Format: PDF / Kindle (mobi) / ePub
Harness the power of Nmap, the most versatile network port scanner on the planet, to secure large scale networks
About This Book
- Get acquainted with the intricacies of Nmap's powerful software suite
- Set up and configure NMAP for different network specifications effectively
- Secure and troubleshoot large scale networks using the powerful features of NMAP with this easy-to-follow guide
Who This Book Is For
This book is for beginners who wish to start using Nmap, who have experience as a system administrator or of network engineering, and who wish to get started with Nmap.
What You Will Learn
- Learn about the inner workings of networks and the importance of ports
- Run a basic or default scan to detect services using Nmap
- Run an advanced scan with Nmap to designate different types of scans
- Deal with slow or sluggish networks to optimize timing, parallelism, and so on in order to complete scans efficiently
- Understand the internal workings of the Nmap scripting engine to find and run specific Nmap scripts
- Create and run a basic Nmap script in Lua by learning Lua basics, Nmap scripting, and Nmap script submission
- Crack passwords with Ncrack, map networks with Nping, and communicate over the network with Ncat
Nmap is an extremely powerful network port scanner used to identify hosts on a network. Nmap is free, flexible, powerful, and easy to implement, which makes it a very convenient utility.
This book demonstrates how to run basic and advanced scans, optimizing them to perform well in a variety of environments. Starting with an overview of Nmap, the reader will be guided through installation on popular operating systems. The book then explains how to use Nmap to run basic and advanced scans in addition to using the Nmap Scripting Engine (NSE). All this helps with optimizing Nmap performance in a variety of environments, eventually enabling the reader to integrate with other Nmap tools such as Nessus, Nikto, Burp Suite, and NSE versus NASL scanning.
By the end of the book, the reader will have gained essential insights into network security analysis.
(so the full scan finishes quickly). Nmap starts host groups as low as 4 or 5, and increases them to as high as 1024—all automatically. If you're looking for fine-tuned control, however, there are two host group flags you should keep in mind: --min-hostgroup and --max-hostgroup. If you're planning to scan a full class C network, for example, specifying a group size of 256 would finish this run-through in one large, parallel pass—greatly increasing the efficiency of the scanning engine. It's
basic functionality: As seen in the preceding screenshot, establishing a shell connection via Ncat is very simple. We used ncat -l -e /bin/bash to listen on the default, and executed /bin/bash (our shell) when a client connected. It's worth noting that in this form, the backdoor is not persistent—meaning that it will not stay listening after the client has disconnected. The following screenshot demonstrates the ability to run Linux commands on a remote system through Ncat: In order to
(that is frequently updated) can do much of that work. Although Nessus was originally started (in 1998) as a free security scanner, it has since then been closed off to the public due to Tenable (the company Nessus' creator founded) selling the licenses instead. While many security companies pay for these licenses, you can try out a fork of the Nessus project (OpenVAS) for free. Using Nessus is fairly straightforward. Although many security tools run on the command line (including some that
The inner working of the NSE Nmap Scripting Engine Documentation (NSEDoc) / Finding Nmap scripts Nmap Scripting Engine Documentation (NSEDoc) portal / Triggering functions – the rule Nmap script repositoryreference / Finding Nmap scripts Nmap scriptsfinding / Finding Nmap scripts auth / Finding Nmap scripts broadcast / Finding Nmap scripts brute / Finding Nmap scripts default / Finding Nmap scripts discovery / Finding Nmap scripts Denial of Service (DoS) / Finding Nmap scripts
are TCP-based, but it's certainly possible to use Nmap to scan UDP services as well (using the -sU flag). UDP does not receive a reply upon successful transmission of a packet, though; so it can be very time-consuming to find out if a service is actually listening on a given UDP port, or simply not replying at all. Service banners Now that we understand the very basics of how networks, ports, TCP, and UDP work, we can start to learn the intricacies of Nmap—a powerful tool that leverages