Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.
Nmap is ...
Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities
About EBook:
Introduction....................................................................................... 15
Section 1: Installing Nmap .................................................................. 19
Section 2: Basic Scanning Techniques .................................................. 33
Section 3: Discovery Options .............................................................. 45
Section 4: Advanced Scanning Options ................................................ 65
Section 5: Port Scanning Options ........................................................ 79
Section 6: Operating System and Service Detection ............................. 89
Section 7: Timing Options .................................................................. 97
Section 8: Evading Firewalls .............................................................. 115
Section 9: Output Options ................................................................ 127
Section 10: Troubleshooting and Debugging ...................................... 135
Section 11: Zenmap .......................................................................... 147
Section 12: Nmap Scripting Engine (NSE)........................................... 161
Section 13: Ndiff .............................................................................. 171
Section 14: Tips and Tricks ................................................................ 177
Appendix A - Nmap Cheat Sheet ....................................................... 187
Appendix B - Nmap Port States ......................................................... 191
Appendix C - CIDR Cross Reference ................................................... 193
Appendix D - Common TCP/IP Ports .................................................. 195
6
7
Table of Contents
Introduction....................................................................................... 15
Conventions Used In This Book ............................................................. 18
Section 1: Installing Nmap .................................................................. 19
Installation Overview ............................................................................ 20
Installing Nmap on Windows ................................................................ 21
Installing Nmap on Unix and Linux systems .......................................... 25
Installing Precompiled Packages for Linux ........................................ 25
Compiling Nmap from Source for Unix and Linux ............................ 26
Installing Nmap on Mac OS X ................................................................ 29
Section 2: Basic Scanning Techniques .................................................. 33
Basic Scanning Overview ....................................................................... 34
Scan a Single Target............................................................................... 35
Scan Multiple Targets ............................................................................ 36
Scan a Range of IP Addresses ................................................................ 37
Scan an Entire Subnet ........................................................................... 38
Scan a List of Targets ............................................................................. 39
Scan Random Targets ............................................................................ 40
Exclude Targets from a Scan.................................................................. 41
Exclude Targets Using a List .................................................................. 42
Perform an Aggressive Scan .................................................................. 43
Scan an IPv6 Target ............................................................................... 44
Section 3: Discovery Options .............................................................. 45
Discovery Options Overview ................................................................. 46
Don’t Ping ............................................................................................. 47
Ping Only Scan ....................................................................................... 48
TCP SYN Ping ......................................................................................... 49
TCP ACK Ping ......................................................................................... 50
UDP Ping ............................................................................................... 51
SCTP INIT Ping ....................................................................................... 52
8
ICMP Echo Ping ..................................................................................... 53
ICMP Timestamp Ping .......................................................................... 54
ICMP Address Mask Ping ...................................................................... 55
IP Protocol Ping .................................................................................... 56
ARP Ping ............................................................................................... 57
Traceroute ............................................................................................ 58
Force Reverse DNS Resolution.............................................................. 59
Disable Reverse DNS Resolution ........................................................... 60
Alternative DNS Lookup Method.......................................................... 61
Manually Specify DNS Server(s) ........................................................... 62
Create a Host List .................................................................................. 63
Section 4: Advanced Scanning Options ................................................ 65
Advanced Scanning Functions Overview .............................................. 66
TCP SYN Scan ........................................................................................ 67
TCP Connect Scan ................................................................................. 68
UDP Scan .............................................................................................. 69
TCP NULL Scan ...................................................................................... 70
TCP FIN Scan ......................................................................................... 71
Xmas Scan ............................................................................................. 72
Custom TCP Scan .................................................................................. 73
TCP ACK Scan ........................................................................................ 74
IP Protocol Scan .................................................................................... 75
Send Raw Ethernet Packets .................................................................. 76
Send IP Packets ..................................................................................... 77
Section 5: Port Scanning Options ........................................................ 79
Port Scanning Options Overview .......................................................... 80
Perform a Fast Scan .............................................................................. 81
Scan Specific Ports ................................................................................ 82
Scan Ports by Name .............................................................................. 83
Scan Ports by Protocol .......................................................................... 84
9
Scan All Ports......................................................................................... 85
Scan Top Ports ....................................................................................... 86
Perform a Sequential Port Scan ............................................................ 87
Section 6: Operating System and Service Detection ............................. 89
Version Detection Overview ................................................................. 90
Operating System Detection ................................................................. 91
Submitting TCP/IP Fingerprints ............................................................. 92
Attempt to Guess an Unknown Operating System ............................... 93
Service Version Detection ..................................................................... 94
Troubleshooting Version Scans ............................................................. 95
Perform an RPC Scan ............................................................................. 96
Section 7: Timing Options .................................................................. 97
Timing Options Overview ..................................................................... 98
Timing Parameters ................................................................................ 99
Timing Templates ................................................................................ 100
Minimum Number of Parallel Operations........................................... 101
Maximum Number of Parallel Operations .......................................... 102
Minimum Host Group Size .................................................................. 103
Maximum Host Group Size ................................................................. 104
Initial RTT Timeout ............................................................................. 105
Maximum RTT Timeout ...................................................................... 106
Maximum Retries ................................................................................ 107
Set the Packet TTL ............................................................................... 108
Host Timeout ...................................................................................... 109
Minimum Scan Delay .......................................................................... 110
Maximum Scan Delay .......................................................................... 111
Minimum Packet Rate ......................................................................... 112
Maximum Packet Rate ........................................................................ 113
Defeat Reset Rate Limits ..................................................................... 114
10
Section 8: Evading Firewalls .............................................................. 115
Firewall Evasion Techniques Overview ............................................... 116
Fragment Packets ............................................................................... 117
Specify a Specific MTU ....................................................................... 118
Use a Decoy ........................................................................................ 119
Idle Zombie Scan ................................................................................ 120
Manually Specify a Source Port Number ............................................ 121
Append Random Data ........................................................................ 122
Randomize Target Scan Order ............................................................ 123
Spoof MAC Address ............................................................................ 124
Send Bad Checksums .......................................................................... 125
Section 9: Output Options ................................................................ 127
Output Options Overview .................................................................. 128
Save Output to a Text File................................................................... 129
Save Output to a XML File .................................................................. 130
Grepable Output ................................................................................ 131
Output All Supported File Types......................................................... 132
Display Scan Statistics ......................................................................... 133
133t Output ........................................................................................ 134
Section 10: Troubleshooting and Debugging ...................................... 135
Troubleshooting and Debugging Overview ........................................ 136
Getting Help ....................................................................................... 137
Display Nmap Version ......................................................................... 138
Verbose Output .................................................................................. 139
Debugging .......................................................................................... 140
Display Port State Reason Codes ........................................................ 141
Only Display Open Ports ..................................................................... 142
Trace Packets ...................................................................................... 143
Display Host Networking Configuration ............................................. 144
Specify Which Network Interface to Use ........................................... 145
11
Section 11: Zenmap .......................................................................... 147
Zenmap Overview ............................................................................... 148
Launching Zenmap .............................................................................. 149
Basic Zenmap Operations ................................................................... 150
Zenmap Results ................................................................................... 151
Scanning Profiles ................................................................................. 152
Profile Editor ....................................................................................... 153
Viewing Open Ports ............................................................................ 154
Viewing a Network Map ..................................................................... 155
Saving Network Maps ......................................................................... 156
Viewing Host Details ........................................................................... 157
Viewing Scan History .......................................................................... 158
Comparing Scan Results ...................................................................... 159
Saving Scans ........................................................................................ 160
Section 12: Nmap Scripting Engine (NSE)........................................... 161
Nmap Scripting Engine Overview........................................................ 162
Execute Individual Scripts ................................................................... 163
Execute Multiple Scripts ..................................................................... 164
Script Categories ................................................................................. 165
Execute Scripts by Category ................................................................ 166
Execute Multiple Script Categories ..................................................... 167
Troubleshoot Scripts ........................................................................... 168
Update the Script Database ................................................................ 169
Section 13: Ndiff .............................................................................. 171
Ndiff Overview .................................................................................... 172
Scan Comparison Using Ndiff .............................................................. 173
Ndiff Verbose Mode ............................................................................ 174
XML Output Mode .............................................................................. 175
Section 14: Tips and Tricks ................................................................ 177
Tips and Tricks Overview .................................................................... 178
12
Combine Multiple Options ................................................................. 179
Scan Using Interactive Mode .............................................................. 180
Runtime Interaction ........................................................................... 181
Remotely Scan Your Network ............................................................. 182
Wireshark ........................................................................................... 183
Scanme.Insecure.org .......................................................................... 184
Nmap Online Resources ..................................................................... 185
Appendix A - Nmap Cheat Sheet ....................................................... 187
Appendix B - Nmap Port States ......................................................... 191
Appendix C - CIDR Cross Reference ................................................... 193
Appendix D - Common TCP/IP Ports .................................................. 195
Share This Post »»
|
|
|
Tweet |
0 comments :
Post a Comment