Difference between revisions of "Nmap"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(26 intermediate revisions by the same user not shown)
Line 1: Line 1:
<code>'''[[wikipedia:Nmap|Nmap]]'''</code> (''Network Mapper'') is a security [[Network scanner|scanner]] that can be used to discover [[Host (network)|hosts]] and [[Web service|services]] on a computer or [[computer network]]. Includes at least nmap and nping binaries.
+
{{lowercase}}
 +
<code>'''[[wikipedia:Nmap|nmap]]'''</code> ([[1997]]) (''Network Mapper'') is a security [[Network scanner|scanner]] developed by [[Gordon Lyon]] that can be used to discover [[Host (network)|hosts]] and [[Web service|services]] on a computer or [[computer network]]. Includes at least nmap and nping binaries.
  
 
== Installation ==
 
== Installation ==
Line 6: Line 7:
  
 
== Basic nmap commands ==
 
== Basic nmap commands ==
* Basic nmap host scan:  
+
 
**<code>nmap -nP HOSTNAME_TO_SCAN</code>
+
* Basic nmap [[port]] scan (not all ports are scanned):  
**<code>nmap -nP HOSTNAME_TO_SCAN -p 80,443</code>
+
**<code>nmap -Pn HOSTNAME_OR_NET_TO_SCAN</code>
 +
**<code>nmap -Pn HOSTNAME_OR_NET_TO_SCAN -p 80,443</code>
 +
-Pn (No ping), do not verify is host is up
 +
 
 +
 
 +
 
 +
 
 +
**Scan all [[port]]s (1 – 65535)
 +
*** <code>nmap -p- 192.168.0.1</code>
 
**<code>nmap HOSTNAME_TO_SCAN</code>
 
**<code>nmap HOSTNAME_TO_SCAN</code>
* Basic nmap network scan: <code>nmap -sn 192.168.0.*</code> (-sn - ping scan so No/disable port scan)
 
:<code>-sn: Ping scan so disable port scan</code>
 
  
* [[OS]] detection: <code>nmap -O IP</code>
+
 
* -sP TODO
+
* Network scan:
 +
**<code>nmap -sn 192.168.0.*</code> (-sn - [[ping]] scan so No/disable [[port scan]])
 +
:::<code>-sn: [[Ping]] scan so disable port scan</code>
 +
 
 +
 
 +
* [[OS]] detection:
 +
::<code>nmap -O IP</code>
  
 
*<code>nmap -A IPAddress</code> equivalent to <code>nmap -sV -sC -O -traceroute IPaddress</code>
 
*<code>nmap -A IPAddress</code> equivalent to <code>nmap -sV -sC -O -traceroute IPaddress</code>
Line 27: Line 40:
 
==Basic port scanning==
 
==Basic port scanning==
 
*Scan common ports
 
*Scan common ports
::<code>nmap –F 192.168.0.1</code>
+
::<code>nmap -F 192.168.0.1</code>
  
*Scan all ports (1 – 65535)
+
*Scan all [[port]]s (1 – 65535)
::<code>nmap –p– 192.168.0.1</code>
+
::<code>nmap -p- 192.168.0.1</code>
  
*To scan using TCP connect
+
*To scan using [[TCP connect]]
::<code>nmap –sT 192.168.0.1</code>
+
::<code>nmap -sT 192.168.0.1</code>
  
*To perform the default SYN scan
+
*To perform the default [[SYN]] scan
::<code>nmap –sS 192.168.0.1</code>
+
::<code>nmap -sS 192.168.0.1</code>
  
*The nmap utility can be used to detect the operating system of a particular target
+
*The nmap utility can be used to detect the [[operating system]] of a particular target
::<code>nmap –A 192.168.0.1</code>
+
::<code>[[nmap -A]] 192.168.0.1</code>
  
 
==Banner Grabbing==
 
==Banner Grabbing==
 +
* <code>-sV</code>: Probe open ports to determine service/version info
  
<code>nmap -sV --version-intensity 5 xxxxxx.com -p 80</code>
+
* <code>nmap -sV --version-intensity 5 xxxxxx.com -p 80</code>
  
 
The <code>-sV</code> option lets us fetch the software versions, and by adding <code>--version-intensity 5</code>, we can get the maximum number of possible details about the remote running software.
 
The <code>-sV</code> option lets us fetch the software versions, and by adding <code>--version-intensity 5</code>, we can get the maximum number of possible details about the remote running software.
Line 49: Line 63:
 
By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily:
 
By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily:
  
<code>nmap -sV --script=banner IP</code>
+
* <code>nmap -sV --script=banner IP</code>
  
 
== Activities ==
 
== Activities ==
Line 57: Line 71:
 
=== Advanced ===
 
=== Advanced ===
 
# Read [[nmap Changelog]]: https://nmap.org/changelog.html
 
# Read [[nmap Changelog]]: https://nmap.org/changelog.html
 +
 +
== Related ==
 +
* [[Idle scan]]
 +
* [[sslcan]]
  
 
==See also==
 
==See also==
 
* {{nmap}}
 
* {{nmap}}
 +
* {{Security tools}}
 
* [[Wikibooks:Hacking/Tools/Network/Nmap]]
 
* [[Wikibooks:Hacking/Tools/Network/Nmap]]
 
* {{ping}}
 
* {{ping}}

Latest revision as of 12:02, 27 February 2024

nmap (1997) (Network Mapper) is a security scanner developed by Gordon Lyon that can be used to discover hosts and services on a computer or computer network. Includes at least nmap and nping binaries.

Installation[edit]

  • apt install nmap or snap install nmap


Basic nmap commands[edit]

  • Basic nmap port scan (not all ports are scanned):
    • nmap -Pn HOSTNAME_OR_NET_TO_SCAN
    • nmap -Pn HOSTNAME_OR_NET_TO_SCAN -p 80,443
-Pn (No ping), do not verify is host is up



    • Scan all ports (1 – 65535)
      • nmap -p- 192.168.0.1
    • nmap HOSTNAME_TO_SCAN


  • Network scan:
-sn: Ping scan so disable port scan


  • OS detection:
nmap -O IP
  • nmap -A IPAddress equivalent to nmap -sV -sC -O -traceroute IPaddress

Basic nping commands[edit]

nping is packet generation, response analysis and response time measurement available since 2011 and developed by nmap developers

  • "TCP ping":
    • nping -c 1 --tcp -p 80,433 google.com[1]
    • nping -c 3 --tcp -p 443 --flags syn google.com[2]
  • nping -H -tr 8.8.8.8 (-H Hide-sent do not display sent packets, -tr traceroute)

Basic port scanning[edit]

  • Scan common ports
nmap -F 192.168.0.1
  • Scan all ports (1 – 65535)
nmap -p- 192.168.0.1
nmap -sT 192.168.0.1
  • To perform the default SYN scan
nmap -sS 192.168.0.1
  • The nmap utility can be used to detect the operating system of a particular target
nmap -A 192.168.0.1

[edit]

  • -sV: Probe open ports to determine service/version info
  • nmap -sV --version-intensity 5 xxxxxx.com -p 80

The -sV option lets us fetch the software versions, and by adding --version-intensity 5, we can get the maximum number of possible details about the remote running software.

By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily:

  • nmap -sV --script=banner IP

Activities[edit]

Basic[edit]

  1. Use nping to execute a "tcp ping": Check TCP connectivity

Advanced[edit]

  1. Read nmap Changelog: https://nmap.org/changelog.html

Related[edit]

See also[edit]

  • https://nmap.org/book/nping-man.html
  • https://www.aldeid.com/wiki/Nping
  • https://serverfault.com/a/608976
  • Advertising: