Wednesday, October 14, 2020

Host Information Gathering(Nmap)

Network Mapper

Nmap is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.

Software Installation

NMAP is open-source software and you can easy to download and easy to install.

Note : WinPcap require for installation. WinPcap has been recognized as the industry-standard tool for link-layer network access in Windows environments, allowing applications to capture and transmit network packets bypassing the protocol stack, and including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Type of Access in NMAP

There are two type of access in NMAP .

1) GUI Access of  Nmap

2) CLI Access of  Nmap

GUI Access of NMAP


CLI Access of NMAP

1. Scan a System with Hostname and IP Address- The Nmap tool offers various methods to scan a system.

A: Scan using Hostname

[root@uconfigit ~]# nmap google.com

B: Scan using IP Address

[root@uconfigit ~]# nmap 192.168.0.101

2. Scan using “-v” option- “-v” option is giving more detailed information about the remote machine.

[root@uconfigit ~]# nmap -v google.com

3. Scan Multiple Hosts- You can scan multiple hosts by simply writing their IP addresses or hostnames with Nmap.

[root@uconfigit ~]# nmap 192.168.0.1 192.168.0.2 192.168.0.3

4. Scan a whole Subnet- You can scan a whole subnet or IP range with Nmap by providing * wildcard with it.

[root@uconfigit ~]# nmap 192.168.0.*

5. Scan Multiple Servers using last octet of IP address- You can perform scans on multiple IP address by simple specifying last octet of IP address. For example, here I performing a scan on IP addresses 192.168.0.101, 192.168.0.102 and 192.168.0.103.

[root@uconfigit ~]# nmap 192.168.0.101,102,103

6. Scan list of Hosts from a File- Create a text file called “nmaptest.txt” and define all the IP addresses or hostname of the server that you want to do a scan.

[root@uconfigit ~]# cat > nmap.txt

192.168.0.1

192.168.0.2

192.168.0.3

192.168.0.4

192.168.0.5

192.168.0.6

192.168.0.7

192.168.0.8

192.168.0.9

192.168.0.10

[root@uconfigit ~]# nmap -iL nmaptest.txt

7. Scan an IP Address Range- You can specify an IP range while performing scan with Nmap.

[root@uconfigit ~]# nmap 192.168.0.1-100

8. Scan Network Excluding Remote Hosts- You can exclude some hosts while performing a full network scan or when you are scanning with wildcards with “–exclude” option.

[root@uconfigit ~]# nmap 192.168.0.* --exclude 192.168.0.10

9. Scan OS information and Traceroute- To enable OS & version detection, script scanning and traceroute, we can use “-A” option with NMAP.

[root@uconfigit ~]# nmap -A 192.168.0.1

10. Enable OS Detection with Nmap- Use the option “-O” and “-osscan-guess” also helps to discover OS information.

[root@uconfigit ~]# nmap -O google.com

11. Scan a Host to Detect Firewall- The below command will perform a scan on a remote host to detect if any packet filters or Firewall is used by host.

[root@uconfigit ~]# nmap -sA 192.168.0.1

12. Scan a Host to check its protected by Firewall- To scan a host if it is protected by any packet filtering software or Firewalls.

[root@uconfigit ~]# nmap -PN 192.168.0.1

13. Find out Live hosts in a Network- With the help of “-sP” option we can simply check which hosts are live and up in Network, with this option nmap skips port detection and other things.

[root@uconfigit ~]# nmap -sP 192.168.0.*

14. Perform a Fast Scan- You can perform a fast scan with “-F” option to scans for the ports listed in the nmap-services files and leaves all other ports.

[root@uconfigit ~]# nmap -F 192.168.0.1

15. Find Nmap version- You can find out Nmap version you are running on your machine with “-V” option.

[root@uconfigit ~]# nmap -V

16. Scan Ports Consecutively- Use the “-r” flag to don’t randomize.

[root@uconfigit ~]# nmap -r 192.168.0.1

17. Print Host interfaces and Routes- You can find out host interface and route information with nmap by using “–iflist” option.

[root@uconfigit ~]# nmap --iflist

18. Scan for specific Port- There are various options to discover ports on remote machine with Nmap. You can specify the port you want nmap to scan with “-p” option, by default nmap scans only TCP ports.

[root@uconfigit ~]# nmap -p 80 google.com

19. Scan a TCP Port- You can also specify specific port types and numbers with nmap to scan.

[root@uconfigit ~]# nmap -p T:8888,80 google.com

20. Scan a UDP Port

[root@uconfigit ~]# nmap -sU 53 google.com

21. Scan Multiple Ports- You can also scan multiple ports using option “-p“.

[root@uconfigit ~]# nmap -p 80,443 192.168.0.1

22. Scan Ports by Network Range- You can scan ports with ranges using expressions.

[root@uconfigit ~]#  nmap -p 80-160 192.168.0.1

23. Find Host Services version Numbers- We can find out service’s versions which are running on remote hosts with “-sV” option.

[root@uconfigit ~]# nmap -sV 192.168.0.1

24. Scan remote hosts using TCP ACK (PA) and TCP Syn (PS)- Sometimes packet filtering firewalls blocks standard ICMP ping requests, in that case, we can use TCP ACK and TCP Syn methods to scan remote hosts.

[root@uconfigit ~]# nmap -PS 192.168.0.1

25. Scan Remote host for specific ports with TCP ACK

[root@uconfigit ~]# nmap -PA -p 22,80 192.168.0.1

26. Scan Remote host for specific ports with TCP Syn

[root@server1 ~]# nmap -PS -p 22,80 192.168.0.1

27. Perform a stealthy Scan

[root@server1 ~]# nmap -sS 192.168.0.1

28. Check most commonly used Ports with TCP Syn

[root@server1 ~]# nmap -sT 192.168.0.1

29. Perform a tcp null scan to fool a firewall

[root@server1 ~]# nmap -sN 192.168.0.1

Thanks

Himanshu

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)