[W] FEED STUFF ABOUT

Nmap Speed Run

Lets Scan the Sh!t out of it!

what i expect.

This is a speed Run Through nmap, so I have to assume that you already know a couple of things beforehand :-


What is nmap ?

Nmap is one of the most powerful network scanner you can find, from its command line nature and 1000’s of different command combinations , to its relative efficiency and its size. Its the best you will get.
Nmap is also kind of a universal network scanner as it doesn't need a graphical shell (GUI) to run on, and command-line shell is a thing present on all the operating systems. It is written in the most common native environment ( C, C++, Python and Lua ) which makes its source compilation really easy. And its really small size makes it integratable in a lot of custom systems.


How to install ??

NMAP

Download nmap from nmap Site.
Installation is pretty straight forward and is explained well on there site. So I am not going to cover that too much.
Basically if you are on windows you have a .exe file that you have to run and go through the installation process (pretty simple), once it is installed open up a commad prompt and run

nmap -v

this will show you your nmap version and stuff. Now you are good to go.
As for linux /Unix based OS’s (Mac) it is available via variour package managers (like yun, dnf, brew, apt ETC) and via direct binaries for different platforms as .rpm, .dmg etc. Installing them is pretty much download the binaries then open the terminal as Super User in the same directory of the download and then installing them with your package manager the way you must be installing other softwares.
if it throws an error most possibly its a permissions issue, try this :

chmod +x { nmapbinary }

and then try installation again. If still not resolved you can mail me at root@waxvapour.com or put it in the comments section. I will try to help as many people as possible.


Compiling out of Source

If there is no pre compiled binary available for your platform or you just wanna look more tacky then what we can do is compile it ourselves from the source.

Hmm nothing better that freshly cooked software …
for that you need 3 pieces of software and I presume people opting for this method are either helpless or a bit experienced.
You will need : wget, g++ and tar all of them are free and there is a possibility that they are pre-installed so just follow through and if its not installed you will get a unknown command error.

Firstly download the source code for nmap :

wget https://nmap.org/dist/nmap-7.80.tar.bz2

this will get you the latest development version of nmap, else you can go for a stable version its upto you. Then do a :

tar jxvf nmap-7.80.tar.bz2

this will decompress the source folder in the PWD(present working directory) then cd into it for starting the compilation

cd nmap-7.80/

after that do this, one after another :

./configure
make
make install

This should compile the source code and install it for you to use. Now once all done test it by the same nmap -v command and this should show you the version of nmap you are rocking.


Let's get it Going

So, you can simply type nmap or nmap -h and hit enter for Help, or you can also do,

man nmap

for the Manual page of Nmap. The very basic layout of a nmap command will look like this:

nmap target

occasionally it will look like this

nmap -O target

where -O represent options or also known as a switch, Basically switch will specify what options/parameter you use for the target and target represents an ip or a host.


How to ?

Scan a single Target (IP / Host), Layout (nmap target) :

nmap waxvapour.com
nmap 10.0.0.102

Scan an Entire Subnet, Layout (nmap target/cdir) :

nmap 192.168.1.1/24

Scan multipe targets by separating each target with spaces, Layout (nmap target1 target2 target3) :

nmap 192.168.1.1 192.168.1.3 10.0.0.55 waxvapour.com

Insted of entire subnet scan a specific range of IP addresses, Layout (nmap target-endRange) :

nmap 192.168.1.100-140

Scanning IP addresses from a text file, for this lets assume we have a file named IPs.txt and inside it looks like this:

192.168.1.100
192.168.1.101
192.168.1.130
192.168.3.55
10.0.0.87

A list of IP addresse basically, this will scan trough each IP in the List :

 nmap -iL IPs.txt 

Scanning an entire subnet Excluding a specific IP addresse, Layout (nmap Target/Cidr --exclude ExcludedIP) :

nmap 192.168.1.1/24 --exclude 192.168.1.44

If you want a Entire List of Ip addresses to be excluded form scanning,Lets use the IPs.txt from above, This time insted of scanning these IPs it will exlude these IPs form the Subnet we are scanning:

nmap 192.168.1.1/24 -exclude file IPs.txt

Wanna Scan specific Ports on the Target ;) , Layout (nmap -pPortNo1,PortNo2,PortNo3 target) :

nmap -p80,21,23 192.168.1.1

In the above Example it will scan through port No 80(HTTP), 21(FTP), 23(TELNET) for our Host 192.168.1.1



Lets Do some BigBrain Scans


TCP SYN Scan : Also called half-open scan or SYN scan, as it gets the Host info without completing TCP handshake, Nmap sends SYN, but it does not create any sessions due to which target will not log this because no session was initiated. Layout, nmap -sS target :
Note: It Needs Root Privileges!!

nmap -sS 192.168.1.1

TCP connect scan : we can use it if we dont have Root Privileges, it will complete the TCP handshake and the rest is same, Also this is only for the TCP ports it will not work for UDP. Layout, nmap -sT target :

nmap -sT 192.168.1.1

UDP Scan : Ofcourse its for UDP Ports only, It sends UDP packets to the target, and waits for a response. if ICMP is unreachable error occure then the port is closed but if it gets a response, then its an open port. Layout, nmap -sU target :

nmap -sU 10.0.0.5

Fin / Null / Xmas Scan : I am explaing all 3 together as the Idea is pretty much byPassing the Firewall, IDS, IPS , whatever shenanigans are there to stop the TCP packets.
Starting with the Fin Scan which only send the Fin Flag (Final Flag of a TCP handshake) its Layout, map -sF traget

nmap -sF 192.168.1.8

Xmas Scan sends PSH, FIN, and URG flags. Layout is map -sX traget

nmap -sX 10.0.0.5

Null Scan doesn't send any data at all its just Empty packets. Layout, map -sN traget

nmap -sN 10.0.0.5

Ping Scan : Ping Scan pretty much checks if a host is alive of not. Layout, nmap -sP target :

nmap -sP 192.168.1.1



^

This is a Really, and i mean REally REally Brief of Nmap. this post was intended to get you started with Nmap and it barely Scratch its surface.
I will recommend Nmap® Cookbook | The fat-free guide to network scanning its a free and a very good Book on Nmap Download Book


Please let me Know if it was helpful... :)