Book Image

Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition

By : Paulino Calderon
Book Image

Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition

By: Paulino Calderon

Overview of this book

Nmap is one of the most powerful tools for network discovery and security auditing used by millions of IT professionals, from system administrators to cybersecurity specialists. This third edition of the Nmap: Network Exploration and Security Auditing Cookbook introduces Nmap and its family - Ncat, Ncrack, Ndiff, Zenmap, and the Nmap Scripting Engine (NSE) - and guides you through numerous tasks that are relevant to security engineers in today’s technology ecosystems. The book discusses some of the most common and useful tasks for scanning hosts, networks, applications, mainframes, Unix and Windows environments, and ICS/SCADA systems. Advanced Nmap users can benefit from this book by exploring the hidden functionalities within Nmap and its scripts as well as advanced workflows and configurations to fine-tune their scans. Seasoned users will find new applications and third-party tools that can help them manage scans and even start developing their own NSE scripts. Practical examples featured in a cookbook format make this book perfect for quickly remembering Nmap options, scripts and arguments, and more. By the end of this Nmap book, you will be able to successfully scan numerous hosts, exploit vulnerable areas, and gather valuable information.
Table of Contents (22 chapters)
Appendix A: HTTP, HTTP Pipelining, and Web Crawling Configuration Options
Appendix Β: Brute-Force Password Auditing Options
Appendix F: References and Additional Reading

Performing advanced ping scans

In this chapter, you have learned about all the different ping scanning techniques supported by Nmap. We have been using these techniques independently across different scenarios, but one of the strengths of Nmap is the ability to combine them. Discovery scans can yield better results by expanding the set of probes sent to the network, but it is up to us to optimally combine the scanning techniques and probe ports. This recipe will go through the process of launching advanced ping scans.

How to do it...

Open your terminal and enter the following command:

# nmap -sn --send-ip -PS21,22,23,25,80,445,443,3389,8080 -PA80,443,8080 - PO1,2,4,6 -PU631,161,137,123 <target>

You should see a list of hosts that responded to any of the probes:

# nmap --send-ip -sn -PS21,22,23,25,80,445,443,3389,8080 -PA80,443,8080 - PO1,2,4,6 -PU631,161,137,123 192.168.1.1/24
Nmap scan report for 192.168.1.67 Host is up (0.093s latency).
MAC Address: 78:31:C1...