Hey awl in this tutorial i will be telling you all about Nmap.
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Ok for this tutorial i am dividing Nmap switches in four parts so it will be easy for you all to remind it in your mind.
What is Nmap(Network Mapper)
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Ok for this tutorial i am dividing Nmap switches in four parts so it will be easy for you all to remind it in your mind.
Types Of Nmap
1.Synchronous Scans
2.Ping Scans
3.Time Scans
4.Output Type
Synchronous Scan
All synchronous scans start with -s , -s denotes synchronous . Now a basic synchronous scan command is written as follows,Commands of different scans are as follow:
-sT Synchronous TCP scan
-sS Synchronous Stealth scan (This type of scan most of the time goes undetected by remote system)
-sF Synchronous FIN Scan(Sends FIN packets with RST flag)
-sX XMAS tree scan(A packet is known as XMAS when its all flag are set)
-sU UDP scan
-sN NULL Scan
-sP Ping Scan
-sO Protocol Scan
-sA ACK Scan
-sW Windows Scan
-sR Remote Procedure Call
-sL List DNS
-sI IDLE scan(A scan done with spoofed IP Address)
Now a basic synchronous scan command is written as follows,
nmap -s[synchronous scan type] ip_address
After reading above switch list you must have noted all types of scans appears to start with first letter capital of its own spelling placed next to -s except protocol scan which uses O. So practically you don’t need to remember anything other than which type of scan you want to perform then post fix -s with its capital letter.
Ping Scan
All Ping scans start with P, note that P is capital and denotes ping.Commands of different scans are as follow:
-Pn No Ping
-PT TCP Ping
-PA ACK Ping
-PU UDP Ping
-PO Protocol Scan
-PS Synchronous Ping
-PI ICMP Ping Echo
-PB UDP ICMP timestamp
-PM ICMP Net Mask or Masked Scan
Now a basic ping scan command is written as follows,
nmap -P[ping scan type] ip_address
Now note the next option appearing after P is first letter capital of word’s own spelling except protocol ping and timestamp ping. As shown earlier everytime p from protocol will be replaced by O in scan type. To remember timestamp switch remember last letter p in timestamp appears like B.
Time Scan
Time Scans Time switches are denoted by capital T.Commands of different scans are as follow:
-T Paranoid 300 seconds between scans
-T Sneaky 15 seconds between scans
-T Polite 4 seconds between scans
-T Normal Runs parallel scans
-T Aggressive 1.25 sec/probe
-T Insane 0.3 sec/probe
In this i will not show example beacuse it needs some conditions and it will be better if you learn it beacuse iits quite trciky.
Output Scan
It just formates output as you want. Always starts with -o-Commands of different scans are as follow:
-oN Normal Output
-oX XML Output
-oG Grapple Output
-oA All Output
In this also i will not show example beacuse it needs some conditions and its quite easy to remeber so i dont think i need to tell you all how to remeber it.
Other Important Switches
--traceroute--> works similar as any other trace route program-R--> Resolve DNS along with port scan
-v -->Scan in verbose mode
-O--> OS Scan
Ok here m giving you a simple scan program which create a Stealth Synchronous scan with normal output with 15 seconds between each scan resolve DNS and use verbose mode.
So here's our command:
nmap xxx.xxx.xxx -sS -v -R -oN -T Sneaky
0 comments:
Post a Comment
Got any doubts or feedbacks ?
Feel free to comment !