๐Ÿ‘๏ธNMAP

Introduction to Nmap

What is Nmap?

Nmap (Network Mapper) is a free and open-source tool used to discover hosts and services on a computer network, thus creating a map of the network. It is commonly used for security auditing, network inventory, and administration tasks.

Why Use Nmap for Hacking?

Nmap is a powerful tool that can be used by hackers to gather information about target systems. It can help you identify open ports, services running on those ports, and potential vulnerabilities that can be exploited.

Prerequisites

Before you can use Nmap, you will need a basic understanding of the following:

  • TCP/IP networking

  • Command-line interface (CLI)

  • Operating systems (Windows, Linux, macOS)

Installing Nmap

Nmap can be installed on various operating systems. Here are the installation instructions for some of the most common ones:

  • Windows: Download Nmap

  • Linux: sudo apt-get install nmap

  • macOS: brew install nmap

Basic Nmap Scanning Techniques

Syntax and Options

Nmap has a wide range of command-line options and syntax, but we'll cover the most basic ones here.

  • -sS: TCP SYN scan

  • -sT: TCP connect scan

  • -sU: UDP scan

  • -p: Specify port range

  • -O: OS detection

  • -A: Aggressive scan

  • -sV: Service version detection

  • -sC: Script scanning using the default NSE scripts

  • -Pn: Treat all hosts as online (skip host discovery)

  • -n: Do not resolve hostnames

  • -f: Fragment packets

  • -T0: Paranoid timing (slowest)

  • -T5: Insane timing (fastest)

  • -v: Verbose output

  • -oA: Output in all formats (standard, XML, and grepable)

Host Discovery

The first step in any Nmap scan is to discover hosts on the network. We can use the following command to do this:

nmap -sn <IP_range>

Port Scanning

Once we have discovered hosts, the next step is to scan for open ports on those hosts. We can use the following command to do this:

nmap -p <port_range> <host>

OS Detection

Nmap can also be used to detect the operating system of a host. We can use the following command to do this:

nmap -O <host>

Advanced Nmap Scanning Techniques

Banner grabbing is the process of retrieving information about a service running on a port. We can use the following command to do this:

nmap -sV <host>

Service Enumeration

Service enumeration is the process of identifying the specific service running on a port. We can use the following command to do this:

nmap -sV --version-intensity 5 <host>

Scripting Engine

Nmap has a powerful scripting engine that can be used to automate tasks and identify vulnerabilities. We can use the following command to run a script:

nmap --script <script> <host>

OSCP

NSE Scripts

Nmap has a powerful scripting engine called the Nmap Scripting Engine (NSE). NSE scripts can be used to automate tasks, identify vulnerabilities, and gather information about a target system. OSCP students should learn how to use NSE scripts effectively as they can save a lot of time and effort.

Scanning Techniques

OSCP students should learn how to use different scanning techniques in Nmap, such as:

  • TCP SYN Scan: This is the default scan in Nmap, and it sends SYN packets to each port to determine if they are open or closed.

  • TCP Connect Scan: This technique establishes a full TCP connection to each port to determine if it is open or closed.

  • UDP Scan: This technique is used to scan for open UDP ports, which are typically harder to identify than open TCP ports.

Timing and Performance

Nmap offers different timing and performance options that can be used to optimize scans. OSCP students should learn how to use these options to avoid detection and improve performance. For example:

  • -T0: paranoid timing

  • -T1: sneaky timing

  • -T2: polite timing

  • -T3: normal timing

  • -T4: aggressive timing

  • -T5: insane timing

Output Formats

Nmap can generate output in various formats, including:

  • Standard output: This is the default output format, and it shows the open ports and the services running on them.

  • XML output: This format can be used to generate reports and feed the output to other tools.

  • Grepable output: This format is similar to standard output but is designed to be parsed by other tools.

Firewall Evasion Techniques

OSCP students should learn how to use Nmap to bypass firewalls and other security mechanisms. Nmap offers several options that can be used for firewall evasion, such as:

  • Fragmentation: Nmap can fragment packets to bypass firewalls that block packets based on size.

  • Timing: Nmap can be configured to send packets at specific intervals to avoid detection by intrusion detection systems.

  • Spoofing: Nmap can spoof the source IP address to bypass firewalls that allow traffic from trusted sources only.

Common Vulnerabilities and Exposures (CVE)

OSCP students should learn how to use Nmap to identify CVEs on target systems. Nmap has several NSE scripts that can be used for CVE detection. OSCP students should also learn how to interpret the Nmap output to identify potential vulnerabilities and prioritize them based on severity.

Conclusion

Nmap is a powerful tool for hacking and network scanning. By understanding its basic and advanced scanning techniques, you can identify potential vulnerabilities on your target systems. Always use Nmap responsibly and ethically.

PreviousGoogle DorkingNextHydra

Last updated