Scribd
Upload
49 views23 pages

Intro To Cyber Project.

Uploaded by

hackingstudent6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
49 views23 pages

Intro To Cyber Project.

Uploaded by

hackingstudent6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

PROJECT: NMAP

INSTRUCTOR
S I R M O H S I N S A R FA R A Z
CLASS:
B S C Y S E V- 2 3 - B
What is Nmap?

 Nmap is short for Network Mapper. It is an open-source


Linux command-line tool that is used to scan IP addresses
and ports in a network and to detect installed applications.
 Nmap allows network admins to find which devices are
running on their network, discover open ports and services,
and detect vulnerabilities.
 Gordon Lyon (pseudonym Fyodor) wrote Nmap as a tool to
help map an entire network easily and to find its open ports
and services.
 Nmap has become hugely popular, being featured in movies
like The Matrix and the popular series Mr. Robot.
A representative Nmap scan

# nmap -A -T4 scanme.nmap.org

Nmap scan report for scanme.nmap.org (64.13.134.52)


Host is up (0.045s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 1024 60:ac:4d:51:b1:cd:85:09:12:16:92:76:1d:5d:27:6e
(DSA)
|_2048 2c:22:75:60:4b:c3:3b:18:a2:97:2c:96:7e:28:dc:dd (RSA)
25/tcp closed smtp
53/tcp open domain
70/tcp closed gopher
80/tcp open http Apache httpd 2.2.3 ((CentOS) )
|_html-title: Go ahead and ScanMe!
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
113/tcp closed auth
31337/tcp closed Elite
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.31, Linux 2.6.18
Network Distance: 13 hops

TRACEROUTE (using port 80/tcp)


HOP RTT ADDRESS
[Cut first 10 hops for brevity]
11 80.33 ms layer42.car2.sanjose2.level3.net (4.59.4.78)
12 137.52 ms xe6-2.core1.svk.layer42.net (69.36.239.221)
13 44.15 ms scanme.nmap.org (64.13.134.52)

Nmap done: 1 IP address (1 host up) scanned in 22.19 seconds


Nmap Help

 > nmap –h
Commands

 Let's look at some Nmap commands

 Syntax
nmap [Scan Type...] [Options] {target specification}
Basic scans:

 Scanning the list of active devices on a network is the first


step in network mapping. There are two types of scans you
can use for that:

 Ping scan — Scans the list of devices up and running on a


given subnet.
 nmap -sp 192.168.1.1/24

 Scan a single host — Scans a single host for 1000 well-


known ports. These ports are the ones used by popular
services like SQL, SNTP, apache, and others.
 nmap scanme.nmap.org
Example:
Stealth scan

 Stealth scanning is performed by sending an SYN packet and


analyzing the response. If SYN/ACK is received, it means the
port is open, and you can open a TCP connection.
 However, a stealth scan never completes the
3-way handshake, which makes it hard for the target to
determine the scanning system.

 nmap -sS scanme.nmap.org


Version scanning

 nmap -sV scanme.nmap.org


OS Scanning

 In addition to the services and their versions, Nmap can


provide information about the underlying operating system
using TCP/IP fingerprinting. Nmap will also try to find the
system uptime during an OS scan.

 nmap -O scanme.nmap.org
EXAMPLE
Aggressive Scanning

 Nmap has an aggressive mode that enables OS detection,


version detection, script scanning, and trace route. You can
use the -A argument to perform an aggressive scan.

 nmap -A <targt_ip>
EXAMPLE
Port Scanning

 -p <port ranges>: Only scan specified ports


Ex: -p22; -p1-65535;
Verbose Output

 -v: Increase verbosity level (use -vv or more for greater

effect)
Exporting Scan Results

 Penetration testing can last days or even weeks. Exporting


Nmap results can be useful to avoid redundant work and to
help with creating final reports. Let’s look at some ways to
export Nmap scan results.
 Normal output
Nmap scans can also be exported to a text file. It will be slightly
different from the original command line output, but it will
capture all the essential scan results.
 nmap -oN output.txt scanme.nmap.org
 XML output
Nmap scans can also be exported to XML. It is also the
preferred file format of most pen-testing tools, making it easily
parsable when importing scan results.
 nmap -oX output.xml scanme.nmap.org
Nmap Scripting Engine

 Multiple Formats
 You can also export the scan results in all the available
formats at once using the -oA command.
 nmap -oA output scanme.nmap.org

 Nmap Scripting Engine


Nmap Scripting Engine (NSE) is an incredibly powerful tool
that you can use to write scripts and automate numerous
networking features.
You can find plenty of scripts distributed across Nmap, or write
your own script based on your requirements. You can even
modify existing scripts using the Lua programming language
Nmap Scripting Engine
Nmap Scripting Engine

 -sC: equivalent to --script=default


Zenmap

 Zenmap is a graphical user interface for Nmap. It is a free


and open-source software that helps you get up and running
with Nmap.
Conclusion

 Nmap is clearly the “Swiss Army Knife” of networking, thanks


to its inventory of versatile commands.

 It lets you quickly scan and discover essential information


about your network, hosts, ports, firewalls, and operating
systems.

 Nmap has numerous settings, flags, and preferences that


help system administrators analyze a network in detail.
Any Questions?
GROUP DETAILS

Members:
Munawar Massood
Hannan Rasool
Mudassar Iqbal

You might also like