Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 71 views

    By Gopalsamy Rajendran

    Uploaded by

    rmknec
    This document summarizes Nmap, a network scanning tool. It discusses what Nmap is used for including host discovery, port scanning, and OS detection. It also describes various scanning techniques like SYN scans, UDP scans, and version detection. Finally, it covers timing and output options in Nmap like scan speed, output formats, and XML output.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    By Gopalsamy Rajendran

    Uploaded by

    rmknec
    71 views19 pages
    This document summarizes Nmap, a network scanning tool. It discusses what Nmap is used for including host discovery, port scanning, and OS detection. It also describes various scanning techniques like SYN scans, UDP scans, and version detection. Finally, it covers timing and output options in Nmap like scan speed, output formats, and XML output.

    Original Title

    NMap

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document summarizes Nmap, a network scanning tool. It discusses what Nmap is used for including host discovery, port scanning, and OS detection. It also describes various scanning techniques like SYN scans, UDP scans, and version detection. Finally, it covers timing and output options in Nmap like scan speed, output formats, and XML output.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    71 views19 pages

    By Gopalsamy Rajendran

    Uploaded by

    rmknec
    This document summarizes Nmap, a network scanning tool. It discusses what Nmap is used for including host discovery, port scanning, and OS detection. It also describes various scanning techniques like SYN scans, UDP scans, and version detection. Finally, it covers timing and output options in Nmap like scan speed, output formats, and XML output.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 19
    At a glance
    Powered by AI
    The document discusses the basics of Nmap including what it is used for, target specification, host discovery, scanning techniques, version detection, timing and output options.

    Scanning techniques discussed include TCP SYN scan, TCP Connect scan, UDP scan, Ping scan, Service Version Detection, Idle Scan and scans using Xmas, Null and Fin flags.

    SYN, ACK and RST flags are used in full connect scans. SYN flags are used in SYN scans. Fin, Urg and Push flags are used in Xmas scans. Null flags and Fin flags are also discussed. No reply indicates an open port while reply with RST indicates a closed port.

    INTRODUCTION

    TO NMAP
    By
    Gopalsamy Rajendran
    $ uname -a

    Security Analyst @ Securight Technologies Pvt Ltd


    Owasp Cuddalore Chapter Leader
    Volunteer @ Kerala Cyberdome
    Youtuber | Blogger | Technical Speaker
    Certified EC-Council Security Analyst
    Proud Civil Engineer ( Since 2018 )
    $ cat Context.txt

    What is Nmap?
    Target Specification
    Host Discovery
    Scanning Techniques
    Version Detection
    Timing and scan speed
    Output
    NSE ( Nmap Scripting Engine )
    What is Nmap ?

    Network mapper
    Network Discovering Tool
    Identify Live hosts in the network.
    Open Ports, Service version Detection and OS Detection.
    Vulnerabilities Discovery
    Target Specification:
    -iL Include List of IP
    --exclude Port Range scan
    --excludefile Exclude list of IP

    Host Discovery:
    -sL Include List of IP to scan
    -sP Ping Scan

    Other efficient way of host discovery is arp-scan


    Port Specification:
    -p Particular port scan
    -p 22-200 Port Range scan
    -p- Scan all ports
    -F Scan 100 Ports
    --top-ports Scan top ports
    -p-65535 Scan from 1 and ends at 65535
    Commands:
    nmap -A -p 22 <target>
    nmap -A -p 22-445 <target>
    nmap -A -p- <target>
    nmap -F <target> 
    nmap --top-ports <target>
    nmap -p-65535 <target>
    Various Scanning Techniques:

    TCP SYN Scan (-sS)


    TCP Connect Scan (-sT)
    UDP Scan (-sU)
    Ping Scan (-sP)
    Service Version Detection (-sV)
    Idle Scan (-sI)
    Xmas, Null, Fin ( -sX, -sN, -sF )
    Flags explanation:

    SYN  - Synchronize
    ACK  - Acknowledge
    RST - Reset
    FIN  - Final 
    NULL - Nothing
    TCP Connect Scan (-sT)
    Full Open scan
    Establish connection to the target
    Uses three way handshake ( syn,ack,rst )
    High chance of getting logged
    Find only TCP port not UDP
    Command: nmap -sT <target>

    Port open Port close


    TCP SYN Scan (-sS)
    Half-Open scanning
    Sends SYN packets to the target
    Won't create a session
    Less possibility of getting logged
    Fast and reliable
    Command: nmap -sS <target>

    Port open Port close


    UDP Scan (-sU)
    Slow scanning
    Find only UDP Port
    Don't forget to run UDP scan on the given target

    Command: nmap -sU <target>

    Port Reachable

    Port open Port close


    Xmas Scan (-sX)
    Sends Fin/Urg/Push flag
    No reply - open
    Reply with RST - Closed

    Command: nmap -sX <target>

    Port open Port close


    Null Scan (-sN)
    No flags will be sent
    No reply - open
    Reply - Closed

    Command: nmap -sN <target>

    Port open Port close


    Fin Scan (-sF)
    Fin flags will be sent
    No reply - open
    Reply - Closed
    Command: nmap -sF <target>

    Port open Port close


    Service Version Scan (-sV)
    Used to find services version
    Details about the services

    Command: nmap -sV <target>

    Idle Scan (-sI)

    Use another System to scan the target

    Command: nmap -sI <target>


    Timing Scan (-T)
    T0 - Paranoid 
    T1 - Sneaky 
    T2 - Polite
    T3 - Normal
    T4 - Aggressive
    T5 - Insane
    Command: nmap -sV -A -T3 <target>
    Output (-O)
    oN - Normal Output
    oX - XML Output 
    oA - All formats
    --open - Shows only open ports
    ndiff - Shows difference b/w two files

    Commands:
    nmap -A -oN <target>
    nmap -A -oX <target>
    nmap -A -oA <target>
    nmap -A <target> --open
    ndiff result.xml result2.xml
    Doubts ??
    @hackison @hackison.official
    @infosectamil info@hackison.com @infosectamil

    You might also like