How to use NMAP Security Scanner
What is NMAP?
NMAP is an open source network discovery and security adding utility.
How NMAP works?
NMAP sends data packets on a specific target (IP) and interprets the incoming packets to determine which ports are open/closed.
What is a port?
the endpoint of communication in an operating system.
Important points
It's associated with the IP address of the host.
It's also associated with protocol type of the communication. Example: TCP, FTP, etc.
It's identified with a 16 bit number. Example: 80
How to install NMAP
Open terminal
For CentOS:
yum install
nmap
For Debian:
apt get
install
nmap
For Ubuntu: sudo apt-get install nmap
Note: NMAP comes pre-packaged with Kali Linux.
Using the NMAP Security Scanner
Some things to know about NMAP
NMAP is open-source, so you can download the whole source code.
NMAP is completely free to use.
NMAP is not meant for malicious activities.
To get an overview of all the params that NMAP can be used with
>_ nmap -help
To scan using hostname
>_
nmap
<hostname>
To scan using IP Address
>_ nmap <ip address>
To scan using "-v" option
>_ nmap -v <host>
To scan multiple hosts at the same time
>_ nmap <host1> <host2> <host3>
To scan a whole subnet or IP range
>_ nmap 192.168.0.*
What is subnet?
A network divided into two or more networks is called subnet.
To scan a list of hosts using a .txt file
>_ nmap -iL filename.txt
To scan an IP Address range
>_ nmap 192.168.0.101-105
To scan OS information
>_ nmap -A <host>
To enable OS detection with NMAP
>_ nmap -o <host>
To scan a host to detect firewall
>_ nmap -sA <host>
To scan a host to see if it's protected by any packet filtering software or firewalls.
>_nmap -PN <host>
Find live hosts in a network
>_ nmap -sP 192.168.0.*
To scan for a specific port
>_ nmap -p 80 <host>
To scan for multiple ports
>_ nmap -p 80, 443 <host>
To perform a TCP null scan to fool a WiFi
>_ nmap -sN <host>
That's it for now :)
Made with Slides.com