Nmap is a free and open source tool for network scanning and security auditing. Many systems and network administrators also see it useful for many tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
It’s the most famous port scanning tool. It can integrate with Metasploit quite easily, storing scan output in a database backend for later use. Nmap helps pen testers scan hosts to identify the running services.
One of the preferred nmap options is “-sS”. The option runs a stealth TCP scan that decides whether a specific TCP-based port is open. Another preferred option is “-Pn”, which instructs Nmap not to use ping to decide whether a system is running; instead, it considers all hosts “alive.” If you’re doing Internet-based penetration tests, you should use this option, because most networks don’t allow Internet Control Message Protocol (ICMP), which is the protocol that ping uses. If you’re performing this scan internally, you can probably ignore this flag.
By using the “-A” option. This option will try advanced service enumeration and banner grabbing, which may give more details about the target system. For example, here’s what we’d see if we were to call nmap with the “-sS” and “-A” options:
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020