Discover the Power of Nmap Scanning and Enumeration Techniques to Strengthen Your Network Defense
What is Nmap?
Nmap stands for Network Mapped (Nmap) and is a network scanning and host detection tool that is very useful during several steps of penetration testing.
Nmap is open source and can be used to:
Detect the live host on the network (host discovery)
Detect the open ports on the host (port discovery or enumeration)
Detect the software and the version to the respective port (service discovery)
Detect the operating system, hardware address, and the software version
Detect the vulnerability and security holes (Nmap scripts)
Nmap Syntax:
nmap [scan type] [options] [target specification]
Nmap Scan types:
- TCP SCAN
- UDP SCAN
- SYN SCAN
- ACK SCAN
- FIN SCAN
- NULL SCAN
- XMAS SCAN
- RPC SCAN
- IDLE SCAN
Before delving into advanced Nmap concepts, let’s first explore the fundamentals of NSlookup. NSlookup is a command-line tool used to query DNS servers and retrieve information about domain names. To illustrate, consider the following example:
NSlookup is a command-line tool for querying DNS servers to retrieve information about domain names, such as their associated IP addresses.
Example: To find the IP address of a domain, you can use NSlookup like this:
nslookup google.com
O/P
Following our exploration of NSlookup, we’ll now transition to Nmap, an advanced network scanning tool. We’ll begin by discussing Nmap’s core concepts and provide an example to illustrate its functionality.
Nmap — Advanced Scanning (Best practices)
1. Scanning and Logging Network Data with Nmap
In the provided Nmap command, several options and parameters are used to perform a network scan and save the results:
- nmap: This is the command itself, invoking the Nmap tool.
- -oG -: This option instructs Nmap to generate output in the "grepable" format and sends it to the standard output (stdout).
- 192.168.29.238: This is the target IP address (or hostname) you want to scan. Nmap will perform its scanning and testing on this target.
- -vv: The -v option stands for "verbose." Using it twice (-vv) increases the verbosity level, providing more detailed information during the scan.
- > Desktop/results: The > symbol is used to redirect the output of the Nmap command to a file named "results" on the desktop. This will create a file containing the scan results in the current user's Desktop directory.
nmap -oG - <ip> -vv > Desktop/results
O/P
2. Scanning Particular with Nmap
This Nmap command is designed to perform an extensive network scan targeting a range of IP addresses and specifically focusing on particular port services:
- nmap: This is the Nmap command to initiate network scanning.
- -oG -: The -oG option instructs Nmap to generate output in the "grepable" format, while the hyphen - indicates that the output should be sent to the standard output (stdout).
- 192.168.29.0-255: This specifies a range of IP addresses from 192.168.29.0 to 192.168.29.255. The scan will be conducted on all IP addresses within this range.
- -p 22: The -p option is used to specify the port number to scan, and in this case, it's set to 22. Port 22 is the default port for SSH (Secure Shell), a protocol used for secure remote access to system.
- -vv: The -v option is for "verbose" mode, and using it twice (-vv) increases the verbosity, providing detailed information during the scan.
- > Desktop/results: The > symbol is used to redirect the output of the Nmap command to a file named "results" on the desktop.
nmap -oG - <ip>-<range> -p 22 -vv > Desktop/results
O/P
Nmap — Aggressive Scanning
- This Nmap command performs an “Aggressive” scan on the target “scanme.nmap.org.” The -A option in the command instructs Nmap to enable version detection, script scanning, and traceroute to provide a more detailed and comprehensive assessment of the target system. "scanme.nmap.org" is a service provided by Nmap that allows users to test their Nmap scanning skills on a safe and controlled target. The result of this scan will include information about open ports, services, operating system details, and potential vulnerabilities, making it an extensive reconnaissance effort.
nmap -A scanme.nmap.org
-A (aggressive scan)
2. The Nmap below command is used to perform a version detection scan on the target "scanme.nmap.org." Here's an explanation of the command:
- -sV: The -sV option is used to enable version detection during the scan. When this option is included, Nmap attempts to determine the version of the services running on the target by analyzing their responses to various probes. This can help identify not only the service but also the specific version of the service (e.g., Apache 2.4.7).
nmap -sV scanme.nmap.org
-sV (Services)
3. The Nmap below command is used to perform a fast scan on the target "scanme.nmap.org." Here's an explanation of the command:
- -F: The -F option is a shorthand for the "fast" scan mode. When you use this option, Nmap performs a quick scan focused on identifying the most common open ports and their associated services. This is also known as a "fast scan" or a "top 1000 ports" scan, and it's designed to be less time-consuming than a comprehensive scan.
nmap -F scanme.nmap.org
-F (fast mode)
- The Nmap below command is used to scan the target "www.google.com" while displaying only the open ports. Here's an explanation of the command:
- --open: The --open option instructs Nmap to display only the open ports and services discovered during the scan. This means that it will filter out closed or filtered ports from the scan results, providing a concise list of the open ports that are actively accepting connections.
- www.google.com: This is the target hostname or domain name, in this case, "www.google.com." The scan is performed on Google's web servers.
nmap --open www.google.com
— open (shows open ports)
Top comments (0)