Scribd
Upload
7 views8 pages

Pen Et Eration Lab

The document provides an overview of various Nmap commands for penetration testing and vulnerability analysis, including basic scans, ping scans, and scanning specific ports or IP ranges. It also discusses advanced features like saving scan results, disabling DNS resolution, and detecting service versions. The information is aimed at helping users effectively utilize Nmap for network reconnaissance and security assessments.

Uploaded by

maujkick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views8 pages

Pen Et Eration Lab

The document provides an overview of various Nmap commands for penetration testing and vulnerability analysis, including basic scans, ping scans, and scanning specific ports or IP ranges. It also discusses advanced features like saving scan results, disabling DNS resolution, and detecting service versions. The information is aimed at helping users effectively utilize Nmap for network reconnaissance and security assessments.

Uploaded by

maujkick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Penetration Testing and Vulnerability

Analysis

LAB ASSESSMENT 5

Name - Anurag

Reg No. – 21BCI0188

Faculty - Dr. SIVA SHANMUGAM G

Slot – L33+34
Basic Scan of a Single IP/Hostname
nmap 1.1.1.1
This command initiates a basic scan of the specified IP address or hostname. Nmap will
attempt to identify open ports, running services, and the state of the system. The default scan
uses TCP SYN packets to probe ports (often called a half-open scan because it doesn't
complete the TCP handshake). This method is faster and less intrusive than a full TCP
connection scan. Hostnames can be used instead of IP addresses, and Nmap will resolve them
via DNS.

Nmap Ping Scan


nmap -sp 192.168.5.0/24: A ping scan is used to discover hosts in a network without actually
scanning the ports on them. Nmap sends ICMP echo requests to determine if the hosts are up.
This is a quick way to map out live hosts in a subnet (like 192.168.5.0/24 covers all hosts
from 192.168.5.1 to 192.168.5.254). However, many firewalls block ICMP packets, making
this method unreliable for scanning over the internet.
Scanning Specific Ports or All Ports on a Localhost
nmap -p 1-65535 localhost: This command performs a comprehensive scan by scanning all
possible 65,535 TCP ports on the local machine. While scanning all ports can give a complete
picture of the target's services, it can be slow. Scanning specific ports, like nmap -p 80,443
8.8.8.8, focuses on individual ports, improving the speed and utility of the scan. For example,
ports 80 and 443 are common web service ports (HTTP and HTTPS).

Scanning Multiple IP Addresses


nmap 1.1.1.1 8.8.8.8 or nmap 1.1.1.1,2,3,4: Nmap allows scanning multiple targets in a
single command. You can list multiple IP addresses or define consecutive ranges like nmap
1.1.1.1,2,3,4 to scan adjacent IPs. This is useful for efficiently discovering open ports and
services across different servers in one sweep.
Scanning IP Ranges

nmap 8.8.8.0/28 or nmap 8.8.8.1-14: With IP range scans, you can target entire subnets or
specific ranges of IP addresses. The CIDR notation (8.8.8.0/28) indicates that you want to
scan the first 14 IP addresses in that subnet (8.8.8.1 to 8.8.8.14). Alternatively, you can use a
range like 8.8.8.1-14. Scanning large ranges helps in network-wide reconnaissance, though it
may take longer and generate more traffic.
Scanning the Most Popular Ports
This option allows you to scan only the top X most commonly used ports. For example,
using --top-ports 20 scans the 20 most frequently used ports on a host, such as HTTP (80),
HTTPS (443), FTP (21), and SSH (22). This approach speeds up scans by focusing on the
ports that are most likely to be open, while ignoring rarely used ports.

Saving Nmap Scan Results


nmap -oN output.txt or nmap -oX output.xml: This feature allows users to save the output
of their scans to a file for future reference or analysis. The -oN option saves in a normal
human-readable format, while -oX saves in XML format, which can be parsed by other tools
for automated processing. This is crucial for documenting results or feeding them into other
tools for further analysis or reporting.

Disabling DNS Name Resolution


nmap -n 8.8.8.8: By default, Nmap tries to resolve hostnames from IP addresses. Adding the
-n option disables DNS resolution, speeding up the scan. For instance, scanning 8.8.8.8
without resolving its hostname avoids delays caused by waiting for DNS queries. This is
particularly useful when scanning large numbers of IPs where DNS lookups could slow
things down.
Scanning with OS and Service Detection

nmap -A -: This enables advanced OS detection, version detection, script scanning, and
traceroute while using the -T4 flag for faster scanning. Nmap will analyze the target's
responses to identify the underlying operating system and version, as well as the versions of
any running services. The -T4 flag adjusts timing to balance speed with accuracy, making it
suitable for internet scans without overwhelming the network.
Detecting Service/Daemon Versions

nmap -sV localhost: Service version detection (-sV) probes open ports to determine what
service is running and its version. This is crucial for vulnerability assessments, as specific
service versions may have known security vulnerabilities. For instance, it might reveal that
port 80 is running an old version of Apache HTTP Server.
TCP vs. UDP Scanning
nmap -sT 192.168.1.1 or nmap -sU localhost: Nmap supports scanning of both TCP and
UDP protocols. TCP scans (-sT) are more reliable because of the three-way handshake
process but can be easier to detect by firewalls. UDP scans (-sU) are trickier because they
rely on ICMP responses, and many services do not respond to closed ports. UDP is
commonly used for services like DNS and DHCP, so a UDP scan can uncover services that
may not be detected by a TCP-only scan.

You might also like