How Nmap works?







Nmap is an Information Gathering tool which scans targeted Ip and provides Port Specification, Services,
Operating System Detection, Scripting Engine (NSE), Aggressive scanning, Output Verbosity, Miscellaneous options.

After doing this scan we get vulnerability in the target and then real game start to hack.

Let's See how Scan works with commands:
nmap 192.168.1.1

Here's an example of what the scan results might look like:

bash
Starting Nmap 7.91 ( https://nmap.org ) at 2024-02-12 15:00 UTC
Nmap scan report for 192.168.1.1
Host is up (0.0030s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https

Nmap done: 1 IP address (1 host up) scanned in 2.01 seconds

  1. Basic Scanning:

  • nmap <target>: Perform a basic scan on the specified target.
  • nmap -sP <target>: Perform a ping scan to discover live hosts.
  • nmap -sT <target>: Perform a TCP connect scan.
  • nmap -sS <target>: Perform a SYN scan.
  • nmap -sU <target>: Perform a UDP scan.

          1. Port Specification:

          • -p <port1,port2,...>: Specify ports to scan.
          • -p-: Scan all ports (1-65535).

            1. Output Options:

            • -oN <file>: Save scan results in normal format.
            • -oX <file>: Save scan results in XML format.
            • -oG <file>: Save scan results in grepable format.
            • --open: Show only open ports in the output.

                  1. Service Version Detection:

                  • -sV: Probe open ports to determine service/version information.

                  1. Operating System Detection:

                  • -O: Enable operating system detection.

                  1. Scripting Engine:

                  • --script <script>: Run a specific Nmap script.
                  • --script-help <script>: Get help for a specific Nmap script.

                    1. Timing Options:

                    • -T<0-5>: Set timing template (0 for paranoid, 5 for insane).

                    1. Aggressive Options:

                    • -A: Enable aggressive scan options (service/version detection, OS detection, script scanning).

                    1. Scan Techniques:

                    • -sV: Service version detection.
                    • -sC: Scan using default NSE scripts.
                    • -sN: TCP Null scan.
                    • -sF: TCP FIN scan.
                    • -sX: TCP Xmas scan.

                            1. Firewall Evasion:

                            • --fragment: Fragment packets to evade firewalls.
                            • --badsum: Send packets with bad checksums.
                            • --data-length <size>: Append random data to packets.

                                1. Miscellaneous:

                                • -v: Increase verbosity level.
                                • -vv: Increase verbosity level more.
                                • -h or --help: Display help message.

                                    Perform passive reconnaissance to collect publicly available information about the target organization, such as domain names, IP addresses, and employee details.

                                    Comments

                                    Post a Comment

                                    Popular Posts