Shulou(Shulou.com)06/01 Report--

Nmap Network Security Audit what is Nmap

Nmap was designed and implemented by Gordon Lyon and was released in 1997. Nmap was originally designed to create a powerful port scanning tool. But with the development of time, the function of Nmap becomes more and more comprehensive. On July 17, 2009, the open source network security scanning tool Nmap officially released version 5.00, which represents the transformation of Nmap from a simple network connection side scanning software to a full range of security and network tool components.

Functions of Nmap:

1. Host discovery function: send a special combination of packets to the target computer, and then judge whether it is powered on and connected to the network according to the response of the target.

two。 Port scan: sends a special combination of packets to the designated port of the target computer, and then determines whether it is open according to the response of the target port.

3. Service and version detection: send a special combination of packets to the port of the target computer, and then detect the service type and version of the service it is running according to the target's response.

4. Operating system detection: sends a special combination of packets to the target computer, and then detects its operating system type and version according to the target's response.

In addition to these basic functions, Nmap also implements some advanced audit techniques, such as falsifying the identity of the initiating scanning side, conducting covert scanning, security defense devices that evade the target, detecting security vulnerabilities in the system, and providing comprehensive reporting options. In addition, Nmap also launched a powerful scripting engine (NSE).

Installation of Nmap

I don't want to write such a simple thing.

Basic operation of Nmap

The easiest way is to type directly on the command line:

Nmap 192.168.0.1

You can test with your own Ethernet ip here.

Needless to say about the scan results, ports, port status, running services, etc.

Determination of scanning range

When you know your IP address, how to find out the other surviving hosts under the network? if our IP address is 192.168.0.103, how can you find the surviving hosts in this network segment?

Nmap-sn 192.168.0.1-255

Through the scanning results, we can see that there are three devices in this network segment. Through the scanning results, we can find a tp-link router, ha.

Scan the entire subnet

Nmap supports scanning the entire subnet using CIDR (classless inter-domain routing).

Nmap-sn 192.168.0.1 hand 24

I have a new device connected here, which is displayed as four devices. You can see the contents in parentheses. Here is an oneplus one plus mobile phone.

Scan multiple discontiguous hosts

Nmap can scan multiple hosts at a time, and if these scanned addresses have no relationship, they can be scanned at the same time by separating the destination addresses with spaces.

We test according to the four ip scanned above, and the scan results are all the same, so there is no map here.

Nmap-sn 192.168.0.1 192.168.0.100 192.168.0.101 192.168.0.103 exclude the specified target when scanning

When we scan for batch hosts, if we need to exclude some specified hosts, we can use the exclude option

According to the way the subnet is scanned above, I will exclude the router here.

Nmap-sn 192.168.0.1 pick 24-exclude 192.168.0.100

The order of grammar here has changed. I feel that the above method is easier to remember. As long as you input it, nmap will automatically change it, and it doesn't matter.

You may have to ask why it was 192.168.0.1 when you scanned the subnet before, so it became 192.168.0.0, because when I type 192.168.0.1 bank 24 to scan, it may think you are scanning 192.168.0.1, but in fact we need 192.168.0, if you know what I mean.

Scan the IP address in the text of a file

If you need to scan for certain IP addresses frequently, it is troublesome to type them each time, and we can write these IP addresses into text at this time. I wrote four addresses into the ip.txt text here, and we used the iL parameter of nmap

Nmap-sn-iL ip.txt

Of course, scanning directly after you have created the document will of course report an error. You need to put the written text into the nmap file directory.

Randomly determine the scanning target

The iR parameter in nmap can randomly generate some targets and then scan them. The iR parameter is followed by the number of targets.

Nmap-sn-iR 10

Here, it is recommended to scan more. If the number is too small, you can't find the surviving host.

common problem

1. If you prompt Failed to open device eth0 when you install Nmap for scanning, this may be because your npcap version is not up-to-date. If you download the latest version of Nmap on the official website, then your npcap version should be 0.9982, normally it should be 0.9983, so if you report a mistake, you need to go to npcap's official website to download the latest version of npcap, and then put it in the Nmap directory.

Postscript

Will continue to update the use of Nmap, I am also watching while learning while writing, there are mistakes, please point out in time, do not illegally scan websites, hosts, carefully comply with the network security law, test, please use your own address or virtual host.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.