nmap
What is nmap?
- Network scanner
- Used to discover hosts and services
- Sending packets and analyzing responses
[target]
Hostnames: scanme.nmap.org
IP addresses: 192.168.0.1
Networks: 10.0.0-255.1-254 / microsoft.com/24
Host Discovery
List Scan
lists all possible ip addresses and attempts to resolve the name
(not recommended)
$ nmap -sL [target/24]
┌──(kali㉿kali)-[~]
└─$ nmap -sL 10.20.30.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:42 CET
Nmap scan report for 10.20.30.0
Nmap scan report for 10.20.30.1
Nmap scan report for 10.20.30.2
Nmap scan report for 10.20.30.3
Nmap scan report for ubuntu.in-addr.arpa (10.20.30.4)
Nmap scan report for kali.in-addr.arpa (10.20.30.5)
Nmap scan report for 10.20.30.6
Nmap scan report for 10.20.30.7
Nmap scan report for 10.20.30.8
Nmap scan report for 10.20.30.9
Nmap scan report for 10.20.30.10
...
Ping Scan
lists only the available devices
$ nmap -sn [target/24]
┌──(kali㉿kali)-[~]
└─$ nmap -sn 10.20.30.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:47 CET
Nmap scan report for 10.20.30.1
Host is up (0.00033s latency).
Nmap scan report for ubuntu..in-addr.arpa (10.20.30.4)
Host is up (0.00040s latency).
Nmap scan report for kali.in-addr.arpa (10.20.30.5)
Host is up (0.00018s latency).
Nmap done: 256 IP addresses (4 hosts up) scanned in 4.00 seconds
Target Scan
Normal
scans most ports
$ nmap [target]
┌──(kali㉿kali)-[~]
└─$ nmap 10.20.30.4
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:48 CET
Nmap scan report for 10.20.30.4
Host is up (0.00026s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Fast
scans only the most common ports
$ nmap -F [target]
┌──(kali㉿kali)-[~]
└─$ nmap -F 10.20.30.4
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:49 CET
Nmap scan report for 10.20.30.4
Host is up (0.00057s latency).
Not shown: 98 closed tcp ports (conn-refused)
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Full
scans all ports (1-65536)
$ nmap -p- [target]
┌──(kali㉿kali)-[~]
└─$ nmap -p- 10.20.30.4
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:49 CET
Nmap scan report for 10.20.30.4
Host is up (0.00016s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
Detect Operating System
gives information about the operating system
$ nmap -O [target]
┌──(kali㉿kali)-[~]
└─$ sudo nmap -O 10.20.30.4
[sudo] password for kali:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:51 CET
Nmap scan report for 10.20.30.4
Host is up (0.00015s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy
MAC Address: 08:00:27:6C:73:1A (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.6
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.37 seconds
Advanced Detection
gives information about the services that are running
$ nmap -A [target]
┌──(kali㉿kali)-[~]
└─$ nmap -A 10.20.30.4
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-20 21:52 CET
Nmap scan report for 10.20.30.4
Host is up (0.00018s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.52 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.52 (Ubuntu)
8080/tcp open http Apache Tomcat
|_http-title: Apache Tomcat
|_http-open-proxy: Proxy might be redirecting requests
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.49 seconds