Reconnaissance using Nmap Part -1




Reconnaissance using Nmap

 

 What is Nmap ?

  Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

Features :

  • Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
  • Port scanning – Enumerating the open ports on target hosts.
  • Version detection – Interrogating network services on remote devices to determine application name and version number.
  • OS detection – Determining the operating system and hardware characteristics of network devices.
  • Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.


Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.

Typical uses of Nmap:
 

  • Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.
  • Identifying open ports on a target host in preparation for auditing.
  • Network inventory, network mapping, maintenance and asset management.
  • Auditing the security of a network by identifying new servers.
  • Generating traffic to hosts on a network, response analysis and response time measurement.
    Find and exploit vulnerabilities in a network

 

Nmap Examples :

nmap -sP 192.168.1.0/24  - Ping scans the network, listing machines that respond to ping.


 

nmap -p 1-65535 -sV -sS -T4 target

Full TCP port scan using with service version detection - usually my first scan, I find T4 more accurate than T5 and still "pretty quick".





 

nmap -v -sS -A -T4 target
Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services.







nmap -v -sS -A -T5 target
Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services.










 


0 comments:

Post a Comment