What is Nmap ?
Nmap (Network Mapper) is a free and open-source security scanner, originally written byGordon Lyon (also known by his pseudonymFyodor Vaskovich), used to discover hostsand services on a computer network, thus building a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host(s) and then analyzes the responses.
Nmap features :
Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
Port scanning – Enumerating the openports on target hosts.
Version detection – Interrogating network services on remote devices to determine application name and version number.
Version detection – Interrogating network services on remote devices to determine application name and version number.
OS detection – Determining the operating system and hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap Scripting Engine (NSE) andLua programming language.
Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
Uses of Nmap :
Auditing the security of a device or firewallby identifying the network connections which can be made to, or through it.
Identifying open ports on a target host in preparation for auditing.
Network inventory, network mapping, maintenance and asset management.
Auditing the security of a network by identifying new servers.
Generating traffic to hosts on a network, response analysis and response time measurement.
Finding and exploiting vulnerabilities in a network. DNS queries and subdomain search
How to install Nmap in Android ?
Open Termux app and type following commands :
$ pkg update
$ pkg install nmap
How to install Nmap in other linux device ?
$ apt update
$ apt-get install nmap
in ubuntu type :
$ sudo apt-get install nmap
Nmap Commands :
Nmap Target Selection :-
Scan a single IP: nmap 192.168.1.1
Scan a host: nmap www.testhostname.com
Scan a range of IPs: nmap 192.168.1.1-20
Scan a subnet: nmap 192.168.1.0/24
Scan targets from a text file: nmap -iL list-of-ips.txt
Nmap Port Selection :-
Scan a single Port: nmap -p 22 192.168.1.1
Scan a range of ports: nmap -p 1-100 192.168.1.1
Scan 100 most common ports (Fast): nmap -F 192.168.1.1
Scan all 65535 ports: nmap -p- 192.168.1.1
Nmap Port Scan types :-
Scan using TCP connect: nmap -sT 192.168.1.1
Scan using TCP SYN scan (default): nmap -sS 192.168.1.1
Scan UDP ports: nmap -sU -p 123,161,162 192.168.1.1
Scan selected ports - ignore discovery: nmap -Pn -F 192.168.1.1
Service and OS Detection :-
Detect OS and Services: nmap -A 192.168.1.1
Standard service detection: nmap -sV 192.168.1.1
More aggressive Service Detection: nmap -sV --version-intensity 5 192.168.1.1
Lighter banner grabbing detection: nmap -sV --version-intensity 0 192.168.1.1
Nmap Output Formats :-
Save default output to file: nmap -oN outputfile.txt 192.168.1.1
Save results as XML: nmap -oX outputfile.xml 192.168.1.1
Save results in a format for grep: nmap -oG outputfile.txt 192.168.1.1
Save in all formats: nmap -oA outputfile 192.168.1.1
Digging deeper with NSE Scripts :-
Scan using default safe scripts: nmap -sV -sC 192.168.1.1
Get help for a script: nmap --script-help=ssl-heartbleed
Scan using a specific NSE script: nmap -sV -p 443 –script=ssl-heartbleed.nse 192.168.1.1
Scan with a set of scripts: nmap -sV --script=smb* 192.168.1.1
A scan to search for DDOS reflection UDP services :-
Scan for UDP DDOS reflectors: nmap –sU –A –PN –n –pU:19,53,123,161 –script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.1.0/24
HTTP Service Information :-
Gather page titles from HTTP services: nmap --script=http-title 192.168.1.0/24
Get HTTP headers of web services: nmap --script=http-headers 192.168.1.0/24
Find web apps from known paths: nmap --script=http-enum 192.168.1.0/24
Detect Heartbleed SSL Vulnerability :-
Heartbleed Testing: nmap -sV -p 443 --script=ssl-heartbleed 192.168.1.0/24
IP Address information :-
Find Information about IP address: nmap --script=asn-query,whois,ip-geolocation-maxmind 192.168.1.0/24
No comments:
Post a Comment