Penetration Testing Playbook
  • Introduction to Pentesting
  • Tools
    • SQL Map
    • NMAP
    • Nikto
    • Dirb
    • Dirsearch
Powered by GitBook
On this page
  1. Tools

NMAP

Nmap (Network Mapper) is a powerful open-source tool used for network exploration, security scanning, and auditing. It's widely utilized by penetration testers to discover hosts and services on a computer network and uncover potential vulnerabilities. This guide will provide an overview of how to use Nmap effectively for network reconnaissance as part of the penetration testing process.

Prerequisites:

  1. Basic understanding of networking concepts.

  2. Nmap installed on your system. You can download it from Nmap's official website.

Instructions:

Identify Target Network:

  • Determine the IP range or specific target hosts you want to scan. This could include a range of IP addresses or individual hostnames.

Perform Basic Scan:

  • Open your terminal or command prompt.

  • Run a basic Nmap scan using the target IP address or range.

  • Example command: Replace <target> with the IP address or hostname of the target.

nmap <target>

Scan Specific Ports:

  • Specify specific ports to scan for services running on the target hosts.

  • Example command: 

nmap -p <ports> <target>

  • Replace <ports> with a comma-separated list of ports (e.g., 80,443) and <target> with the target IP address or hostname.

Perform Service Version Detection:

  • Use the -sV flag to perform service version detection, which provides information about the services running on open ports.

  • Example command: 

nmap -sV <target>

  • Replace <target> with the target IP address or hostname.

Scan All TCP Ports:

  • Perform a comprehensive scan of all TCP ports on the target hosts.

  • Example command: 

nmap -p- <target>

  • This command scans all 65,535 TCP ports on the target.

Scan UDP Ports:

  • Use the -sU flag to perform UDP port scanning for services that use the UDP protocol.

  • Example command: 

nmap -sU <target>

  • Replace <target> with the target IP address or hostname.

Output Results to File:

  • Save the scan results to a file for future analysis.

  • Example command: 

nmap -oN scan_results.txt <target>

  • This command saves the scan results in a text file named scan_results.txt.

Enable Script Scanning:

  • Utilize Nmap's scripting engine (NSE) to run specific scripts against target hosts.

  • Use the -sC flag to enable default script scanning, which runs a set of commonly used scripts.

  • Example command:

nmap -sC <target>

  • Replace <target> with the target IP address or hostname.

Run Custom Scripts:

  • Use the --script option to specify custom NSE scripts or script categories to execute during the scan.

  • Example command: 

nmap --script <script_name> <target>

  • Replace <script_name> with the name of the script or script category, and <target> with the target IP address or hostname.

Resources:

  • Refer to Nmap's official documentation and user guides for detailed information on its usage and advanced features.

  • Explore online tutorials and forums to learn more about Nmap's scripting capabilities and best practices in network reconnaissance.

PreviousSQL MapNextNikto

Last updated 1 year ago