E-Book
39,59 €

Nmap: Network Exploration and Security Auditing Cookbook E-Book

Paulino Calderon

0,0

39,59 €

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.

Mehr erfahren.

Herausgeber: Packt Publishing
Kategorie: Fachliteratur
Sprache: Englisch

Beschreibung

This is the second edition of ‘Nmap 6: Network Exploration and Security Auditing Cookbook’. A book aimed for anyone who wants to master Nmap and its scripting engine through practical tasks for system administrators and penetration testers. Besides introducing the most powerful features of Nmap and related tools, common security auditing tasks for local and remote networks, web applications, databases, mail servers, Microsoft Windows machines and even ICS SCADA systems are explained step by step with exact commands and argument explanations.
The book starts with the basic usage of Nmap and related tools like Ncat, Ncrack, Ndiff and Zenmap. The Nmap Scripting Engine is thoroughly covered through security checks used commonly in real-life scenarios applied for different types of systems. New chapters for Microsoft Windows and ICS SCADA systems were added and every recipe was revised. This edition reflects the latest updates and hottest additions to the Nmap project to date. The book will also introduce you to Lua programming and NSE script development allowing you to extend further the power of Nmap.

Details

Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:

EPUB

MOBI

Seitenzahl: 406

Veröffentlichungsjahr: 2017

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Ähnliche

Nmap Network Exploration and Security Auditing Cookbook, Third Edition

Paulino Calderon

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Denke (nach) und werde reich

Napoleon Hill

30 Minuten Resilienz

Ulrich Siegrist

Krebszellen mögen keine Himbeeren - Der große Bestseller - Vollständig überarbeitet und aktualisiert

Richard Béliveau

Die Hormonrevolution

Michael E Platt

Der Crash ist die Lösung

Matthias Weik

Günter, der innere Schweinehund, lernt verkaufen

Stefan Frädrich

Die Leber wächst mit ihren Aufgaben

Dr. med. Eckart von Hirschhausen

Der größte Raubzug der Geschichte

Matthias Weik

Unsere Hunde - gesund durch Homöopathie

Hans Günter Wolff

Die Jahrhundertlüge, die nur Insider kennen

Heiko Schrang

Organisation für Komplexität

Niels Pfläging

Radikal führen

Reinhard K. Sprenger

30 Minuten Sympathisch und souverän: So geht Vortragen!

Thomas Lorenz

BLACKOUT - Morgen ist es zu spät

Marc Elsberg

The Truth About Employee Engagement

Patrick M. Lencioni

Mensch und Wald

Carsten Wippermann

The Food Truck Handbook

David Weber

Leseprobe

Title Page

Nmap: Network Exploration and Security Auditing Cookbook

Second Edition

A complete guide to mastering Nmap and its scripting engine, covering practical tasks for penetration testers and system administrators

Paulino Calderon

BIRMINGHAM - MUMBAI

Copyright

Nmap: Network Exploration and Security Auditing Cookbook

Second Edition

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2012

Second edition: May 2017

Production reference: 1240517

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-78646-745-4

www.packtpub.com

Credits

Author

Paulino Calderon

Copy Editors

Dipti Mankame

Safis Editing

Reviewer

Nikhil Kumar

Project Coordinator

Judie Jose

Commissioning Editor

Pratik Shah

Proofreader

Safis Editing

Acquisition Editor

Rahul Nair

Indexer

Rekha Nair

Content Development Editor

Abhishek Jadhav

Graphics

Kirk D'Penha

Technical Editor

Aditya Khadye

Production Coordinator

Shantanu Zagade

About the Author

Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software.

Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017.

He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.

Acknowledgments

As always, I would like to dedicate this book to a lot of special people who have helped me get where I am.

Special thanks to Fyodor for mentoring me and giving me the opportunity to participate in this amazing project named Nmap. To all the development team, from whom I have learned a lot and now I have the pleasure to know personally, thanks for always answering all my questions and being outstanding individuals.

To my mother, Edith, and my brothers, Omar and Yael, thanks for always supporting me and being the best family I could ask for.

To Martha, who I will always love more than anything, and Pedro Moguel, Martha Vela, Maru, Jo, Fana, Pete, and Pablo, thanks for welcoming me into your family.

Nothing but love to all my friends. It is impossible to list all of you, but know that I appreciate all your love and support. You are always in my heart. Greetings to b33rcon, H4ckD0g5, Security Room LATAM, and the Negan clan, keep on hacking!

To Pedro, Roberto, and the Websec team, thanks for joining me in this crazy adventure that started 6 years ago.

In memory of my father, Dr. Paulino Calderon Medina, who I miss every day.

About the Reviewer

Nikhil Kumar has over 5 years of experience in information security. Currently he is working with Biz2Credit as a Senior Security Consultant. He is a certified ethical hacker, and has bachelor's and master's degrees in computer science. He has done globally accepted certifications such as OSCP, OSWP, and CEH. He has written many articles on web application security, security coding practices, web application firewalls, and so on. He has discovered multiple vulnerabilities in big hotshot applications, including Apple, Microsoft, and so on.

Nikhil can be contacted on LinkedIn at https://in.linkedin.com/in/nikhil73.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1786467453.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

Preface

Nmap: Network Exploration and Security Auditing Cookbook, is a practical book that covers some of the most useful tasks you can do with Nmap. The book is divided into tasks or recipes. Each recipe focuses on a single task explained with command-line examples, sample output, and even additional personal tips that I know you will find handy.

Nmap's vast functionality is explored through 11 chapters covering more than 120 different tasks for penetration testers and system administrators. Unlike Nmap's official book, this cookbook focuses on the tasks you can do with the Nmap Scripting Engine and unofficial related tools, covering the core functionality of Nmap, but without focusing on the scanning techniques that are perfectly described in the official book. Think of this book as an addition to what the official Nmap book covers.

There were many great NSE scripts I wish I had more space to include in this book and many more that will be created after its publication. I invite you to follow the development mailing list and stay up to date with Nmap's latest features and NSE scripts.

I hope that you not only enjoy reading this cookbook, but as you master the Nmap Scripting Engine, you come up with new ideas to contribute to this amazing project.

What this book covers

Chapter 1, Nmap Fundamentals, covers the most common tasks performed with Nmap. In addition, it introduces Rainmap Lite, Ndiff, Nping, Ncrack, Ncat, and Zenmap.

Chapter 2, Network Exploration, covers host discovery techniques supported by Nmap and other useful tricks with the Nmap Scripting Engine.

Chapter 3, Reconnaissance Tasks,covers interesting information-gathering tasks with Nmap and the Nmap Scripting Engine.

Chapter 4, Scanning Web Servers, covers tasks related to web servers and web application security auditing.

Chapter 5, Scanning Databases, covers security auditing tasks for MySQL, MS SQL, Oracle, and NoSQL databases.

Chapter 6, Scanning Mail Servers, covers different tasks for IMAP, POP3, and SMTP servers.

Chapter 7, Scanning Windows Systems, covers tasks for security auditing Microsoft Windows systems.

Chapter 8, Scanning ICS SCADA Systems, covers tasks for scanning and identifying Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

Chapter 9, Optimizing Scans, covers tasks from scan optimization to the distribution of scans among several clients.

Chapter 10, Generating Scan Reports, covers the output options supported by Nmap and some additional nonofficial tools to generate reports in formats that are not supported.

Chapter 11, Writing Your Own NSE Scripts, covers the fundamentals of NSE development. It includes specific examples to handle sockets, output, NSE libraries, and parallelism.

Appendix A, HTTP, HTTP Pipelining, and Web Crawling Configuration Options, covers the configuration options of libraries related to the protocol HTTP.

Appendix B, Brute Force Password Auditing Options, covers configuration options of the NSE brute force engine.

Appendix C, NSE Debugging, covers the debugging options for the Nmap Scripting Engine.

Appendix D, Additional Output Options, covers additional output options supported by Nmap.

Appendix E, Introduction to Lua, covers the basics of Lua programming.

Appendix F, References and Additional Reading, covers references, additional reading, and official documentation used throughout this book.

What you need for this book

You will need the latest version of Nmap (https://nmap.org/) to follow the recipes in this book. Installation instructions for unofficial tools can be found in the book.

Who this book is for

This book is for any security consultant, administrator, or enthusiast looking to learn how to use and master Nmap and the Nmap Scripting Engine.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).

To give clear instructions on how to complete a recipe, we use these sections as follows.

Getting ready

This section tells you what to expect in the recipe and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "If you keep a working copy of the svn repository, you may do this easily by executing the following commands inside that directory."

A block of code is set as follows:

if http.page_exists(data, req_404, page_404, uri, true) then stdnse.print_debug(1, "Page exists! → %s", uri) end

Any command-line input or output is written as follows:

$svn co --username guest https://svn.nmap.org/nmap

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "You should see the messageNMAP SUCCESFULLY INSTALLEDwhen the operation is complete."

Warnings or important notes appear in a box like this.

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors .

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/NmapNetworkExplorationandSecurityAuditingCookbookSecondEdition_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at [email protected] with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Nmap Fundamentals

In this chapter, we will cover the following recipes:

Building Nmap's source code

Finding live hosts in your network

Listing open ports on a target host

Fingerprinting OS and services running on a target host

Using NSE scripts against a target host

Reading targets from a file

Scanning an IP address ranges

Scanning random targets on the Internet

Collecting signatures of web servers

Monitoring servers remotely with Nmap and Ndiff

Crafting ICMP echo replies with Nping

Managing multiple scanning profiles with Zenmap

Running Lua scripts against a network connection with Ncat

Discovering systems with weak passwords with Ncrack

Launching Nmap scans remotely from a web browser using Rainmap Lite

Introduction

Network Mapper (Nmap) was originally released by Gordon Fyodor Lyon in the infamous Phrack magazine Vol 7 Issue 51 (https://nmap.org/p51-11.html). It is acclaimed today as one the best tools for network reconnaissance and security auditing in the information security industry. The first public version was introduced as an advanced port scanner along with a paper describing research on techniques for port discovery, but it has become so much more. It has evolved into an essential, fully featured tool that includes several other great subprojects, such as Ncrack, Ncat, Nping, Zenmap, and the Nmap Scripting Engine (all of them are available at https://nmap.org/). Nmap is described as follows in the official website:

"Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X."

Other tools in the project were created to meet the specific needs of users. Nping (https://nmap.org/nping/) specializes in network packet crafting. Ncrack (https://nmap.org/ncrack/) focuses on network authentication cracking. Ncat (https://nmap.org/ncat/) is an enhanced version of Netcat and allows users to read, write, redirect, and modify network data. Zenmap (https://nmap.org/zenmap/) is a cross-platform GUI focused on usability. Finally, the Nmap Scripting Engine (https://nmap.org/book/nse.html) takes scanned information obtained from targets and provides an interface for users to script additional tasks.

Nmap's community is very active, so I encourage you to always keep up with the releases and latest patches. Announcements and discussions take place on the development mailing list, so if you would like to contribute to the project, I recommend you subscribe to it.

This first chapter is for newcomers. Starting with building Nmap, we will become familiar with all the tools of the Nmap project. In just a few recipes, you will learn how flexible and powerful Nmap really is, but as we move through chapters, we will go deep into the internals to learn not only how to use the tools but to extend them and create your own. The practical tasks chosen for this chapter will help you fingerprint local and remote systems, map networks, craft custom network packets, and even identify systems with weak passwords.

Building Nmap's source code

Throughout the following recipes, we will use the tools included with the Nmap project, so it is a good idea to install the latest versions now. This recipe will show how to download the latest copy of the source code from the development repositories and install Nmap and related tools in your UNIX-based system.

We always prefer working with the very latest stable version of the repository because precompiled packages take time to prepare and we may miss a patch or a new NSE script. The following recipe will show the process of configuring, building, and maintaining an up-to-date copy of the Nmap project in your arsenal.

Getting ready

Before continuing, you need to have a working Internet connection and access to a subversion client. Unix-based platforms come with a command-line client named subversion (svn). To check whether it's already installed in your system, just open a terminal and type the following command:

$ svn

If the command was not found, install svn using your favorite package manager or build it from source code. The instructions to build svn from source code are out of the scope of this book, but they are widely documented online. Use your favorite search engine to find specific instructions for your system.

When building Nmap, we will also need additional libraries such as the development definitions from OpenSSL or the make command. In Debian based systems, try the following command to install the missing dependencies:

#apt-get install libssl-dev autoconf make g++

Note that OpenSSL is optional, and Nmap can be built without it; however, Nmap will be crippled as it uses OpenSSL for functions related to multiprecision integers, hashing and encoding/decoding for service detection, and the Nmap Scripting Engine.

How to do it...

First, we need to grab a copy of the source code from the official repositories. To download the latest version of the development branch, we use the

checkout

(or

) command:

$svn co --username guest https://svn.nmap.org/nmap

Now you should see the list of downloaded files and the message

Checked out revision <Revision number>

. A new directory containing the source code is now available in your working directory. After we install the required dependencies, we are ready to compile Nmap with the standard procedure:

configure

make,

and

make

install

. Go into the directory containing the source code and enter the following:

$./configure

If the configuration process completes successfully, you should see some nice ASCII art (it's selected randomly, so you might not necessarily see this one):

To compile Nmap, use

make

$make

Now you should see the binary

nmap

in your current working directory. Finally, to install Nmap on the system, execute

make install

with administrative privileges:

#make install

You should see the message NMAP SUCCESFULLY INSTALLED when the operation is complete.

How it works...

The SVN repository hosted at https://svn.nmap.org/nmap contains the latest stable version of Nmap and has world read access that allows anyone to grab a copy of the source code. We built the project from scratch to get the latest patches and features. The installation process described in this recipe also installed Zenmap, Ndiff, and Nping.

There's more...

The process of compiling Nmap is similar to compiling other Unix-based applications, but there are several compiled time variables that can be adjusted to configure the installation. Precompiles binaries are recommended for users who can't compile Nmap from source. Unix-based systems are recommended because of some Windows limitations described at https://nmap.org/book/inst-windows.html.

Experimental branches

If you want to try the latest creations of the development team, there is a folder named nmap-exp that contains several experimental branches of the project. The code stored in this folder is not guaranteed to work all the time as it is used as a sandbox until it is ready to be merged in production. The subversion URL of this folder is https://svn.nmap.org/nmap-exp/.

Updating your local working copy

The Nmap project is very active (especially during summer), so do not forget to update your copy regularly. If you keep a working copy of the svn repository, you may do this easily by executing the following commands inside that directory:

$svn up

$make

#make install

Customizing the building process

If you do not need the other Nmap utilities, such as Nping, Ndiff, or Zenmap, you may use different configure directives to omit their installation during the configuration step:

./configure --without-ndiff

./configure --without-zenmap

./configure --without-nping

For a complete list of configuration directives, use the --help command argument:

$./configure --help

Precompiled packages

Precompiled Nmap packages can be found for all major platforms at https://nmap.org/download.html for those who do not have access to a compiler. When working with precompiled packages, just make sure that you grab a fairly recent version to avoid missing important fixes or enhancements.

Finding live hosts in your network

Finding live hosts in your local network is a common task among penetration testers and system administrators to enumerate active machines on a network segment. Nmap offers higher detection rates over the traditional ping utility because it sends additional probes than the traditional ICMP echo request to discover hosts.

This recipe describes how to perform a ping scan with Nmap to find live hosts in a local network.

How to do it...

Launch a ping scan against a network segment using the following command:

#nmap -sn <target>

The results will include all the hosts that responded to any of the packets sent by Nmap during the ping scan; that is, the active machines on the specified network segment:

Nmap scan report for 192.168.0.1 Host is up (0.0025s latency). MAC Address: F4:B7:E2:0A:DA:18 (Hon Hai Precision Ind.) Nmap scan report for 192.168.0.2 Host is up (0.0065s latency). MAC Address: 00:18:F5:0F:AD:01 (Shenzhen Streaming Video Technology Company Limited) Nmap scan report for 192.168.0.3 Host is up (0.00015s latency). MAC Address: 9C:2A:70:10:84:BF (Hon Hai Precision Ind.) Nmap scan report for 192.168.0.8 Host is up (0.029s latency). MAC Address: C8:02:10:39:54:D2 (LG Innotek) Nmap scan report for 192.168.0.10 Host is up (0.0072s latency). MAC Address: 90:F6:52:EE:77:E9 (Tp-link Technologies) Nmap scan report for 192.168.0.11 Host is up (0.030s latency). MAC Address: 80:D2:1D:2C:20:55 (AzureWave Technology) Nmap scan report for 192.168.0.18 Host is up (-0.054s latency). MAC Address: 78:31:C1:C1:9C:0A (Apple) Nmap scan report for 192.168.0.22 Host is up (0.030s latency). MAC Address: F0:25:B7:EB:DD:21 (Samsung Electro Mechanics) Nmap scan report for 192.168.0.5 Host is up. Nmap done: 256 IP addresses (9 hosts up) scanned in 27.86 seconds

Ping scans in Nmap may also identify MAC addresses and vendors if executed as a privileged user on local Ethernet networks.

How it works...

The Nmap option -sn disables port scanning, leaving the discovery phase enabled, which makes Nmap perform a ping sweep. Depending on the privileges, Nmap by default uses different techniques to achieve this task: sending a TCP SYN packet to port 443, TCP ACK packet to port 80 and ICMP echo and timestamp requests if executed as a privileged user, or a SYN packets to port 80 and 443 via the connect() syscall if executed by users who can't send raw packets. ARP/Neighbor Discovery is also enabled when scanning local Ethernet networks as privileged users. MAC addresses and vendors are identified from the ARP requests sent during the ARP/Neighbor Discovery phase.

There's more...

Nmap supports several host discovery techniques, and probes can be customized to scan hosts effectively even in the most restricted environments. It is important that we understand the internals of the supported techniques to apply them correctly. Now, let's learn more about host discovery with Nmap.

Tracing routes

Ping scans allows including trace route information of the targets. Use the Nmap option --traceroute to trace the route from the scanning machine to the target host:

#nmap -sn --traceroute google.com microsoft.com

Nmap scan report for google.com (216.58.193.46) Host is up (0.16s latency). Other addresses for google.com (not scanned): 2607:f8b0:4012:805::200e rDNS record for 216.58.193.46: qro01s13-in-f14.1e100.net TRACEROUTE (using port 443/tcp) HOP RTT ADDRESS 1 1.28 ms 192.168.0.1 2 ... 3 158.85 ms 10.165.1.9 4 ... 5 6 165.50 ms 10.244.158.13 7 171.18 ms 10.162.0.254 8 175.33 ms 200.79.231.81.static.cableonline.com.mx (200.79.231.81) 9 183.16 ms 10.19.132.97 10 218.60 ms 72.14.203.70 11 223.35 ms 209.85.240.177 12 242.60 ms 209.85.142.47 13 ... 14 234.79 ms 72.14.233.237 15 235.17 ms qro01s13-in-f14.1e100.net (216.58.193.46) Nmap scan report for microsoft.com (23.96.52.53) Host is up (0.27s latency). Other addresses for microsoft.com (not scanned): 23.100.122.175 104.40.211.35 104.43.195.251 191.239.213.197 TRACEROUTE (using port 443/tcp) HOP RTT ADDRESS - Hops 1-9 are the same as for 216.58.193.46 10 183.27 ms 10.19.132.30 11 231.26 ms 206.41.108.25 12 236.77 ms ae5-0.atb-96cbe-1c.ntwk.msn.net (104.44.224.230) 13 226.22 ms be-3-0.ibr01.bn1.ntwk.msn.net (104.44.4.49) 14 226.89 ms be-1-0.ibr02.bn1.ntwk.msn.net (104.44.4.63) 15 213.92 ms be-3-0.ibr02.was05.ntwk.msn.net (104.44.4.26) 16 251.91 ms ae71-0.bl2-96c-1b.ntwk.msn.net (104.44.8.173) 17 ... 19 20 220.70 ms 23.96.52.53 Nmap done: 2 IP addresses (2 hosts up) scanned in 67.85 seconds

Running the Nmap Scripting Engine during host discovery

The Nmap Scripting Engine can be enabled during ping scans to obtain additional information. As with any other NSE script, its execution will depend on the hostrule specified. To execute a NSE script with ping scans, we simply use the Nmap option --script <file,folder,category>, the same way as we would normally call NSE scripts with port/service detection scans:

#nmap -sn --script dns-brute websec.mx

Nmap scan report for websec.mx (54.210.49.18) Host is up. rDNS record for 54.210.49.18: ec2-54-210-49-18.compute- 1.amazonaws.com Host script results: | dns-brute: | DNS Brute-force hostnames: | ipv6.websec.mx - 54.210.49.18 | web.websec.mx - 198.58.116.134 | www.websec.mx - 54.210.49.18 |_ beta.websec.mx - 54.210.49.18

Another interesting NSE script to try when discovering live hosts in networks is the script broadcast-ping:

$ nmap -sn --script broadcast-ping 192.168.0.1/24

Pre-scan script results: | broadcast-ping: | IP: 192.168.0.11 MAC: 80:d2:1d:2c:20:55 | IP: 192.168.0.18 MAC: 78:31:c1:c1:9c:0a |_ Use --script-args=newtargets to add the results as targets

Exploring more ping scanning techniques

Nmap supports several ping scanning techniques using different protocols. For example, the default ping scan command with no arguments (nmap -sn <target>) as a privileged user internally executes the -PS443 -PA80 -PE -PP options corresponding to TCP SYN to port 443, TCP ACK to port 80, and ICMP echo and timestamps requests.

In Chapter 2, Network Exploration, you will learn more about the following ping scanning techniques supported in Nmap:

-PS/PA/PU/PY [portlist]

: TCP SYN/ACK, UDP or SCTP discovery to given ports

-PE/PP/PM

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben:

Nmap: Network Exploration and Security Auditing Cookbook E-Book

Paulino Calderon

Title Page

Nmap: Network Exploration and Security Auditing Cookbook

Second Edition

Copyright

Nmap: Network Exploration and Security Auditing Cookbook

Second Edition

Credits

About the Author

Acknowledgments

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

Nmap Fundamentals

Introduction

Building Nmap's source code

Getting ready

How to do it...

How it works...

There's more...

Experimental branches

Updating your local working copy

Customizing the building process

Precompiled packages

Finding live hosts in your network

How to do it...

How it works...

There's more...

Tracing routes

Running the Nmap Scripting Engine during host discovery

Exploring more ping scanning techniques