UT Martin Cyber Ambassadors

User Tools

Site Tools

Trace:
nmap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
nmap [2019/09/15 18:36]
acm 		nmap [2019/09/23 15:17] (current)
acm
Line 1: Line 1:
 ==== NMap Network Mapper ==== ==== NMap Network Mapper ====
-Nmap is an opensource networking mapping tool frequently used in order to gain an accurate picture of how a network is setup. It was written by Gordon Lyon and comes preinstalled on many Linux distros including Kali. +Nmap is an opensource networking mapping tool frequently used in order to gain an accurate picture of how a network is setup. It was written by Gordon Lyon and comes preinstalled on many Linux distros including Kali. 
  
-== Port Scanning ==+=== Port Scanning ===
 The baseline functionality provided by Nmap is port scanning. This allows us to be able to tell what ports are open on our target machine. Nmap can conduct a basic port scan using The baseline functionality provided by Nmap is port scanning. This allows us to be able to tell what ports are open on our target machine. Nmap can conduct a basic port scan using
 <code> <code>
-nmap 192.168.1.1+$nmap 192.168.56.3
 </code> </code>
-This command conducts an SYN scan of the 1000 most commonly used ports on the machine at 192.168.1.1. While this is useful often times you'll want to scan all the ports on the target machine, which can be done using+This command conducts an SYN scan of the 1000 most commonly used ports on the machine at 192.168.1.1. While this is useful often times you'll want to scan all the ports on the target machine, which can be done using(results of the scan are shown here)
 <code> <code>
-nmap -p- 192.168.1.1+$nmap -p- 192.168.56.
 +Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-15 18:41 CDT 
 +Nmap scan report for 192.168.56.3 
 +Host is up (0.00080s latency). 
 +Not shown: 65505 closed ports 
 +PORT      STATE SERVICE 
 +21/tcp    open  ftp 
 +22/tcp    open  ssh 
 +23/tcp    open  telnet 
 +25/tcp    open  smtp 
 +53/tcp    open  domain 
 +80/tcp    open  http 
 +111/tcp   open  rpcbind 
 +139/tcp   open  netbios-ssn 
 +445/tcp   open  microsoft-ds 
 +512/tcp   open  exec 
 +513/tcp   open  login 
 +514/tcp   open  shell 
 +1099/tcp  open  rmiregistry 
 +1524/tcp  open  ingreslock 
 +2049/tcp  open  nfs 
 +2121/tcp  open  ccproxy-ftp 
 +3306/tcp  open  mysql 
 +3632/tcp  open  distccd 
 +5432/tcp  open  postgresql 
 +5900/tcp  open  vnc 
 +6000/tcp  open  X11 
 +6667/tcp  open  irc 
 +6697/tcp  open  ircs-u 
 +8009/tcp  open  ajp13 
 +8180/tcp  open  unknown 
 +8787/tcp  open  msgsrvr 
 +34173/tcp open  unknown 
 +34643/tcp open  unknown 
 +38930/tcp open  unknown 
 +40080/tcp open  unknown
 </code> </code>
 The '-p-' switch tells Nmap that you want to scan all the ports on the target machine. Both of these examples are SYN scans, which is one of the most popular types of scans that Nmap is capable of due to its speed and its lowered chance of crashing the target machine. That being said there are a variety of different scan types and it is important to be familar with all of them. You can change the scan type using the '-s<X>' switch, where <X> is replaced by the letter denoting the type of scan you wish to conduct.For example: The '-p-' switch tells Nmap that you want to scan all the ports on the target machine. Both of these examples are SYN scans, which is one of the most popular types of scans that Nmap is capable of due to its speed and its lowered chance of crashing the target machine. That being said there are a variety of different scan types and it is important to be familar with all of them. You can change the scan type using the '-s<X>' switch, where <X> is replaced by the letter denoting the type of scan you wish to conduct.For example:
 <code> <code>
-nmap -sU 192.168.1.1+$nmap -sU 192.168.56.3
 </code> </code>
 conducts a UDP scan. Nmap can also conduct a version scan that allows us to identify what services are running on a specified port. This can be done using the '-sV' switch. conducts a UDP scan. Nmap can also conduct a version scan that allows us to identify what services are running on a specified port. This can be done using the '-sV' switch.
 <code> <code>
-nmap -sV 192.168.1.1+$nmap -sV -p- 192.168.56.3 
 +Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-15 18:44 CDT 
 +Stats: 0:01:47 elapsed; 0 hosts completed (up), 1 undergoing Service Scan 
 +Service scan Timing: About 96.67% done; ETC: 18:46 (0:00:03 remaining) 
 +Nmap scan report for 192.168.56.3 
 +Host is up (0.00080s latency). 
 +Not shown: 65505 closed ports 
 +PORT      STATE SERVICE     VERSION 
 +21/tcp    open  ftp         vsftpd 2.3.4 
 +22/tcp    open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) 
 +23/tcp    open  telnet      Linux telnetd 
 +25/tcp    open  smtp        Postfix smtpd 
 +53/tcp    open  domain      ISC BIND 9.4.2 
 +80/tcp    open  http        Apache httpd 2.2.8 ((Ubuntu) DAV/2) 
 +111/tcp   open  rpcbind     2 (RPC #100000) 
 +139/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 
 +445/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 
 +512/tcp   open  exec        netkit-rsh rexecd 
 +513/tcp   open  login       OpenBSD or Solaris rlogind 
 +514/tcp   open  shell       Netkit rshd 
 +1099/tcp  open  java-rmi    GNU Classpath grmiregistry 
 +1524/tcp  open  bindshell   Metasploitable root shell 
 +2049/tcp  open  nfs         2-4 (RPC #100003) 
 +2121/tcp  open  ftp         ProFTPD 1.3.1 
 +3306/tcp  open  mysql       MySQL 5.0.51a-3ubuntu5 
 +3632/tcp  open  distccd     distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4)) 
 +5432/tcp  open  postgresql  PostgreSQL DB 8.3.0 - 8.3.7 
 +5900/tcp  open  vnc         VNC (protocol 3.3) 
 +6000/tcp  open  X11         (access denied) 
 +6667/tcp  open  irc         UnrealIRCd 
 +6697/tcp  open  irc         UnrealIRCd 
 +8009/tcp  open  ajp13       Apache Jserv (Protocol v1.3) 
 +8180/tcp  open  http        Apache Tomcat/Coyote JSP engine 1.1 
 +8787/tcp  open  drb         Ruby DRb RMI (Ruby 1.8; path /usr/lib/ruby/1.8/drb) 
 +34173/tcp open  mountd      1-3 (RPC #100005) 
 +34643/tcp open  nlockmgr    1-4 (RPC #100021) 
 +38930/tcp open  java-rmi    GNU Classpath grmiregistry 
 +40080/tcp open  status      1 (RPC #100024) 
 +</code> 
 + 
 +=== Scripting Engine and Vulnerability Scanning ===  
 +One of the most powerful and important to learn parts of Nmap is its built-in scripting engine sometimes called NSE. NSE allows users to write scripts in Lua to help automate a wide variety of tasks. There are a number of built-in scripts that come with Nmap that allow it to implement some of its more advanced functionality, such as vulnerability scanning.You can run a vulnerability scanning script using 
 +<code> 
 +nmap --script vuln 192.168.56.3
 </code> </code>
  
 === References === === References ===
-  *https://nmap.org/+  *Nmap Official Site 
 +    *https://nmap.org/ 
 +  *The Basics of Hacking and Penetration Test by Patrick Engebreston 
 +    *https://www.amazon.com/Basics-Hacking-Penetration-Testing-Ethical/dp/0124116442/ref=sr_1_3?crid=5FJYSYVHJUYY&keywords=the+basics+of+hacking+and+penetration+testing&qid=1568592228&sprefix=the+basics+of+hackin%2Caps%2C184&sr=8-3 
 +  *Nmap Official Book 
 +    *https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_2?keywords=nmap&qid=1568592149&sr=8-2
  
nmap.1568590566.txt.gz · Last modified: 2019/09/15 18:36 by acm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki