Nmap-3.81-4 (port-scanning)

25/Oct/2005 tested by SuSE 9.3

Nmap is a powerful port-scanning program used by Whitehats and Blackhats alike. A very informative program, it tells you which ports a system (or subnet(s) of systems) is listening on. Certain Blackhat features include: IP Spoofing, Stealth Scanning, Christmas-Tree Scanning, and Decoys. It is freely available under the Gnu Public License (GPL).

Installation

  1. Nmap comes with the installation media, i.e. for SuSE 9.3, install as, 
    # cd /media/cdrom/suse/i586
# rpm -ihv nmap-3.81-4.i586.rpm
# rpm -ihv nmap-gtk-3.81-4.i586.rpm
  2. The newest version of nmap can be obtained from http://www.insecure.org/nmap/

Port Scanning

  1. This option scans all reserved TCP ports on the machine target.example.com. The -v means turn on verbose mode. 
    nmap -v target.example.com
  2. Launches a stealth SYN scan against each machine that is up out of the 255 machines on class "C" where target.example.com resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and the OS detection. 
    nmap -sS -O target.example.com/24
  3. Sends an Xmas tree scan to the first half of each of the 255 possible 8 bit subnets in the 198.116 class "B" address space. We are testing whether the systems run sshd, DNS, pop3d, imapd, or port 4564. Note that Xmas scan doesn't work on Microsoft boxes due to their deficient TCP stack. Same goes with CISCO, IRIX, HP/UX, and BSDI boxes. 
    nmap -sX -p 22,53,110,143,4564 198.116.*.1-127
  4. Rather than focus on a specific IP range, it is sometimes interesting to slice up the entire Internet and scan a small sample from each slice. This command finds all web servers on machines with IP addresses ending in .2.3, .2.4, or .2.5. If you are root you might as well add -sS. Also you will find more interesting machines starting at 127. so you might want to use "127-222" instead of the first asterisks because that section has a greater density of interesting machines (IMHO). 
    nmap -v --randomize_hosts -p 80 *.*.2.3-5
  5. Rather than focus on a specific IP range, it is sometimes interesting to slice up the entire Internet and scan a small sample from each slice. This command finds all web servers on machines with IP addresses ending in .2.3, .2.4, or .2.5. If you are root you might as well add -sS. Also you will find more interesting machines starting at 127. so you might want to use "127-222" instead of the first asterisks because that section has a greater density of interesting machines (IMHO). 
    nmap -v --randomize_hosts -p 80 *.*.2.3-5
  6. Do a DNS zone transfer to find the hosts in company.com and then feed the IP addresses to nmap. The above commands are for my GNU/Linux box. You may need different commands/options on other operating systems. 
    host -l company.com | cut  -d  -f 4 | ./nmap -v -iL -
Back
Google
Web www.grape-info.com