what is Nmap | How to Install Nmap | How to use Nmap — HackersDude

Scan a single host — Scans a single host for 1000 well-known ports. These ports are the ones used by popular services like SQL, SNTP, apache, HTTP, and others.

nmap scanme.nmap.org

Stealth scan — Stealth scanning is performed by sending an SYN packet and analyzing the response. If SYN/ACK is received, it means the port is open, and you can open a TCP connection.

However, a stealth scan never completes the 3-way handshake, which makes it hard for the target to determine the scanning system.

Version scanning — Finding application versions is a crucial part of penetration testing. It makes your life easier since you can find an existing vulnerability from the Common Vulnerabilities and Exploits (CVE) database for a particular version of the service. You can then use it to attack a machine using an exploitation tool like Metasploit.

Aggressive Scanning — Nmap has an aggressive mode that enables OS detection, version detection, script scanning, and traceroute. You can use the -A argument to perform an aggressive scan.

Aggressive scans provide far better information than regular scans. However, an aggressive scan also sends out more probes, and it is more likely to be detected during security audits.

OS Scanning — in addition to the services and their versions, Nmap can provide information about the underlying operating system using TCP/IP fingerprinting. Nmap will also try to find the system uptime during an OS scan.

Scanning Multiple Hosts — Nmap has the capability of scanning multiple hosts simultaneously. This feature comes in real handy when you are managing vast network infrastructure.

You can scan multiple hosts through numerous approaches:

• Write all the IP addresses in a single row to scan all of the hosts at the same time.
  nmap 192.164.1.1 192.164.0.2 192.164.0.2
• Use the asterisk (*) to scan all of the subnets at once.
  nmap 192.164.1.*
• Add commas to separate the address’s endings instead of typing the entire domains.
  nmap 192.164.0.1,2,3,4
• Use a hyphen to specify a range of IP addresses
  nmap 192.164.0.0-255

Port Scanning — Port scanning is one of the most fundamental features of Nmap. You can scan for ports in several ways.

• Using the -p param to scan for a single port
  nmap -p 973 192.164.0.1
• If you specify the type of port, you can scan for information about a particular type of connection, for example for a TCP connection.
  nmap -p T:7777, 973 192.164.0.1
• A range of ports can be scanned by separating them with a hyphen.
  nmap -p 76-973 192.164.0.1
• You can also use the flag to specify the top n ports to scan.-top-ports
  nmap --top-ports 10 scanme.nmap.org

Scanning from a File If you want to scan a large list of IP addresses, you can do it by importing a file with the list of IP addresses.

Nmap Help Nmap has a built-in help command that lists all the flags and options you can use. It is often handy given the number of command-line arguments Nmap comes with.

Nmap Scripting Nmap Scripting has many inbuilt scripting which will make our work easily while pentesting the device

We can find about the scripts by entering the help command

Originally published at http://www.hackersdude.com on January 14, 2021.