Nmap (Network Mapper)
Gordon Lyon created a beast 24 years ago using c++ that has since become a favourite tool of all hackers and is now almost a necessity. That beast is none other than Nmap (Network Mapper)
Nmap is a network discovery and security auditing tool that is free and open source. Nmap makes unique use of raw IP packets to figure out
- What services (application name and version) they provide.
- What operating systems (and OS versions) they run.
- What hosts are on the network.
- Which network vulnerabilities and system loopholes are present.
It’s important to understand how it works before jumping in. Nmap’s primary role is port scanning. To make learning easier, we’ll break it down into three steps.
Nmap transmits raw IP packets to discover available hosts on a network system. These packets require a response from the target computer, according on network parameters.
Since these queries require a response, the host responds with a list of ports that can connect with other machines. While open ports will receive some responses, closed ports can be blocked out because they will not receive any.
After obtaining some information from the target, the hackers must search for weak services and open ports. After this, the third phase of ethical hacking, gaining access to the victim machine, can begin.
Nmap is preinstalled in Kali Linux, but if you’re running Parrot OS or some other OS (Operating system) where nmap isn’t installed, you can use sudo apt install nmap to install it, and if you already have it installed, you can run nmap -help to see all the options.
Before we moving forward, have a look at Nmap’s basic command format: nmap <scan type> <option> <target>
nmap <target ip address> This command can be used to scan the entire IP range, the complete CIDR (classless inter-domain routing) range of IP addresses.
The second item on the list is Port Scanning, which is done with the nmap -p <numeric value> <IP> command. <numeric value> contains the number of port to scan you can also scan all 65535 ports using 1–65535 (Do that only if you have strong CPU!!) Nmap is the best tool for port scanning. You can discover more about port services and statuses by running port scans. Not only that, but Nmap also has features for scanning popular ports and discovering open ports. We will see that further.
-f is used for faster scan it scan fewer and most common ports.
The next one is Ping Scan using nmap, which is done with the nmap -sP <IP> command. Remember nmap is case sensitive. This is one of the most common and straightforward Nmap commands for detecting hosts. This command should be used if you want to know which hosts are running in your network. It also allows you to search for several hosts or a specific host. The IP address and MAC address of available hosts are returned, but no information regarding ports is provided. Simple terms, it locates all devices within a certain range. After that, you can see if there are any IP addresses you don’t recognize or can’t account for. This command sends an ICMP (Internet Control Message Protocol) echo request to all of the network’s IP addresses. However, some remote hosts block IP-based ping packets, which is a major disadvantage of this form of scan. Windows Firewall with high security, for example, blocks ICMP echoes requests packets by default. This command returns information about the host and is less aggressive than other scanning commands.
There are many options now, but we’ll look at the most useful or commonly used ones.
nmap -sV <IP> (Service Version Detection) is my personal favourite command it determine service/version information by probing open ports. This is my favourite because knowing the exact version number becomes really helpful while finding which exploits your server is vulnerable to.
nmap -sC <IP> (Script Scan) this scan’s with default NSE scripts. Considered useful for discovery and safe.
nmap -O <IP> is used for os detection.
Scan Technique is another important scan,
Lets take a look at timing and performance : by reading the key-terms you are smart enough to get the exact use of the command I think no explanation is needed…
You can save output in Nmap using the -oN command to save normal output or the -oX command to save it in an XML file so that you can view it later and use the time wisely.
Nmap is also compatible with Windows and other operating systems.
Now scanning isn’t enough; in fact, once we’ve discovered open ports, we should search for and check every single one of them, as well as their versions, to determine whether any of them are vulnerable.
