Scribd
Upload
25 views12 pages

Ta 3CS

The report details the use of Nmap, an open-source tool for network discovery and security auditing, to find vulnerabilities in the website www.wikipedia.com. It explains various scan types, with a focus on the SYN scan for its stealth and efficiency in identifying open ports. The conclusion emphasizes the importance of ethical considerations and legal compliance when using Nmap for network assessments.

Uploaded by

pr3437563
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views12 pages

Ta 3CS

The report details the use of Nmap, an open-source tool for network discovery and security auditing, to find vulnerabilities in the website www.wikipedia.com. It explains various scan types, with a focus on the SYN scan for its stealth and efficiency in identifying open ports. The conclusion emphasizes the importance of ethical considerations and legal compliance when using Nmap for network assessments.

Uploaded by

pr3437563
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Cyber Security

(PCMC3030T)
TA Activity

ReportOn
“Find Network Vulnerabilities of www.wikipidia .com
website using Nmap”

Submitted By
Priyanka Anil Pandit (232121007)
Pooja Rajput (232121009)

Under the Guidance of


Pro. H.O.Borase

Department of Master of Computer


Application
The Shirpur Education Society’s
R. C. Patel Institute of Technology, Shirpur - 425405.
[2024-25]
Index
1. What is Nmap?
2. Nmap Scan Types
3. Which Scan type used and why
4. Nmap Output

Conclusion
What is Nmap?

Nmap (Network Mapper) is an open-source tool designed for network


discovery and security auditing. It allows users to discover hosts and services
on a computer network by sending packets and analyzing the responses.
Nmap is widely used for various tasks, including:

• Network inventory
• Managing service upgrade schedules
• Monitoring host or service uptime
• Security auditing and vulnerability assessment

Nmap Scan Types

Nmap offers various scan types, each serving different purposes. Some
common scan types include:

1. TCP Connect Scan (-sT): This is a straightforward method that


completes the TCP handshake. It’s easy to detect and can be blocked by
firewalls.
2. SYN Scan (-sS): This stealth scan sends SYN packets and analyzes
the response without completing the handshake. It’s faster and less
detectable.
3. UDP Scan (-sU): This scan probes for open UDP ports, which can be
challenging due to the nature of UDP.
4. ACK Scan (-sA): Used to map out firewall rules and determine which
ports are filtered.
5. Null Scan (-sN): Sends packets with no flags set, useful for evading
some intrusion detection systems.
6. FIN Scan (-sF): Sends FIN packets to identify open ports, often
bypassing firewalls.
7. Xmas Scan (-sX): Sends packets with the FIN, URG, and PUSH flags
set, used to probe for open ports.

Which Scan Type to Use and Why

For assessing a website like www.wikipedia.com, a SYN Scan (-sS) would


be ideal for the following reasons:

• Stealth: It’s less likely to trigger security alerts compared to a TCP


Connect Scan.
• Speed: SYN scans are generally faster because they don't establish a
full connection.
• Effectiveness: It’s effective for identifying open TCP ports, which can
help in assessing service exposure.

Nmap Output:-
Starting Nmap 7.95 ( https://nmap.org ) at 2024-09-23 17:10 India Standard

Time NSE: Loaded 157 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 17:10

Completed NSE at 17:10, 0.00s elapsed

Initiating NSE at 17:10

Completed NSE at 17:10, 0.00s elapsed

Initiating NSE at 17:10

Completed NSE at 17:10, 0.00s elapsed

Initiating Ping Scan at 17:10

Scanning www.wikipidia.com (103.102.166.226) [4 ports]

Completed Ping Scan at 17:10, 0.11s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 17:10

Completed Parallel DNS resolution of 1 host. at 17:10, 0.09s elapsed


Initiating SYN Stealth Scan at 17:10

Scanning www.wikipidia.com (103.102.166.226) [1000 ports]

Discovered open port 80/tcp on 103.102.166.226

Discovered open port 443/tcp on 103.102.166.226

Discovered open port 2000/tcp on 103.102.166.226

Discovered open port 8010/tcp on 103.102.166.226

Discovered open port 5060/tcp on 103.102.166.226

Completed SYN Stealth Scan at 17:10, 2.50s elapsed (1000 total ports)

Initiating Service scan at 17:10

Scanning 5 services on www.wikipidia.com (103.102.166.226)

Completed Service scan at 17:10, 17.25s elapsed (5 services on 1 host)

Initiating OS detection (try #1) against www.wikipidia.com (103.102.166.226)

Retrying OS detection (try #2) against www.wikipidia.com (103.102.166.226)

Initiating Traceroute at 17:10

Completed Traceroute at 17:10, 3.03s elapsed

Initiating Parallel DNS resolution of 4 hosts. at 17:10

Completed Parallel DNS resolution of 4 hosts. at 17:10, 5.78s

elapsed NSE: Script scanning 103.102.166.226.

Initiating NSE at 17:10

Completed NSE at 17:10, 15.28s elapsed

Initiating NSE at 17:10

Completed NSE at 17:10, 1.77s elapsed

Initiating NSE at 17:10

Completed NSE at 17:10, 0.01s elapsed


Nmap scan report for www.wikipidia.com

(103.102.166.226) Host is up (0.077s latency).

rDNS record for 103.102.166.226: ncredir-lb.eqsin.wikimedia.org

Not shown: 989 closed tcp ports (reset)

PORT STATE SERVICE VERSION

22/tcp filtered ssh

25/tcp filtered smtp

80/tcp open http nginx 1.22.1

|_http-server-header: nginx/1.22.1

|_http-title: Web Filter Violation

179/tcp filtered bgp

443/tcp open ssl/http nginx 1.22.1

| ssl-cert: Subject: commonName=wikipedia.com

| Subject Alternative Name: DNS:*.en-wp.com, DNS:*.en-wp.org,


DNS:*.mediawiki.com,
DNS:*.voyagewiki.com, DNS:*.voyagewiki.org, DNS:*.wiikipedia.com,
DNS:*.wikibook.com, DNS:*.wikibooks.com, DNS:*.wikiepdia.com,
DNS:*.wikiepdia.org, DNS:*.wikiipedia.org, DNS:*.wikijunior.com,
DNS:*.wikijunior.net, DNS:*.wikijunior.org, DNS:*.wikipedia.com, DNS:en-wp.com,
DNS:en-wp.org, DNS:mediawiki.com, DNS:voyagewiki.com, DNS:voyagewiki.org,
DNS:wiikipedia.com, DNS:wikibook.com, DNS:wikibooks.com,
DNS:wikiepdia.com,
DNS:wikiepdia.org, DNS:wikiipedia.org, DNS:wikijunior.com, DNS:wikijunior.net,
DNS:wikijunior.org, DNS:wikipedia.com

| Issuer: commonName=E5/organizationName=Let's Encrypt/countryName=US

| Public Key type: ec

| Public Key bits: 256

| Signature Algorithm: ecdsa-with-SHA384

| Not valid before: 2024-09-01T23:21:49


| Not valid after: 2024-11-30T23:21:48

| MD5: a97a:d532:433e:5aaa:863a:b7a4:d6ca:4eb1

|_SHA-1: e943:22a6:6b31:3e58:5bf9:ab97:3b46:a88b:a3b8:599b

|_http-server-header: nginx/1.22.1

|_ssl-date: TLS randomness does not represent time

|_http-title: Did not follow redirect to

https://www.wikimedia.org | http-methods:

|_ Supported Methods: GET HEAD

2000/tcp open tcpwrapped

5060/tcp open tcpwrapped

5666/tcp filtered nrpe

8010/tcp open ssl/http-proxy FortiGuard Web Filtering

|_ssl-date: 2024-09-23T11:40:53+00:00; 0s from scanner time.

| ssl-cert: Subject: commonName=www.wikipidia.com

| Subject Alternative Name: DNS:www.wikipidia.com

| Issuer:
commonName=FG4H0FT923904402/organizationName=Fortinet/stateOrProvinceNa
me =California/countryName=US

| Public Key type: ec

| Public Key bits: 256

| Signature Algorithm: sha256WithRSAEncryption

| Not valid before: 2024-03-21T09:26:43

| Not valid after: 2026-06-24T09:26:43

| MD5: 82aa:2d10:d7cb:e6bb:cd40:0295:8ba4:5181

|_SHA-1: 6a91:de09:d965:03cf:9b27:db98:e32a:f482:275d:0d19
|_http-title: Web Filter Block

Override | http-methods:

|_ Supported Methods: GET HEAD POST OPTIONS |_sstp-

discover: SSTP is supported.

9090/tcp filtered zeus-admin

9100/tcp filtered jetdirect

Aggressive OS guesses: Linux 4.19 (90%), Linux 3.2 - 3.8 (88%), Linux 4.15 (87%),
Linux
4.19 - 5.15 (87%), Android TV OS 11 (Linux 4.19) (86%), IPFire 2.25 firewall (Linux
4.14) (86%), IPFire 2.27 (Linux 5.15 - 6.1) (86%), Linux 2.6.32 (86%), Linux 2.6.32
or
3.10 (86%), Linux 3.4 (86%)

No exact OS matches for host (test conditions non-ideal).

Uptime guess: 38.033 days (since Fri Aug 16 16:23:39 2024)

Network Distance: 10 hops

TCP Sequence Prediction: Difficulty=256 (Good luck!)

IP ID Sequence Generation: All zeros

TRACEROUTE (using port 3306/tcp)

HOP RTT ADDRESS

1 0.00 ms 192.168.0.11

2 ... 3

4 44.00 ms 172.31.180.57

5 ... 7

8 76.00 ms if-ae-24-2.thar1.40b-singapore.as6453.net (180.87.164.16)

9 69.00 ms 180.87.164.62

10 77.00 ms ncredir-lb.eqsin.wikimedia.org (103.102.166.226)


NSE: Script Post-scanning.

Initiating NSE at 17:10

Completed NSE at 17:10, 0.00s elapsed

Initiating NSE at 17:10

Completed NSE at 17:10, 0.00s elapsed

Initiating NSE at 17:10

Completed NSE at 17:10, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at


https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 54.37 seconds

Raw packets sent: 1101 (52.032KB) | Rcvd: 1056 (43.640KB)


• Port / Host

• Topology
• Host Details
Conclusion

Nmap is a powerful tool for network discovery and security assessment,


providing essential insights into the availability of services and potential
vulnerabilities in systems. By utilizing different scan types, such as SYN
scans, users can conduct stealthy and efficient assessments of networked
devices.

In the context of a well-known website like www.wikipedia.com, using a


SYN scan can help identify open ports and running services while
minimizing the risk of detection. However, it is crucial to emphasize the
importance of ethical considerations and legal compliance when using Nmap.
Unauthorized scanning can lead to serious legal consequences. Always
ensure you have explicit permission before performing any scans on external
networks or systems.

You might also like