Differences

This shows you the differences between two versions of the page.

--- arms:nmap [2024/06/07 08:08] – [Service Identification] Humphrey Boa-Gart
+++ arms:nmap [2024/08/06 05:48] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Nmap ======
-**Nmap** (**N**etwork **Map**per) is a cross-platform command-line //port scanner//. It identifies which ports are open on a networked computer, which in turn can help identify what services are running on that computer. This is useful to both sysadmins and hackers alike for discovering potential points of attack in prospective targets. Its ability to scan entire networks is very useful when combined with [[tools:whois|WHOIS]] information about organizations you may be targeting.
+**Nmap** (**N**etwork **Map**per) is a cross-platform command-line //port scanner//. It identifies which ports are open on a networked computer, which in turn can help identify what services are running on that computer. This is useful to both sysadmins and hackers alike for discovering potential exploitable vulnerabilities. Its ability to scan entire networks is very useful when combined with [[diy:network-recon#whois|WHOIS]] information about organizations you may be targeting.
-Nmap isn't limited to just scanning for open ports, but features such abilities as host discovery, service and operating system detection, version identification, and more.
+Nmap isn't limited to just scanning for open ports. It also features such abilities as host discovery, service and operating system detection, version identification, and more.
+**Note:** Port scanning is a fast way to get your IP address flagged by some hosts. For best results, pair this with a [[security:vpn|VPN]] and use a [[diy:change-mac|randomized MAC address]].
 ===== Download Nmap =====
@@ Line 33: / Line 35: @@
   $ nmap scanme.nmap.org
-You can run it against IP addresses too. A ''whois'' on scanme.nmap.org says it is located at ''45.33.32.156'':
+You can run it against IP addresses too. A ''whois'' on scanme.nmap.org says it is located at ''45.33.32.156'', so let's try that:
   $ nmap 45.33.32.156
@@ Line 45: / Line 47: @@
 Sometimes a host may not respond to a standard ping. There are a multitude of ''-P*'' flags, which ping the host in different ways:
-  $ nmap -PA -sP scanme.nmap.org
+  $ nmap -PA scanme.nmap.org
-  $ nmap -PN -sP scanme.nmap.org
+  $ nmap -PN scanme.nmap.org
-  $ nmap -PR -sP scanme.nmap.org
+  $ nmap -PR scanme.nmap.org
-  etc, etc
+Etc, etc, etc. Flags can be combined sequentially like so:
+  $ nmap -PN -sP scanme.nmap.org
-For more information, read [[https://nmap.org/book/host-discovery-techniques.html|Host Discovery Techniques]] in the Nmap documentation.
+If your target is not responding to pings, try adding one of these flags to your command and see if that does the trick. For more information, read [[https://nmap.org/book/host-discovery-techniques.html|Host Discovery Techniques]] in the Nmap documentation.
 ==== Port Scanning ====
@@ Line 67: / Line 71: @@
   $ nmap -p T:21-25,80,443 45.33.32.156-254
-==== Service Identification ====
+==== Service & Version Identification ====
-Identify services running on a host:
+Identify information about services running on a host with the ''-sV'' flag:
   $ nmap -sV scanme.nmap.org
+==== OS Identification ====
+Identify the operating system of a host with the ''-O'' flag:
+  $ nmap -O scanme.nmap.org
@@ Line 80: / Line 90: @@
 ===== More Info =====
-[[https://nmap.org|Nmap homepage]]
+[[https://nmap.org|Nmap Homepage]]
+[[https://nmap.org/book/toc.html|Nmap User Manual]]
 [[http://linux.die.net/man/1/nmap|Nmap Man page]]
 {{tag>Armaments Recon}}

User Tools

Site Tools

Differences