Nmap a Tool to Scan.

The target is located and now comes the next phase in the hunt, to find your weakness, to catch you off guard, and without your knowledge, find your “soft spot”. The lowest fruit in the tree, That’s what the hacker it’s looking for, to be able to penetrate and own the system. What are the possible points of entry and how to prevent this exploits? Knowing your opponent’s tactics will make you invulnerable, port scanning, Nmap and much more.

They do not require much knowledge to understand this fabulous tool that will be very useful to perform scans.

NMAP is a very good tool to scan networks and ports, it was originally created for Linux but today it is already multiplatform, it was written by Gordon Lyon. Later we will encourage the use of this tool will surprise you with everything you can do in a simple way.

As a first step, we must install nmap in Linux Ubuntu with the following command.

sudo apt-get update
sudo apt-get install nmap

This command pings the range of indicated addresses and will result in the IP addresses that are in use.

These are the most basic commands that will help us understand the following examples:

-sT: TCP scan, the most noisy.
-sS: SYNC scanning, it is the quietest and most used.
-sF: FIN scan.
-sP: Ping Scan.
-sU: Displays UDP ports.
-O: Shows Operating System.
-V: Shows all the steps.
-sL: List Scan

Now we start with -sP and observe the results of our laboratory network.

-sP: Ping Polling – Only determines if the target is alive

sudo nmap -sP 172.31.2.0/24

This command shows the devices connected to the network, in the following we see an example of a domestic network.

-sL: List polling – Simply list the objectives to be analyzed

sudo nmap -sL172.31.2.0/24

End of the previous command

The image below shows a real example of a home network and shows all devices connected mostly cell phone.

sudo nmap -sL 192.168.1.0/24

In the next image, we see the results of the command line below and then we write it in a Linux terminal, it shows us the state of the ports in the range of IP addresses indicated.

sudo nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 172.31.2.* | grep open

sudo nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 172.31.2.* | awk '/open/{print $2 " " $3}'

In nmap it is not necessary to choose a range of IP addresses, you can also do to a specific address. Below we have other commands and their results for you to analyze their results.

sudo nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 172.31.2.* | awk '/open/{print $2}' | wc -l

sudo nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 172.31.2.* | awk '/open/{print $2}'

sudo nmap -Pn -sV -T 5 -oG - 172.31.2.* -p 21,22,80,443,1433,3389 | awk '/open/{print $2}' > ~/labnet-ip-list.txt

cat labnet-ip-list.txt

nmap is a potent tool that every pentester must know 100%. That’s why we invite you to do more tests in our lab, something beneficial would be to export a list.txt of the hosts that are found in a network together with the ports of our interest.

The previous examples were done in our laboratory network and a domestic system but imagine the amount of information you can obtain in a company that has at least 100 hosts.

This post was written by Ruben Dario Caravajal Herrera

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.