In this post, I will explain what Nmap is all about, and a basic demonstration. I'm launching my career in Cybersecurity, and i hope this series will benefit InfoSec enthusiasts. Have fun.
Note: If you don't know how to install Nmap, click here.
Introduction
Nmap or Network Mapper is a network scanning tool designed to audit a range of hosts (large networks) or a single host (a computer). Nmap sends TCP, UDP, SCTP, and ICMP packets to the target host and examines the response by comparing the result to its database(always use the latest version), to determine what services are running, which OS versions is installed, types of firewalls, and other cool stuff.
Nmap is a very powerful, mature network scanner that will help you see everything that you need to see on your network. To get you excited, here's an analogy: You're about to go on a road trip, so basically you'll need some sort of map or an app that you would use to plane your route and be aware of what's around you, like road conditions and so forth. Well, think of Nmap like a map for you network.
Nmap Syntax
The syntax is very simple, but the number of options provided are overwhelming. Always run nmap as a privileged user or root (on windows: open command prompt as administrator).
The syntax: nmap [Scan Type(s)] [Options] {target specification}
In this post, i'll only use nmap and a target to keep it simple. The target can be a hostname, an IP, a network range, etc.
Disclaimer: Use Nmap on your own networks. When being used on networks without prior authorization, and your intention was only to perform a scan, you'll look like the malicious type.
Let's get started
Let's run 'nmap localhost':
MacBook-Pro:~ kavish$ nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-28 11:52 +04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00036s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 993 closed ports
PORT STATE SERVICE
88/tcp open kerberos-sec
110/tcp open pop3
143/tcp open imap
445/tcp open microsoft-ds
548/tcp open afp
993/tcp open imaps
995/tcp open pop3s
Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds
The scan took approximately 6 seconds (depends on how services you got running).
Your output will be different. The main key here, is that Nmap can show you things on your network that you're not aware of. Or maybe you've no clue what services are running on your machine.
From the above output, i can see that kerberos, afp, and microsoft-ds are running. I didn't start those services, and i don't know what has.
Did a quick google search, and found out that those 3 services are responsible for file sharing. I disabled file sharing, and voila:
MacBook-Pro:~ kavish$ nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-28 11:54 +04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00038s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed ports
PORT STATE SERVICE
110/tcp open pop3
143/tcp open imap
631/tcp open ipp
993/tcp open imaps
995/tcp open pop3s
Nmap done: 1 IP address (1 host up) scanned in 7.22 seconds
A simple scan like this will not retrieve sufficient information. But it's enough to get your feet wet, and become familiar with Nmap.
Stay tuned for part 2 where I explain how to run more advanced commands and, how to manipulate your results with Python-Nmap.
Top comments (0)