https://nmap.org/download.html

https://github.com/Ignitetechnologies/Nmap-For-Pentester

https://github.com/rmusser01/Infosec_Reference/tree/master/Draft

NMAP: Foot-printing tool for IP,Website, or Any Target [ Very noisy port scanner ]

Ping: Test whether connection is possible for a site. The result will output the IP address of the server hosting the site.

Traceroute: Maps the path your request makes as it heads to the target machine.

First Ping a Domain to get back the IP : [ ip a ][ hostneame -I ]

Scan Ports to see which ones are Open and available

NMAP Scan Types (Switches):

  • TCP / SYN Scan (-sS) : With the the TCP/SYN Scan, The three-way handshake does not happen, so on the target system no sessions are created. This means you can use this where hiding yourself is the first priority. Also known as “half open scanning” ( root/administrator is required for this scan. )
nmap -sS -p 80 151.101.66.194
  • TCP Connect Scan (-sT) : TCP Connect Scan, unlike SYN Scan, uses Operating System’s connect() call, which create a connection and thus three way handshake is completed. Keep in mind this is only for TCP ports not UDP ports.
nmap -sT -p 80 151.101.66.194
  • DNS Lookup (-sL) : Performs a simple DNS Lookup 
nmap -sL wired.com
  • UDP SCAN (-sU) : UDP Scan looks for open UDP ports on the target machine. If the response is appropriate menas the port is open else it is closed. (switch -F is asking Nmap for a “fast-scan”
nmap -sU 151.101.66.194 -F
  • FIN Scan (-sF) : When Firewalls are in place on your targets Machine, the Firewall will tend to drop SYN Packets when attempting a basic port scan. “FIN” scan can help fix this problem by only setting the finish flag by sender/ No TCP handshake takes place. No handshake will leave no logs in Wireshark.
nmap -sF -p 80 151.101.66.194
  • NULL Scan (-sN) : “All the headers are set to NULL and most of the time target host is not sure what to do in such case, the result might be unreliable as the packet is considered as invalid. Windows Servers are unlikely to give any useful information. But this is sometimes helpful in cases where non-Windows servers is behind a firewall.”
nmap -sN -p 80 151.101.66.194
  • Xmas Scan (-sX) : “Just like NULL scan where every header was null, here every header is set to on. Now again due to TCP stack implementation in windows machines , won’t respond. XMas Scan manipulates FIN URG and PSH Headers in TCP”
nmap -sX -p80 151.101.66.194
  • Ping Scan (-sP / -sn) : Ping is a Quick and EZ way to check is the host on an IP is alive. 0/24 is telling NMAP to ping scan all 256 Hosts. [-sn means no port scan is done.] 
nmap -sP 151.101.66.194 0/24
  • Version Detection (-sV) : “Version detection scans tells you the version of services running on the respective ports, this helps you to determine the related exploits for the particular versions, greatly helps in hacking / penetration testing. In the result below I have scanned only few ports so to keep the result sort as metasploitable2 has many open ports.”
nmap -sV -p1-50 151.101.66.194
  • OS Detection (-O) : “OS Detection SCan tries to guess the Operating System on the target machine. The Nmap nmap-os-db database contains about 2600 Operating Systems, and sending TCP UDP Packets, nmap compares the results in database , resulting into identifying the Operating System on target machine. If you go through lines you can notice this is mostly based on the ports detected. The OS Detection scan may also give unreliable results sometimes and also the result might match to many in the nmap-os-db.”
nmap -O 192.168.56.102
  • Agressive Scan (-A) : [Very Noisy Scan on Network]c – Scan Aggressively to harvest as much information possible. Be careful of the network before you run this .
nmap -A 192.168.56.103
  • THERE ARE MANY MORE SWITCHES THAT NMAP CAN USE, TO SEE ALL CHECK SOURCE:

https://nmap.org/book/man-briefoptions.html

– – trace route :

Host Discovery

TCP Scan: Consists of 6 main Flags (Shown under “info” in Wireshark) [-sT]

  • SYN: Stands for Synchronize. It assists in notifying when a new sequence number is transmitted. The SYN flag usually represents a Three-Way-Handshake.
  • ACK: Stand for Acknowledgment. Shows status of the packet transmission, also helps with identifying what sequence number to except next.
  • RST: Stands for Reset. Shows when is there is error in the connection and sets flag to 1 and then the connection is broken.
  • URG: Stands for Urgent. This flag usually commands to process packets as soon as possible.
  • Fin: Stands for Finish. Indicates bio further transmission of packets.
  • PSH: Stands for Push. Used to start and end data transfer, prevents the occurrence of buffer deadlocks.

Cheat Sheets:

Image

{S}: https[:]//github.com/rmusser01/Infosec_Reference/tree/master/Draft {Cheat Sheet Reference}

{S}: https[:]//www.hackingarticles.in/nmap-for-pentester-host-discovery/

{S}: https[:]//ethicalhackx.com/nmap-tutorial-scan-types-and-uses/