Nmap (Network Mapper) is a must-have tool for anyone interested in cybersecurity, ethical hacking, or network administration. It helps you scan networks, find active devices, detect open ports, and gather information about running services.
For beginners, Nmap is a great way to understand how networks work and how attackers find security weaknesses. For intermediate students, it provides advanced scanning techniques like OS detection, service enumeration, and vulnerability scanning.
Learn how to use Nmap for
• Network discovery.
• Port scanning.
• Service detection.
Lab Setup
- Prerequisites:
o VirtualBox installed with Kali Linux running.
o Ensure the Kali Linux VM has internet access.
o A second VM (e.g., Metasploitable or another vulnerable VM) to act as the target machine. - Target VM:
o Use Metasploitable 2 as the target machine. This VM is intentionally vulnerable and perfect for practicing Nmap scans.
Lab Exercise: Guided Nmap Scanning
Step 1: Basic Nmap Scan
Objective: Perform a basic scan to discover live hosts on the network.
Command:
nmap -sP 192.168.1.0/24
Explanation:
-sP: Ping scan to discover live hosts.
192.168.1.0/24: Scans the entire subnet for live hosts.
• Task:
Identify the IP address of the target VM (Metasploitable).
Step 2: Port Scanning
Objective: Scan the target machine to identify open ports.
Command:
nmap -p- 192.168.1.10
Explanation:
-p-: Scans all 65,535 ports.
192.168.1.10: Replace with the target VM’s IP address.
Task:
List all open ports on the target machine.
Step 3: Service Version Detection
Objective: Identify the services running on open ports and their versions.
Command:
nmap -sV 192.168.1.10
Explanation:
-sV: Enables version detection.
Task:
Identify the service name and version for each open port.
Step 4: Operating System Detection
Objective: Determine the operating system of the target machine.
Command:
nmap -O 192.168.1.10
Explanation:
-O: Enables OS detection.
Task:
Identify the operating system of the target machine.
Step 5: Aggressive Scan
Objective: Perform an aggressive scan to gather detailed information.
Command:
nmap -A 192.168.1.10
Explanation:
-A: Enables OS detection, version detection, script scanning, and traceroute.
Task:
Analyze the output and note down the details.
Step 6: Nmap Scripting Engine (NSE)
Objective: Use Nmap scripts to gather additional information.
Command:
nmap --script vuln 192.168.1.10
Explanation:
–script vuln: Runs vulnerability detection scripts.
Task:
Identify any vulnerabilities on the target machine.
Step 7: Save Scan Results
Objective: Save the scan results for later analysis.
Command:
nmap -oN scan_results.txt 192.168.1.10
Explanation:
-oN: Saves the output to a text file.
• Task:
Open scan_results.txt and review the findings.
Additional Challenges
- Scan a Specific Port Range:
Scan only ports 1-1000 on the target machine.
nmap -p 1-1000 192.168.1.10 - UDP Scan:
Perform a UDP scan to identify open UDP ports.
nmap -sU 192.168.1.10 - Timing and Stealth:
Use timing templates to control the speed of the scan.
nmap -T4 192.168.1.10 (T4 is faster, T1 is slower and stealthier).
End of this Learning
A summary of the findings,
- Open ports
- Services
- OS
- Vulnerabilities