Tuesday, 29 July 2014

Top 10 NMap Command Variant used by Pentesters



This is actually a video I made simply to highlight the most commonly used NMap command by pentester in their daily job. Well, this is a very simple command - output video that I used against a virtual machine of mine. Below are the list of commands I have highlighted in the video (in case you want a static non-moving reference). Do share if you find this video helpful and follow me at @SecurityBazinga and my Youtube channel Security Bazinga Youtube Channel. Thanks folks!

NMap Commands Used in this Video
  • nmap -sP [IPAddressRange] - Ping sweep the whole subnet to see what host is alive
  • nmap -sT [IPAddress] - Establish a complete 3 way handshake with Target Host & port scan (Non-stealthy and easily leaves traces)
  • nmap -sS [IPAddress] - Establish an incomplete 3 way handshakre with Target Host & port scan (Stealthy and less traces)
  • nmap -F [IPAddress] - By default NMap does port scan using the Top 1000 commonly used ports in the Internet. To do a much faster scan, use -F to scan Top 100 commonly used ports in the Internet.
  • nmap [IPAddress] -p [portnum/range] - Does port scan on Target Host only to the ports mentioned.
  • nmap -sV [IPAddress] - Does port scan and version scan on the service listening on the respective ports.
  • nmap [IPAddress] --reason - Displays the reason why NMap  determined the port is either open, closed or filtered.
  • nmap -O [IPAddress] - Does a OS fingerprinting scan to identify what OS the Target Host is running on.
  • nmap [IPAddress] -oA [filename] - Outputs the result of NMap in 3 different files (txt, greppable format and xml format)
  • P, V, D - This can be done interactively while the scan is running. To turn on the packet trace function, press the p key. This will display the packets that are being sent by NMap to the target host (sniffer). To turn on Verbosity, press the v key. This is to display the verbosity and more information about the scan to the user. Example of information would be number of packet sent, ports discovered open and responding etc. Debugging is another feature which can be turned on using the key d. This is to show the debugging information of the scan while it is running.