nmap tutorial  - nmap Tutorial - NMAP Tutorial for Hackers (Part-1/3)
nmap tutorial

NMAP is a network and port scanning tool, and how to scan targets and networks we will see in this small guide which is only about scanning targets and ranges. The other NMAP guides where we discuss further are next step in nmap series, to keep the other guides to the points I avoided many types of scanning in that post. Take a look at how we can scan different targets with nmap.

NOTE : This is Part 1/3 , in subsequent parts 2nd and 3rd we will cover more on nmap, here we talk only about selecting attack surface. Part 2,3 will detail on attacking the surface/machines.

NOTE : argument -sP is to check if the host is up, so I have used it below many places to show how to select targets, we will cover arguments in details in other post, this article is only to select targets. So actually you can ignore -sP argument when you are trying yourself.

NMAP Targets on VM  - nmap Tutorial part 1 1 - NMAP Tutorial for Hackers (Part-1/3)

The First scan is nmap on a single target machine or website

Here we are scanning a single target which will give us the basic details. In terminal it will be something like below.

namp target  - nmap Tutorial part 1 2 - NMAP Tutorial for Hackers (Part-1/3)

Scanning a website with nmap
Your target is a website and so our target changes.

nmap scanning a website - nmap target.com  - nmap Tutorial part 1 3 - NMAP Tutorial for Hackers (Part-1/3)

Scanning a Subnet with nmap

You want to scan a subnet when you have the CIDR information or you suspect that you might get something useful on this network subnet. So I have removed few machines t o make the result understandatble, we scanned a subnet and we got to know we have few machines that are up and the ports on machines that are open, You need to know the CIDR information and the subnet classification.

scanning by CIDR format, scanning subnet  - nmap Tutorial part 1 4 - NMAP Tutorial for Hackers (Part-1/3)

Scanning more than one targets , specific IP addresses

Scanning Range of IP Address  - nmap Tutorial part 1 6 - NMAP Tutorial for Hackers (Part-1/3)

As we have used -sP argument , we just checked 4 IP address and got that 3 machines are up. In a similar way you can scan as many IP address you want, and change remove arguments, like I have used -sP

Scanning IP Ranges

Now we want to scan range of IP address, like 172.16.109.(128-150) or

Scan result for
So when scanning this a total 26 IP Address scanned and 3 machines up.

- nmap Tutorial part 1 7 - NMAP Tutorial for Hackers (Part-1/3)

Scanning with two ranges in IP Address – 172.16.(108.110).(125-150) .

If you are confused what we did the step above, use -sL arguments to list all the IP Address scanned, nmap -sP -sL 172.16.107-110.132-134 . In the output below you can notice the result.

Scanning IP Address Range in Format 172.16.x-y.x-y  - nmap Tutorial part 1 8 - NMAP Tutorial for Hackers (Part-1/3)

So this was specifying targets, what if somehow you scanned website and got all the IP address in a file ?

Scanning IP Address List from file.

namp scanning IP Address list form a file.  - nmap Tutorial part 1 9 - NMAP Tutorial for Hackers (Part-1/3)

Scanning IP Address excluding IP(s)

We have a list of IP Address we want to scan but we also have information where we want to exclude those IP due to some reasons, maybe we know on that IP we don’t have any useful information. Now it might seem foolish but attach surface should always be precise, without making noise we should detect information and hence this is important. Here you can use comma(,) to add more IP to excluded list.

nmap exclude IP Address from scanning  - nmap Tutorial part 1 10 - NMAP Tutorial for Hackers (Part-1/3)

Exclude IP List from a file

We scanned a list of targets from a file but excluded IP which we wanted. Two parts of Output show the result for excluding IPs from a file.

Nmap scanning and excluding IP Address from a list in file  - nmap Tutorial part 1 11 - NMAP Tutorial for Hackers (Part-1/3)

So this was all about IP, now we move to ports.

Port Scanning

We have few options in port scanning, just like IP we can specify the ports we want to scan, range of ports and more we will see below.

Scanning a port on IP Address or more than one IP Address.

Suppose you are interested in port 80 on a list of hosts say web servers you are scanning or say ftp ports on a list of servers.

Scanning ports on multiple IP Address  - nmap Tutorial part 1 12 - NMAP Tutorial for Hackers (Part-1/3)

Scanning a number of ports on one or more machines

We might want to scan multiple ports on one or more machines/IP, here we check port 21,80,443 on a range of IP Address.

Scan a range of Ports

We can scan a range of ports in a similar way to IP Address over one or more IP Address, in this example I will show only on one IP Address but just like above you can add more to targets or add a list of targets from file. Below we are scanning ports 1-400 range

- nmap Tutorial part 1 14 - NMAP Tutorial for Hackers (Part-1/3)

Scanning all ports

You might know little about a machine and want to explore all the ports, a basic nmap scan scans ports up to 1000 only, what if you want to scan all ports 65535 total. This might take some time but you might uncover some more information.

Scanning All Ports on machine / IP Address  - nmap Tutorial part 1 15 - NMAP Tutorial for Hackers (Part-1/3)

Always remember you can always scan a range of IPs, a range of ports and with a number of more arguments. This was only about selecting the attack surface, make it more precise and sure shot so that with minimum noise we collect more information.

Thought of scanning the internet ?

What ? Scan the internet ? yes what if you decide to scan all the IP Ranges, tell below in comment your idea on this.

We are covering more interesting NMAP Guide Part 2 in upcoming article.

Source link

No tags for this post.


Please enter your comment!
Please enter your name here