Digital Projects

a self serving guide to nmap examples.

/ what is Nmap?

Nmap is used to identify and scan systems on the network. 

It is used as part of network diagnostics where it can map out the internal network by identifying live hosts and performing port scanning, service enumeration, and operating system detection.

use cases:

network security audit

penetration tests

network mapping

identify open ports

vulnerability assessment

firewall checks

Nmap is one of the most used network mappers in this crazy arse world and it’s available for Linux, Windows, and MAC operating systems. 

Nmap comes preinstalled on offensive security operating systems that are designed for penetration testers such as Kali Linux. Unless you are one unlucky muppet. 

// installing Nmap

official sinstallation guides can be found at: https://nmap.org

Ubuntu and Debian Based Distros
open terminal window and update the package index:

sudo apt-get update

install Nmap, run:

sudo apt-get install nmap

if presented with a Y/n? type in Y to start the installation process. let that bad boy install like magic!

CentOS and RPM Based Distros

open terminal and update the package index: 

sudo yum update

install Nmap, run:

sudo yum install nmap

Mac OS Binaries

For Mac OS X you need to go to nmap.org to download and install the executable installer named nmap-*.**.dmg

a quick check to test nmap has installed and is working – open a terminal window and type:

nmap –version

if you recive the version then all is sweet. if you recive command not found: nmap then shit…you f*cked it.

Windows 10

Go to https://nmap.org/download.html and in the Microsoft Windows Binaries section, find and download the latest release, which looks like: 

nmap–setup.exe

run the installer.

/// Nmap switches

-sS (stealth scan)

-sU (UDP scan)

-sT (TCP scan)

-sC (default scripts)

-O (find operating system)

-sV (versions of services)

-sA (firewall detection)

-v (verbose),  -vv (level two)

-A (aggressive)

-iR (scan random hosts)

-T1,2,3,4,5 (timing for higher speeds. e.g -T5)

–open (show only open ports)

–spoof-mac 0 (set a random MAC address)

//// port scans

-p “port” (scan single port e.g -p 80)

-p “port”, “port”, “port” (scan seclected ports e.g -p 80, 21, 23)

-p- (scan all ports)

-p “port-port” (scan every port in this range of e.g -p 80-1500)

–top-ports “number” (scan most common ports e.g –top-ports 10)

///// outputs

If you want to save the results of your Nmap scans to a file, you can add these switches.

-oN filename.txt (save as text file)

-oX filename.xml (save as XML)

////// scripts

a list of useful scripts to run for your nmap scan.

update scripts database:

nmap –script-updatedb

scan for vulnerabilities:

nmap -v –script vuln “ip” 

nmap -p445 –script smb-vuln-ms08-067 “ip” (search for a remote execution vulnerability)

nmap –script ssh-brute.nse “ip” (bruteforce vulnerable SSH)

nmap -p 445 –script smb-os-discovery “ip” (devices OS, workgroup, domain, device name over SMB protocol)

/////// examples

useful examples for nmap and the real world results you can expect. (permisson was granted to scan fatherprotocols.com)

nmap -v fatherprotocols.com

nmap -sC fatherprotocols.com

nmap -sn -sC fatherprotocols.com

nmap -Pn -sn -sC 66.33.222.250

nmap -sV -sT -sC 66.33.222.250

There we go. Nmap yo!

[referances]

https://nmap.org
https://www.shellhacks.com
https://linuxhint.com
https://bytexd.com
https://hackthebox.eu