What is “nmap” Package? Port scanning utility for large networks For more details: Installation Open Terminal by pressing command+space then. Nmap includes useful functionality of listing MAC Address Vendor name during scans, but my version listed many as 'Unknown'. The source of this information is a file called 'nmap-mac-prefixes', as discussed in Chapter 14 of the NMAP book. Zenmap is the official cross-platform GUI for the Nmap Security Scanner. It is free and runs on Linux, Windows, Mac OS X, etc. Zenmap aims to make Nmap easy for. Free Open Source Mac Windows Linux Asynchronous Gui Network Monitoring Add a feature. The manufacturer then assigns a unique value for the last 3 bytes, which ensures that every MAC address is globaly unique. In the following picture we can see the structure of a MAC address: MAC addresses are usually written in the form of 12 hexadecimal digits. For example, this is a valid MAC address: D8-D3-85-EA-1B-EE.
Nmap (network mapper), the god of port scanners used for network discovery and the basis for most security enumeration during the initial stages of a penetration test. The tool was written and maintained by Fyodor AKA Gordon Lyon.
Nmap displays exposed services on a target machine along with other useful information such as the verion and OS detection.
Nmap has made twelve movie appearances, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.
Nmap in a nutshell
Nmap Examples
Basic Nmap scanning examples, often used at the first stage of enumeration.
Agressive scan timings are faster, but could yeild inaccurate results!
T5 uses very aggressive scan timings and could lead to missed ports, T4 is a better compromise if you need fast results.
Nmap scan from file
Nmap output formats
Nmap Netbios Examples
--script-args=unsafe=1 has the potential to crash servers / services
Becareful when running this command.
Nmap Nikto Scan
Nmap CheatsheetTarget Specification
Nmap allows hostnames, IP addresses, subnets.
Example blah.highon.coffee, nmap.org/24, 192.168.0.1; 10.0.0-255.1-254
Host Discovery
Scan Techniques
Port Specification and Scan Order
Service Version Detection
Script Scan
OS Detection
Timing and Performance
Options which take TIME are in seconds, or append 'ms' (milliseconds),'s' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
![]() Firewalls IDS Evasion and Spoofing
Nmap Output Options
Misc Nmap Options
Nmap Enumeration Examples
The following are real world examples of Nmap enumeration.
Enumerating Netbios
The following example enumerates Netbios on the target networks, the same process can be applied to other services by modifying ports / NSE scripts.
Detect all exposed Netbios servers on the subnet.
Nmap find exposed Netbios servers
root:~#nmap -sV -v -p 139,445 10.0.1.0/24
Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-11 21:26 GMT Nmap scan report for nas.decepticons 10.0.1.12 Host is up (0.014s latency). PORT STATE SERVICE VERSION 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MEGATRON) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MEGATRON) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 256 IP addresses (1 hosts up) scanned in 28.74 seconds </p>
Nmap find Netbios name.
Nmap find exposed Netbios servers
root:~#nmap -sU --script nbstat.nse -p 137 10.0.1.12
Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-11 21:26 GMT Nmap scan report for nas.decepticons 10.0.1.12 Host is up (0.014s latency). PORT STATE SERVICE VERSION 137/udp open netbios-ns Host script results: |_nbstat: NetBIOS name: STARSCREAM, NetBIOS user: unknown, NetBIOS MAC: unknown (unknown) Nmap Scan Mac AddressNmap done: 256 IP addresses (1 hosts up) scanned in 28.74 secondsNmap For Mac Osx</p>![]()
Check if Netbios servers are vulnerable to MS08-067
Nmap check MS08-067
root:~#nmap --script-args=unsafe=1 --script smb-check-vulns.nse -p 44510.0.0.1
Nmap scan report for ie6winxp.decepticons (10.0.1.1) Host is up (0.00026s latency). PORT STATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-check-vulns: | MS08-067: VULNERABLE | Conficker: Likely CLEAN How To Use Nmap For Mac| regsvc DoS: NOT VULNERABLE| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE Nmap For Mac Command Line|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)Nmap done: 1 IP address (1 host up) scanned in 5.45 seconds Nmap For Mac Os</p>Nmap For Mac High Sierra
The information gathered during the enumeration indicates the target is vulnerable to MS08-067, exploitation will confirm if it’s vulnerable to MS08-067.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |