WHAT IS NMAP
nmap is an information gathering tool used for a connaissance which means to scout more specifically it is a free open source network scanner and not scans hosts and services on a computer network it sends packets and analyzes the responses but what is a host a host is any of us that is connected to a computer network for examples computers phones tablets and gaming consoles are all hosts on a network from these responses from the in map packet you can find information such as vulnerable hosts on a certain network open ports operating systems version histories software detection and other vulnerabilities now to show you a quick demonstration of nmap to run the nmap command i'm going to be using a docker image with Kali instance on it with a few variations basically all I'm doing is setting up and starting the dr. container to learn more about the individual commands you can use nmap with the help switch otherwise known as a flag using the command and map - - hub and this will give you more information here's an example of a command you can use to scan a website URL in this case the website I will be scanning the cyber Shaolin org but any website will work you have to type in nmap - capital P lowercase and in the website you want I will be scanning my website - cyber founder org I'm using the - P n switch to skip the host discovery as I already know that the website is active and online and Knapp scans take some time especially if you are scanning large amounts of hosts or services you will just have to be patient which is which is a virtue of good ethical hackers while standing pressing most keys will show the progress of the skin you can see that it's about 65 percent done in an estimated time of completion at 1 minute and 54 seconds if you press the V key it'll change the verbosity level and you can get more information about the scan now that the scan is over we can see that there are three ports open one port is for connecting using a secure shell and the other two are for connecting to the cyber Shaolin website I have a virtual box running a Linux instance of a machine that has many vulnerabilities I'm gonna run a basic skin ni s capital P purpose and one I too don't want to take the 1.15 for now this nmap scan may take a couple of minutes so I'm just going to cut to whenever it's done whatever the scan is done as you can see from the results of the scan there are many ports that are open and listening which means that you can connect to the target machine using any of these ports some of these protocols running on the ports are insecure for example the File Transfer Protocol or FTP that is used to transfer files since passwords in clear-text that can be sniffed and discovered the Microsoft DES port let me find it right here that runs on port 445 has been known to have many exploitable vulnerabilities there are many database protocols that run as well like my sequel and Postgres sequel that a hacker can connect to a database and if there is no proper security measures in place and then that data can be stolen to get more information about the services we can use the - a flag as demonstrated in rap - bait 192.168.1.1 5/4 now that we know that the skin is actually finished we can figure out more information about each of the vulnerable parts for example we can find out version history and about the vulnerable host itself we can figure out information like the operating system in this case it's a linux box and note that this is a reconnaissance tool but after this the next stage would be to use custom tailored tools to actually exploit vulnerable hosts
Post a Comment