NMAP, The Free and Open Source Tool

nmap

In an unsecured scenario, security tools are inevitable to safeguard your system. A plethora of security tools are available in the market for network administrators to make use of. These are paid tools, which are based on FOSS (Free and Open Source Software). Here, let’s have a look at Nmap.

Nmap stands for Network Mapper. The free and open source tool can be used for security scanning, network discovery and network exploration. By using Nmap, attackers can easily determine what ports are open on a system. Also it can be used in ethical hacking to find out loopholes and vulnerabilities in the system. It uses raw IP packets in different ways to carry out security scans and identify details like what type of hosts are available on a network, the services that are offered on the system, the operating system and the types of firewalls used in the system etc., apart from a wide variety of other characteristics.

It sends specially crafted packets to the target systems and analyses responses from these systems to gather the required information. Initially written by Gordon Lyon, it was started as a utility just for Linux. Now it has emerged as a cross platform utility available in Windows, Solaris and BSD variants. Nmap is not just limited to gathering information; it can be used as a vulnerability detector also.

Some of the key features of Nmap:

* It identifies hosts on a network and lists the hosts that respond to TCP/ICMP requests.

* It finds out open ports on target hosts.

* It investigates network services on target systems and determines application name and version details.

* It finds out the operating system of target host.

Using scrips functionalities of Nmap can be extended to enable more advanced detection. It provides both command line and graphical (GUI) versions that can be chosen upon your preferences. Nmap package comes with a GUI called zenmap. Nmap is not economically targeted and it aims at providing administrators an advanced tool for their networks. The source code is available for free and the same can be used to make modifications.

The Nmap command comes with lots of options that can make the utility more robust. The Nmap output comprises of a list of scanned targets, with supplemental information on each depending on the options used.

Format of using Nmap is as follows:

nmap [Scan Type] [Option] [target specification]

The complete summary of Nmap options can be obtained by running the command without passing any arguments.

Basic usages of Nmap are discussed below:

Nmap Target Selection:

Scan a single IP: nmap x.x.x.x

Scan a host: nmap thehostname.com

Scan a range of Ips: nmap x.x.x.x-20

Scan a subnet: nmap x.x.x.x/24

Scan targets from a text file: nmap -iL iplist.txt\

Nmap Port Selection:

Scan a single Port: nmap -p 22 x.x.x.x

Scan a range of ports: nmap -p 1-100 x.x.x.x

Scan 100 most common ports: nmap -F x.x.x.x

Scan all ports: nmap -p- x.x.x.x

Service and OS Detection:

Detect OS and Services: nmap -A x.x.x.x

Standard service detection: nmap -sV x.x.x.x

Nmap has gained widespread popularity and have reached thousands of people. Its flexibility, power and ease of use have led to the popularity of the tool..!

Written by admin

1 Comment

gravatar
Ravindra Upadhyay

How do the Oracle SID brute force with nmap getting fail

C:\Program Files\Nmap>nmap –script=oracle-sid-brute 97.253.47.45
Starting Nmap 7.12 ( https://nmap.org ) at 2017-09-07 10:29 India Standard Time
Nmap scan report for 97.253.47.45
Host is up (0.094s latency).
Not shown: 920 filtered ports, 59 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
79/tcp open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
587/tcp open submission
1521/tcp open oracle
1556/tcp open veritas_pbx
4045/tcp open lockd
6112/tcp open dtspc
7100/tcp open font-service
13782/tcp open netbackup
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
32777/tcp open sometimes-rpc17
32778/tcp open sometimes-rpc19
32779/tcp open sometimes-rpc21
32784/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 19.91 seconds

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *