Nmap

What is nmap?

Nmap is short for "network mapper" and was created as a tool specifically for "network exploration and security auditing"

Over the years it has turned into an essential tool in any network specialists toolkit whether it's administration or security focused.

legalities of nmap

Is it legal to use Nmap?

The answer is: ASK A LAWYER!

Laws can vary from jurisdiction to jurisdiction and it's not recommended to ever take advice of other people, even if they are considered "professionals".

If you are performing scans against a network as part of your job, ensure you have received express approval for the type of scan and range for which you are authorized to operate.

If you are performing a scan on another person's or companies network as part of a contractual agreement, make sure you receive an explicit Statement of Work specifying exactly what you will be doing and upon which networks you are authorized to operate.

REALITES OF NMAP

TBD: Refer to NMAP book about the measures Nmap takes to be non-intrusive/destructive

OSSTMM

Types of scans

  • TCP SYN Scan (Default)
  • TCP Connect Scan
  • UDP Scan
  • SCTP INIT Scan
  • TCP NULL Scan
  • TCP FIN Scan
  • TCP Xmas Scan
  • TCP ACK Scan
  • TCP Window Scan
  • TCP Maimon Scan
  • Custom TCP Scan
  • SCTP COOKIE ECHO Scan
  • TCP Idle Scan
  • IP Protocol Scan
  • FTP Bounce Scan
  • Reverse-DNS Lookup

Nmap supports many different types of scans for different use cases/scanning needs.

A true professional knows which types of scan to use in the right situation.

PHASES OF AN NMAP SCAN

  • Script Pre-Scanning
  • Target Enumeration
  • Host Discovery
  • Reverse-DNS Resolution
  • Port Scanning
  • Version Detection
  • OS Detection
  • Traceroute
  • Script Scanning
  • Output
  • Script Post-Scanning

NMAP USAGE

$ nmap -sL 192.168.0.1/24 #results of private network vary


$ nmap -sL 45.33.32.156 #IP address of scanme.nmap.org

Reverse-DNS Lookup

A reverse-DNS lookup entails scanning a single or range of IP addresses to determine what DNS entries are registered to the target host/domain

This is a passive scan that is not likely to be set off any alarms

GRAPHICAL NMAP TOOLS

KDE Nmap (knmap)

nmap-frontend (Fedora/CentOS)

nmap-fe (Debian/Ubuntu)

Zenmap (Official)

Resources

Nmap

By DevLeague Coding Bootcamp

Nmap

Nmap tutorial

  • 1,584