This page was already viewed 335times
The first step in the methodology for active hacking (a.k.a cyber kill-chain) is to gather as much as possible information on the remote targeted device. NMAP is a very well-known free port scanner allowing auditers, admin-sys and hackers to quickly monitor and get information on the network and devices cybersecurity. Designed for the detection of open ports, services identification and even OS detection on remote network hosts, it also allows much more features thanks to its NSE scripting technology.
The following article presents various map commands for scanning a remote device and getting information.
The following command shows the usage of the -A option which enables OS detection, version detection, script scanning, and traceroute
*discret scanauditer@linux:#nmap -A 192.168.0.1
Various cyberdefense policies and tools actively monitors their network by detecting the usage of NMAP. The following command enable a more discret scan with an half-open ports technique.
*Network scanauditer@linux:#nmap -sS 192.168.0.1
Analysing a single host is nice, but auditing an entire network is better. The following command allows to check for every devices in a network.
auditer@linux:#nmap -sP 192.168.0.0/24
As previously mentioned, NMAP implements various features for a remote host OS type detection
*Standard OS detectionThe following command perform a standard OS detection of the remote target
*OS detection with guessingauditer@linux:#nmap -O 192.168.0.1
The following command enables a deeper OS detection by guessing techncs depending of the remote target comportment
auditer@linux:#nmap -O --fuzzy 192.168.0.1
More a scan is aggressive, more information may be harvested, however at a price of discretion. A more discret scan would be more long, less detected by IDS, but less information could be retrieved
The following command configures the scanning method as paranoid.
auditer@linux:#nmap -T0 192.168.0.1
The following command configures the scanning method as sneaky.
auditer@linux:#nmap -T1 192.168.0.1
The following command configures the scanning method as polite.
auditer@linux:#nmap -T2 192.168.0.1
The following command configures the scanning method as normal.
auditer@linux:#nmap -T3 192.168.0.1
The following command configures the scanning method as agressive.
auditer@linux:#nmap -T4 192.168.0.1
The following command configures the scanning method as insane.
auditer@linux:#nmap -T5 192.168.0.1