Difference between revisions of "Nmap"

Nmap (Network Mapper) is a security scanner that can be used to discover hosts and services on a computer or computer network. Includes at least nmap and nping binaries.

Basic nmap commands

• Basic nmap host scan:
  • nmap -nP HOSTNAME_TO_SCAN
  • nmap -nP HOSTNAME_TO_SCAN -p 80,443
  • nmap HOSTNAME_TO_SCAN
• Basic nmap network scan: nmap -sn 192.168.0.* (-sn - ping scan so No/disable port scan)

-sn: Ping scan so disable port scan

• OS detection: nmap -O IP
• -sP TODO

Basic nping commands

nping is packet generation, response analysis and response time measurement available since 2011 and developed by nmap developers

• "TCP ping":
  • nping -c 1 --tcp -p 80,433 google.com^[1]
  • nping -c 3 --tcp -p 443 --flags syn google.com^[2]
• nping -H -tr 8.8.8.8 (-H Hide-sent do not display sent packets, -tr traceroute)

=Banner Grabbing

nmap -sV --version-intensity 5 godaddy.com -p 80

The -sV option lets us fetch the software versions, and by adding –version-intensity 5, we can get the maximum number of possible details about the remote running software.

By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily:

nmap -sV --script=banner IP

Activities

Basic

1. Use nping to execute a "tcp ping": Check TCP connectivity

Advanced

1. Read nmap Changelog: https://nmap.org/changelog.html

See also

• Security tools: Vulnerability scanner, port scan, Host sweep, nmap, nping, ncat, nc, psad, Gordon Lyon
• Wikibooks:Hacking/Tools/Network/Nmap
• ping, nping, arping, fping, gping, hping, mtr, traceroute, tcptraceroute , tracepath, Test-Connection Powershell cmdlet, iperf, Ping (PAN-OS), BWPing, check_ping, ping -M, ios ping, ping -a
• telnet, netcat, nc, nc -l, ncat, socat, ngrok
• Packet analyzer: tcpdump, Wireshark, snoop (Solaris), ngrep, Wireshark, dSniff, netsniff-ng, Corvil, PAN-OS, pcap
• Port knocking, fail2ban^[3] fwknop, DenyHosts
• MASSCAN
• whois, IP address, geoiplookup, ip2location