Download CyberSecurity Project About Nmap Tool and more Study Guides, Projects, Research Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CSE_4028 Advanced Cyber Security

ADVANCED CYBER SECURITY PROJECT

Nmap Tool

Done by

Name: Syeda Afifa Asim

Reg.no: 19BCE

Sl: C

Under the Guidance of Dr. Kumar Debasis

CONTENT

❏ Introduction

❏ Working with Nmap

❏ Commands and Implementation

❏ Conclusion

❏ References

Nmap is a powerful tool for discovering information about machines on a network or the Internet. It allows you to probe a machine with packets to detect everything from running services and open ports to the operating system and software versions. Like other security tools, Nmap should not be misused. Only scan networks and machines that you own or have permission to investigate. Probing other machines could be seen as an attack and be illegal. That said, Nmap can go a long way in helping to secure your own network. It can also help you to ensure that your servers are properly configured and don’t have any open and unsecured ports. It will also report if your firewall is correctly filtering ports that should not be externally accessible.

Working with Nmap The first step to working with nmap is to log into the Kali Linux machine and if desired, start a graphical session. During the installation, the installer would have prompted the user for a ‘ root ‘ user password which will be needed to login. Once logged in to the Kali Linux machine, using the command ‘ startx ‘ the Enlightenment Desktop Environment can be started – it is worth noting that nmap doesn’t require a desktop environment to run. After running the Command

Commands and Implementation Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ. Network exploration tool and security/port scanner

Basic Scans Nmap has a fairly intelligent default set, so you are able to just open up Nmap and run a scan without specifying anything but the target. So, why not try it out on a computer on your network. Scanning the computer running Kali isn’t going to give you much of anything, so it’s best to pick another computer that you own. If you already know the IP of one, awesome. If not, Nmap has a tool to get the IP addresses of the computers on your network. Open up a terminal, if you haven’t already, and run the following Linux command.

nmap -sn 192.168.1.0/

If your home network doesn’t use the 192.168.1.X IP structure, substitute in yours. The sequence ends with 0/24 to tell Nmap to scan the entire subnet. What you’ll see when Nmap finishes is a list of every device that was reachable. Each device will have a name(if applicable), IP address, and MAC address with a manufacturer. By using the names and the hardware manufacturers, you should be able to tell what each device on your network is. Pick a computer that you own, and scan it.

nmap 192.168.1.

You can just write in the IP of that computer. Nmap will take a few seconds to probe the computer with packets and report back. The report will be sorted, but it will contain a list of ports with their state and which service they correspond to. It will also show that MAC address information and your IP again.

-sS The -sS flag is the default scanning flag for Nmap. It just specifies the way that Nmap will scan. Even though it’s the default, it’s probably a good idea to specify it anyway. -T Timing can be important. Not only does the timing of the scan determine how long scanning will take, but it can also be instrumental in triggering or not triggering firewalls and other safeguards on a target system. While Nmap offers more fine-grained timing control, it also provides a set of six pre-built timing schemes with the -T flag. These timings range from 0 through 5, with 0 being the slowest and least invasive and 5 being the fastest and most overt. -T3 is the default timing flag, but many users prefer -T4 to speed up the scan. -iL You can use Nmap to scan multiple targets at once. Doing so can easily be done in-line when you run Nmap.

nmap -sS -T4 192.168.1.4 192.168.1.35 192.168.1.

-F

By default, Nmap will scan the 1000 most commonly used ports on a target machine. This, of course, takes time. If you know that you only need to or only want to scan the most common ports to reduce the run time of Nmap, you can use the -F flag. The -F flag tells Nmap to only scan the 100 most commonly used ports instead of the usual 1000.

nmap -sS -T4 -F 192.168.1.

-O If you would like information on the operating system being run on the target machine, you can add the -O flag to tell Nmap to probe for operating system information as well. Nmap is not super accurate when it comes to operating system information, but it usually gets very close.

nmap -sS -T4 -O 192.168.1.

Nmap will then only scan ports 25, 80, and 443 on the computer at 192.168.1.105. If you don’t know the port number of a common service, you can use the name of the service instead, and Nmap will know to look at the right port.

nmap -sS -T4 -p http,https,imap 192.168.1.

-p- There are many more ports on a computer than the 1000 that Nmap scans by default. As a result, some my be missed in a basic scan. If you are absolutely concerned about the security of your system, it is worth doing a complete scan of every port. To do this, use the -p- flag.

nmap -sS -p- 192.168.1.

-A

By now, you’ve acquired a lot of flags to use. Using all of them together can be very awkward. Nmap has the -A for just this reason. It’s sort of the “kitchen sink” flag that tells Nmap to aggressively gather as much information as it can.

nmap -A 192.168.1.

Find Live Hosts on Your Network Let us say you want to find a live host on a machine with IP 192.168.56.10 then you can do so with the following command. $ nmap -sL 192.168.56.0/ The above command will tell NMAP to do a quick scan. If the above command doesn’t return any result, you can use the following command. It tells NMAP to scan each IP address in the CIDR. $ nmap -sn 192.168.56.0/

Find Services Listening on Port If you want to list all services listening on various ports of a host, run the following command. Here is an example to list all services that are listening to one of the posts on 192.168.56.10.It will only list services that listening to a port. It will not list processes that are running internally. $ nmap -sV 192.168.56. Check if Anonymous FTP Logins are allowed Here is the command to check if anonymous FTP logins are allowed or not, on a given host IP. $ nmap -sC 192.168.56.10 -p 21

Check Host Vulnerabilities NMAP also provides commands to automatically check vsftpd for vulnerabilities. NMAP comes with numerous scripts for testing purposes. We will find the location of script to run a backdoor vulnerability check of vsftpd. $ locate .nse | grep ftp Once we have the location of our script, we will run it with the following command. $ nmap --script-help=ftp-vsftd-backdoor.nse If you don’t add any IP address after the above command, NMAP will check your own machine for vulnerability. If you want to check another IP address (e.g.

192.168.56.10) for vulnerability, run the following command.

$ nmap --script=ftp-vsftpd-backdoor.nse 192.168.56.10 -p 21