Nmap

Today, we are going to do a little bit of hacking. A cli tool that allows you to scan a network to improve security or do 'evil' things to it.

What is Nmap

Nmap stands for Network Mapper and is a tool that allows you to scan a network in different ways. Like scanning for versions or vulnerabilities.

Why?

Nmap is free and open source, because the creator of the tool wants everyone to be able to secure their network. It is used by network admins to secure their network and hackers to find vulnerabilities and find ways to get into the network.

Commands

With Nmap you can scan a domain for open ports in the popular 1000 ports. It can be done with:

nmap domain.com

You'll get a list of all open ports. This is useful if you want to check if a specific port is open and also find ports that are open when they shouldn't be open due to security.

To find open ports, Nmap does a tcp three-way handshake. If you want to hide your scanning in the network, you can do a stealthy scan with the -sS flag. Nmap no longer does a three-way handshake and makes it harder to find out you're scanning the network.

By adding the -sp flag, you can do a ping scan and find all devices in the network. Like this:

nmap -sp 192.168.1.0/24

To find vulnerabilities, we can scan the network for versions with this command:

nmap -sV domain.com

You'll get a list of available services and their versions. For example the ssh version running on the server.

An aggressive scan can be done with the -A flag. Like this:

nmap -A domain.com

It does OS detection, port scanning and version scanning all at once. Be careful with this type of scan since it is easily detectable.

These are the basics of what you can do with Nmap. It is a fun tool to scan your network. For network admins and hackers!