Scribd
Upload
14 views3 pages

NMAP

Nmap is a network scanning tool that can perform host discovery, port scanning, version detection, and OS detection. It works in several phases: enumeration, host discovery, port scanning, version detection, OS detection, and optional script scanning. During a port scan, Nmap sends packets to determine if ports are open, closed, filtered, or unfiltered. It has many options to customize scans including target specification, port selection, timing profiles, and output formats. Nmap supports scripting for additional detection capabilities during a scan.

Uploaded by

white hoff
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
14 views3 pages

NMAP

Nmap is a network scanning tool that can perform host discovery, port scanning, version detection, and OS detection. It works in several phases: enumeration, host discovery, port scanning, version detection, OS detection, and optional script scanning. During a port scan, Nmap sends packets to determine if ports are open, closed, filtered, or unfiltered. It has many options to customize scans including target specification, port selection, timing profiles, and output formats. Nmap supports scripting for additional detection capabilities during a scan.

Uploaded by

white hoff
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

#NMAP:

- LUA Programming

Probe: probe means Sending packets


-----------------------------------------------------------------------------------
---------------

1)How scan works


2)Scan Status
3)#Basics-- Prerequisite
4)# Target
5)#Port

1)Scan types
2)Scan option
3)Detection of version
4)Runnig speed
5)Ping option
6)Scripting
7)input option
8)Misleneous
9)Output option
10)OS detection

#Phases of NMAP
1)Enemuration
2)Host Discovery
3)Port Scanning
4)Version Detection
5)OS Detection
6)Script Scanning
8)Output

#Host Discovery
1)ROOT
2)LOCAL

#How scanning works

1)PORT OPEN -- syn, syn+Ack, Ack (3 Way Handshake)


Lets assume there are two host HOST A & HOST B
Host A send packet to HOST B (Syn)
Host B accpet and sent packet to HOST A (Syn+Ack)
Host A will again send again Ack (Ack)
Three Way Handshake

2)Port Closed - Syn, (RST+ACK)


Host A send packet to Host B
Host will will give ACK but also give RST means reset becuse Host B ports are
closed
so when ports are closed its not possible to listen on that port
so there will be no connectvity

#Scan Status
1)Open
2)Closed
3)Filtered ---means firewall filtering the traffic
4)Open | Filtered -- Host will send Null Packet to Hsot B and bypss firewall and
when HOST B gives result to HOST A at that time firewall will block tht
5)Closed | Filtered -- it will not give any information means ports are open or
closed - nothing
6)Unfiltered -- No response from the host while synscing

#Basics
Prerequisite
1)IP- IP to scan the host
2)Port- Which port want to scan- ftp,ssh,rdp etc..
3)Scan type
4)Scan timing
5)Output types

------------------------------------------------------------------------------
------------------------------------------------------------

cmd - host discovery (-sn)


cmd - to disable host discovery scanning (-pn)
-----------------------------------------------------------------------------------
------------------------------------------

# Target
1)Single Ip address
2)Subnet range -- in subnet range nmap will do host discovery means i
will find other devices also which are connected in a network
3)IP address range -- means we will provide ip add range to nmap for
scanning means scan 192.168.0.10-192.168.0.20 thats all
4)Specific IP address --- we will provide multiple ip address to namp for
scanning
5).txt files cmd (-il)
6)domain a.com

-----------------------------------------------------------------------------------
------------------------------------------------------

Mostly NMAP Scan 1000 ports btdefault


-----------------------------------------------------------------------------------
---------------------------------------------------------

#Port
1)Singlr port -- nmap 192.168.0.10 -p 80
2)Sequential port -- nmap 192.168.0.10 -p 10-30 (means it will scan for
port 10,11,12,13,14,15-------29,30)
3)Distributed port --- nmap 192.168.0.1 -p 80,22,3389
4)Service speific --- nmap 192.168.0.10 -p http (means it will only scan
for specific service http port 80)
5)Protocol specif -- nmap 192.168.0.10 -p T:22, U:53 (T means TCP and u
measn UDP)
6)All Ports -- nmap 192.168.0.10 -p- (means it will scan
for all ports 65535)
7)All top ports --- nmap 192.168.0.10 --top-ports (means it will
scan all top ports)

-----------------------------------------------------------------------------------
----------------------------------------------------------------
# Scan Timings
1) T0 - Paranoid (Very very slow scanning)
2) T1 - Sneaky (very Slow)
3) T2 - Polite (Medium speed scanning)
4) T3 -Normal (Normal Speed Scanning)
5) T4 -Aggressive (Very fast scanning)
6) T5 -Insane (Very very fast scanning)

-----------------------------------------------------------------------------------
---------------------------------------------------------------

#Output types
.txt
.xml
-----------------------------------------------------------------------------------
---------------------------------------------------

# NMPA Script Engine (NSE)


-----------------------------------------------------------------------------------
----------------------------------------------------------------

#MISC
miscelinious

Service detection -- cmd nmap -sv 192.168.0.10

OS Detection -- cmd nmap -o 192.168.0.10

Verbocity -- cmd nmap -v 192.168.0.10

You might also like