and the
ninja-pingu plugins located at src/plugin. On the other hand, you can
run the npingu.sh script, which automatically compiles NINJA PingU,
tunes the operating system for enhanced network performance, and
launches a custom terminator terminal for improved user experience.
$ ./npingu.sh

Basic Usage

The following is the NINJA PingU basic usage.

# sudo ./bin/npingu [OPTIONS] targets
  -t Number of sender threads.
  -p Port scan range. For instance, 80 or 20-80.
  -d Delay between packages sent (in usecs).
  -s No service discoverage (less bandwith load, more hosts/time).
  -m Module to run. For instance, Service.
  [targets] Can be a single ip or a range (i.e. 0.0.0.0-255.0.0.0).
  -h Show this help.

Below it is shown some examples.

# ./bin/npingu -t 3 -p 20-80 188.165.1.1-188.255.1.1 -d 10 -m Service
  -Targeted Hosts [188.165.1.1-188.255.1.1]
  -Targeted Port Range [20-80]
  -Threads [3]
  -Delay 10 usec
  -Use the [Service] discoverage Plugin


# ./bin/npingu -t 5 -p 80 -s 74.125.0.0-74.225.1.1 #scan google
  -Targeted Hosts [74.125.0.0-74.225.1.1]
  -Targeted Port [80]
  -Threads [5]
  -synOnly scan (without plugins)

You can run ninja pingu with the -h flag to get the help.

Source
github.com

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Do Hackers Really use Metasploit? NO!

Undoubtedly, Metasploit is one of the most organized, well-developed tools in the pen-testers toolbox. But, do hackers use it? Some of them, but not the

December 20, 2020

Sunset: Dusk VM walkthrough

Sunset: dusk is a vulnerable by design Debian based machine created by whitecrOwz. It is available on https://www.vulnhub.com This machine is ranked as a beginner

February 4, 2020

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training