Hello TurkHackTeam family, on this thread I'll tell you the usage of NMAP with Linux.
First of all what is NMAP??
NMAP is a security scanner made by Gordon Lyon using C++/C and Python programming languages.
What does NMap Do??
It can show the scanned network's map and observe working operating systems, ports status.
With NMAP you can gather info like, connected network's operating systems, working phsyical devices, runtime, software's version and what services are being used, whether the computer has a firewall or not, network chips manufacturer's name.
NMAP is completely a "General Public License" and it's source code can be downloaded.
Where is NMAP Used?
Testing necessary settings when Network is preparing,
Security auditing by defining new unkown servers.
Network inventory keeping, mapping, maintenance and administration.
How does NMAP work?
1. When the target machine's name is typed, NMAP firstly does DNS lookup process. When DNS queries show on network traffic, all status are logged. DNS lookup isn't an NMAP function. So, if IP addresses is typed instead of name, DNS lookup won't be processed. There is no way to cancel a DNS lookup process.
2. NMAP pings target machine different than ICMP ping process.
3. When target machine's IP address is determined, NMAP does Hostname match by performing a Reverse DNS lookup. This is the reverse of the first event.
4. NMAP performs the scan.
What are the port statuses that might appear at scan results?
Open: Ports accept TCP or UDP connections as being open and active.
Closed: Ports are closed but accesible. There are no active listening connection.
Filtered: Turning reactions are blocked by a packet filter mechanism. Nmap can't decide to know port being open.
Unfiltered: Ports are accessible but Nmap can't decide whether the ports are open or not.(Only for ACK scan)
Open|filtered: Nmap can't decide whether the ports are open or filtered. (For UDP, IP, Proto, FIN, NULL, Xmas scan)
Closed|filtered: Nmap can't decide whether the ports are open or filtered. ( Only for Idle scan)
NMAP Usage
Scan "can be done as nmap target link or ip ddress"
Scanning only one IP address.
Scanning only one host.
Scanning multiple IP addresses.
Scanning IP address directory.
Scanning an IP address directory with using joker character.
Scanning a complete sub net.
Excluding the chosen main computer or network completely out of scan. (IPv4)
At multiple scans, you can completely exclude determined IP address like this.
Running Operating system and version detection command file.
Learning whether a main computer or a network is being protected by a firewall or not.
Scanning a main computer which is being protected with a firewall.
Viewing which devices and servers are working by scanning the network.
Performing a fast scan.
Showing why a port is in a specific status.
Showing only ports that can be open or closed.
Showing all recevied and sent packets.
Showing main computer interfaces and routes..
This, is a useful command used in troubleshooting.
Scanning all devices or computers for open ports quickly.
Kod:
Detecting operating system remotely.
Detecting version numbers of remote services (server or background applications).
Scanning a main computer by using TCP ACK (PA) and TCP Syn (PS) ping.
Scanning a main computer by using IP protocol ping.
Scanning a main computer by using UDP ping.
Learning most used TCP ports by using TCP SYN Scan.
Hidden scan.
Finding most frequently used TCP connection points by using TCP connect scan (!no hidden scan!)
Finding most frequently used TCP connection points by using TCP ACK scan.
Finding most frequently used TCP connection points by using TCP Window scan.
Scanning main computer for UDP services.(UDP scan)
Scanning IP protocol.
This scan type, specifies which IP protocols (TCP, ICMP, IGMP, etc) are being supported by host machine.
Scanning firewall to test Security vulnerabilities.
The scan types below, benefit from a thin gap at TCP and it's very good for testing general attack's security.
TCP Null Scan
It does not determine any bits.
TCP Fin scan to check Firewall.
Only configures TCP FIN bit.
TCP Xmas, firewall check scan.
Configures FIN, PSH and URG flags which specifies packet.
Firewall scan for Packet parts.
Hiding a scan with traps.
5-10 port scans are reported from IP addresses with unique IDS, but it's not known which IP addresses scan them and which are dangerous.
I've now told what is NMAP and it's commands Thanks for reading my thread.
First of all what is NMAP??
NMAP is a security scanner made by Gordon Lyon using C++/C and Python programming languages.
What does NMap Do??
It can show the scanned network's map and observe working operating systems, ports status.
With NMAP you can gather info like, connected network's operating systems, working phsyical devices, runtime, software's version and what services are being used, whether the computer has a firewall or not, network chips manufacturer's name.
NMAP is completely a "General Public License" and it's source code can be downloaded.
Kod:
NMAP Kaynak Kodları - GitHub
Testing necessary settings when Network is preparing,
Security auditing by defining new unkown servers.
Network inventory keeping, mapping, maintenance and administration.
How does NMAP work?
1. When the target machine's name is typed, NMAP firstly does DNS lookup process. When DNS queries show on network traffic, all status are logged. DNS lookup isn't an NMAP function. So, if IP addresses is typed instead of name, DNS lookup won't be processed. There is no way to cancel a DNS lookup process.
2. NMAP pings target machine different than ICMP ping process.
3. When target machine's IP address is determined, NMAP does Hostname match by performing a Reverse DNS lookup. This is the reverse of the first event.
4. NMAP performs the scan.
What are the port statuses that might appear at scan results?
Open: Ports accept TCP or UDP connections as being open and active.
Closed: Ports are closed but accesible. There are no active listening connection.
Filtered: Turning reactions are blocked by a packet filter mechanism. Nmap can't decide to know port being open.
Unfiltered: Ports are accessible but Nmap can't decide whether the ports are open or not.(Only for ACK scan)
Open|filtered: Nmap can't decide whether the ports are open or filtered. (For UDP, IP, Proto, FIN, NULL, Xmas scan)
Closed|filtered: Nmap can't decide whether the ports are open or filtered. ( Only for Idle scan)
NMAP Usage
Scan "can be done as nmap target link or ip ddress"
Scanning only one IP address.
Kod:
nmap 192.168.1.1
Kod:
nmap siteadi.com
Scanning multiple IP addresses.
Kod:
nmap 192.168.1.1 192.168.1.2
Kod:
nmap 192.168.1.1-30
Kod:
nmap 192.168.1.*
Kod:
nmap 192.168.1.0/24
Excluding the chosen main computer or network completely out of scan. (IPv4)
At multiple scans, you can completely exclude determined IP address like this.
Kod:
nmap 192.168.1.0/24 --exclude 192.168.1.5 nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254
Kod:
nmap -A 192.168.1.254 nmap -v -A 192.168.1.1
Learning whether a main computer or a network is being protected by a firewall or not.
Kod:
nmap -sA 192.168.1.1 nmap -sA siteadi.com
Scanning a main computer which is being protected with a firewall.
Kod:
nmap -PN 192.168.1.1 nmap -PN siteadi.com
Kod:
nmap -6 IPv6 adresi nmap -6 siteadi.com nmap -6 2600:3c01::f03c:91ff:fe98:ff4e nmap -v A -6 2600:3c01::f03c:91ff:fe98:ff4e
Kod:
nmap -sP 192.168.1.0/24
Performing a fast scan.
Kod:
nmap -F 192.168.1.1
Showing why a port is in a specific status.
Kod:
nmap --reason 192.168.1.1 nmap --siteadi.com
Showing only ports that can be open or closed.
Kod:
nmap --open 192.168.1.1 nmap --open siteadi.com
Showing all recevied and sent packets.
Kod:
nmap --packet-trace 192.168.1.1 nmap --packet-trace siteadi.com
Showing main computer interfaces and routes..
This, is a useful command used in troubleshooting.
Kod:
nmap --iflist
Kod:
Kod:
nmap -T5 192.168.1.0/24
Detecting operating system remotely.
Kod:
nmap -O 192.168.1.1 nmap -O --osscan-guess 192.168.1.1 nmap -v -O --osscan-guess 192.168.1.1
Detecting version numbers of remote services (server or background applications).
Kod:
nmap -sV 192.168.1.1
Scanning a main computer by using TCP ACK (PA) and TCP Syn (PS) ping.
Kod:
nmap -PS 192.168.1.1 nmap -PS 80,21,443 192.168.1.1 nmap -PA 192.168.1.1 nmap -PA 80,21,200-512 192.168.1.1
Scanning a main computer by using IP protocol ping.
Kod:
nmap -PO 192.168.1.1
Scanning a main computer by using UDP ping.
Kod:
nmap -PU 192.168.1.1 nmap -PU 2000.2001 192.168.1.1
Learning most used TCP ports by using TCP SYN Scan.
Hidden scan.
Kod:
nmap -sS 192.168.1.1
Kod:
nmap -sT 192.168.1.1
Kod:
nmap -sA 192.168.1.1
Kod:
nmap -sW 192.168.1.1
Kod:
nmap -sU nas03 nmap -sU 192.168.1.1
Kod:
nmap -sM 192.168.1.1
Kod:
nmap -sU nas03 nmap -sU 192.168.1.1
Scanning IP protocol.
This scan type, specifies which IP protocols (TCP, ICMP, IGMP, etc) are being supported by host machine.
Kod:
nmap -sO 192.168.1.1
The scan types below, benefit from a thin gap at TCP and it's very good for testing general attack's security.
TCP Null Scan
It does not determine any bits.
Kod:
nmap -sN 192.168.1.254
TCP Fin scan to check Firewall.
Only configures TCP FIN bit.
Kod:
nmap -sF 192.168.1.254
TCP Xmas, firewall check scan.
Configures FIN, PSH and URG flags which specifies packet.
Kod:
nmap -sX 192.168.1.254
Firewall scan for Packet parts.
Kod:
nmap -f 192.168.1.1 nmap -f siteadi.com nmap -f 15 siteadi.com
Hiding a scan with traps.
5-10 port scans are reported from IP addresses with unique IDS, but it's not known which IP addresses scan them and which are dangerous.
Kod:
nmap -n -Ddecoy-ip1,decoy-ip2,IP ADRESİNİZ,decoy-ip3,decoy-ip4 UZAK HOST IP'SI nmap -n -D192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1 192.168.1.5
Source : https://www.turkhackteam.org/network/1826187-nmap-kullanimi-reoblood.html
Translator : Vilge234
Translator : Vilge234
Moderatör tarafında düzenlendi: