Site menu
Login form
Our poll
Rate my site
Результаты | Архив опросов
Всего ответов: 8
Site friends
  • Create a free website
    • Statistics
    Онлайн всего: 3
    Гостей: 3
    Пользователей: 0
    Main » 2011 » Март » 16 » Nmap Home use
    11:44
    Nmap Home use

    Do you ever wonder where the attacker knows which ports are open in the system? Or how do you know what applications are running on the server, without asking about it admin? You can do all this and more together with a small tool called Nmap.


    What is Nmap? Title Nmap is an abbreviation for "network mapper", he nmap is a set of tools for network scanning. It can be used for security checks, merely to determine the services running on the node to identify the OS and applications, determining the type of firewall being used on the scanned host.
    Nmap is a well known tool. As soon as you learn more about Nmap, you will realize that he does in episodes of such films as The Matrix Reloaded, The Bourne Ultimatum, Hottabych, and others.
    This tutorial will describe the basics of using Nmap and give some examples that you can use.

    Where to get Nmap?

    If you use Linux, you can find packages Nmap in the repositories for most distributions. The latest release of Nmap was released in early 2010, so the most current version can not be in the current stable branch. Find the source and some binaries available at the download page.There is and windows version.

    The basics of using Nmap.

    Nmap following syntax:

    nmap Optsii_skanirovaniya Tsel_skanirovaniya.

    Suppose you want to scan a site and find out what operating system it is running. To do this, follow these steps:

    nmap-O target.host.com

    Note that Nmap requires root privileges to run this type of scan. The scanning process may take a minute, so be patient. When the process is finished you will see something like this:

    Starting Nmap 5.21 (nmap.org) at 2010-02-27 23:52 EST
    Nmap scan report for 10.0.0.1
    Host is up (0.0015s latency).
    Not shown: 997 closed ports
    PORT STATE SERVICE
    53/tcp open domain
    5009/tcp open airport-admin
    10000/tcp open snet-sensor-mgmt
    MAC Address: 00:11:24:6 B: 43: E2 (Apple Computer)
    Device type: WAP | printer
    Running: Apple embedded, Canon embedded, Kyocera embedded, Xerox embedded
    OS details: VxWorks: Apple AirPort Extreme v5.7 or AirPort Express v6.3; Canon imageRUNNER printer (5055, C3045, C3380, or C5185); Kyocera FS-4020DN printer; or Xerox Phaser 8860MFP printer
    Network Distance: 1 hop


    As you can see Nmap offers a wealth of information. Here he displays an assumption about the operating system, which was launched on the site. In this case, to scan a router Apple Airport Extrime. As an added bonus Nmap reported that the device at a distance of one jump, as well as the MAC address of the device and the manufacturer of the NIC ports are open and how much time you scan.
    Here are the results of another scan your home PC running Ubuntu 9.10:

    Starting Nmap 5.21 (nmap.org) at 2010-02-28 00:00 EST
    Nmap scan report for 10.0.0.6
    Host is up (0.0039s latency).
    Not shown: 999 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    MAC Address: 00:17:08:2 A: D6: F0 (Hewlett Packard)
    Device type: general purpose
    Running: Linux 2.6.X
    OS details: Linux 2.6.19 - 2.6.31
    Network Distance: 1 hop

    OS detection performed. Please report any incorrect results at nmap.org / submit /.
    Nmap done: 1 IP address (1 host up) scanned in 3.40 seconds


    Here we see that the system has a network card HP, Linux running between 2.6.19 and 2.6.31. By the way, you can not clearly identify the distribution, only the version of Linux kernel.

    Scan foreign sites.


    In the examples above were selected for scanning the local router and one of the workstations, because we have the right to scan them. However, it would be a bad idea to run multiple scans of another site, if you do not control or do not have permission to scan. For the experiments, Nmap is a public test server scanme.nmap.org that you can use.
    Many administrators do not like unauthorized scanning of their servers, so the best option would be to limit scanning hosts on your LAN or those for which you have the right to scan. Also, in some cases, you can break the contract with your provider, with some particularly aggressive scanning of Nmap, so be careful.

    Scan multiple nodes.


    You can scan more than one node at a time, using nmap. If you are scanning by IP-address you can specify a range 10.0.0.1-6 or 10.0.0.0/24.Используя 10.0.0.1-6 range will be scanned nodes from 10.0.0.1 to 10.0.0.6. Using the definition of / 24 will scan the entire range of nodes from 10.0.0.0 to 10.0.0.255. For example, if you want to scan the nodes from 10.0.0.1 to 10.0.0.42 and find out what OS is probably running, use:

    nmap-O 10.0.0.1-42

    If you have a list of domain names instead of IP addresses You can separate them from the command line like so:

    nmap-O host1.target.com host2.target.com

    Check open ports


    If you run nmap without any options and indicate which the node, it will scan the ports and shows all found the open ports and services running on them. For example, run:
    nmap target.hostname.com
    then he should give something like this:

    Interesting ports on target.hostname.com (10.0.0.88):
    Not shown: 1711 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    80/tcp open http
    3306/tcp open mysql

    Nmap done: 1 IP address (1 host up) scanned in 0.228 seconds


    Nmap will give more information if you use the option-v (verbose).

    Scan running services


    If you want to know what service is running perhaps try option-sV. This option will produce a more aggressive scanning and try to find out what version of services running on the site, and may also help to define more precisely what OS is running. For example, run the nmap-sV on a test server and get the following response:

    Starting Nmap 5.21 (nmap.org) at 2010-02-28 00:15 EST
    Nmap scan report for test.host.net ( XX.XXX.XXX.XX)
    Host is up (0.090s latency).
    Not shown: 965 closed ports, 33 filtered ports
    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
    80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
    Service Info: OS: Linux

    Service detection performed. Please report any incorrect results at nmap.org / submit /.
    Nmap done: 1 IP address (1 host up) scanned in 11.43 seconds


    As you can see, Nmap can analyze the packets and determine which version of the running applications on the SSH and HTTP ports. Here you can see that the respondents system is Ubuntu, Apache 2.2.8 and OpenSSH 4.7p1. This information can be useful for several reasons. Nmap scans can identify the system running outdated services that may be vulnerable to known exploits.

    Who in my network?


    Not sure how many online sites are in your network? Try to use nmap-sP ping scan which will launch this network. For example, nmap-sP 10.0.0.0/24 scans 256 nodes from 10.0.0.0 to 10.0.0.255 will check whether they are available and report about it. You can also use a range, for example:

    nmap-sP 10.0.0.1-15

    Zenmap


    Finally, if all these pleasures command line is not for you, nmap has a GUI that you can use to build and execute commands. Called Zenmap. He will choose a goal, run a scan, display results and save them and compare with others.
    GUI Zenmap is a good way to get acquainted with Nmap, but it's better to know how to use Nmap command line, if you want to work with him often.
    In the future, guide us more deeply acquainted with Nmap and the specific tasks that you can solve.

    This post is a free translation of the article Beginner's Guide to Nmap. Thank you for your attention.
    Views: 449 | Added by: w1zard | Rating: 0.0/0
    Total comments: 0
    Имя *:
    Email *:
    Код *: