Nmap in windows

 Introduction to Nmap:-

Nmap (Network Mapper) is a utility for network exploration or security or security auditing . It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification).

Internet security companies can use Nmap to scan a system and understand what weaknesses exist that a hacker could potentially exploit. As the program is open-source and free, it is one of the more common tools used for scanning networks for open ports and other weaknesses.

Some of the basic features of Nmap are:

  1. It discovers hosts on a network.
  2. It also scans open ports on the target hosts.
  3. It also finds the application name and the version number by interacting with network services on remote devices.
  4. It also finds the OS and hardware characteristics of the network devices.
  5. It also does scriptable interaction with the target with the help of NSE(Nmap Scripting Engine) and Lua programming languages.
  6. It is open-source software and is available for most operating systems.

Installation of Nmap in windows:


Step 1: Visit the official website using the URL https://nmap.org/download.html on any web browser the click on nmap-7.92-setup.exe. Downloading of this executable file will start soon. It is a 21.8 MB file so it will take some minutes.


Step 2: Now check for the executable file in downloads in your system and run it.


Step 3: It will prompt confirmation to make changes to your system. Click on Yes.

Step 4: The next screen will be of License Agreement, click on I Agree.


Step 5: Next screen is of choosing components, all components are already marked so don’t change anything just click on the Next button.


Step 6: In this step, we choose the installation location of Nmap. By default, it uses the C drive but you can change it into another drive that will have sufficient memory space for installation. It requires 84.3 MB of memory space.



Step 7: After this installation process it will take a few minutes to complete the installation.
Step 8: Npcap installation will also occur with it, the screen of License Agreement will appear, click on I Agree.

Step 9: Next screen is of installation options don’t change anything and click on the Install button.

Step 10: After this installation process it will take a few minutes to complete the installation.

Step 11: After completion of installation click on the Next button.

Step 12: Click on the Finish button to finish the installation of Npcap.

Step 13: After completion of the installation of Nmap click on Next button.

Step 14: Screen for creating shortcut will appear, click on Next button.

Step 15: Click on the Finish button to finish the installation of Nmap.
Step 16: Nmap is successfully installed on the system and an icon is created on the desktop.

Step 17: Run the software and see the interface.

alternative links to download:-

How to use Nmap in windows?

Launch a command prompt.

Typing nmap [hostname] or nmap [ip_address] will initiate a default scan. A default scan uses 1000 common TCP ports and has Host Discovery enabled.

Host Discovery performs a check to see if the host is online. In a large IP range, this is useful for identifying only active or interesting hosts, rather than scanning every single port on every single IP in the range (a lot of which may not even be there).


Brief summary:-


STATEDescription
OpenThe target port actively responds to TCP/UDP/SCTP requests.
ClosedThe target port is active but not listening.
FilteredA firewall or packet filtering device is preventing the port state being returned.
UnfilteredThe target port is reachable but Nmap cannot determine if it is open or closed.
Open/FilteredNmap cannot determine if the target port is open or filtered.
Closed/FilteredNmap cannot determine if the target port is closed or filtered

The “–open” parameter

In any of the commands below, you can specify the “–open” parameter in your Nmap command to have Nmap only show you ports with an “Open” state.

nmap –open [ip_address]

Scanning a single port

nmap -p 80 [ip_address]

This command will initiate a default scan against the target host and look for port 80.


Scanning a specific range of ports

nmap -p 1-200 [ip_address]

This command will initiate a default scan against the target host and look for ports between the range of 1-200.


Scanning the entire port range

nmap -p- [ip_address]

This command will initiate a scan against the target host looking for all ports (1-65535).


Scanning the top 100 ports (fast scan)

nmap -F [ip_address]

This command will initiate a fast scan against the target host looking only for the top 100 common TCP ports.


Scanning multiple TCP/UDP ports

nmap -p U:53,67-68,T:21-25,80,135 [ip_address]

This command will initiate a scan against the target host looking only for specified UDP and TCP ports.


Scanning for specific service names

nmap -p http,ssh,msrpc,microsoft-ds [ip_address]

This command will initiate a scan against the target host looking for ports associated with specified service names.

TCP SYN scan (default)

nmap -sS [ip_address]

This command will initiate a TCP SYN scan against the target host. A TCP SYN scan sends a SYN packet to the target host and waits for a response. If it receives an ACK packet back, this indicates the port is open. If an RST packet is received, this indicates the port is closed. If no response is received after multiple transmissions, the port is considered filtered (a device or application between the source and the target is filtering the packets).

TCP connect scan

nmap -sT [ip_address]

This command will initiate a TCP connect scan against the target host. A TCP connect scan is the default scan performed if a TCP SYN scan is not possible. This type of scan requests that the underlying operating system try to connect with the target host/port using the ‘connect’ system call.

UDP port scan

nmap -sU [ip_address]

This command will initiate a UDP port scan against the target host. A UDP scan sends a UDP packet to the target port(s). If a response is received, the port is classified as Open. If no response is received after multiple transmissions, the port is classified as open/filtered.

SCTP INIT scan

nmap -sY [ip_address]

This command will initiate an SCTP INIT scan against the target host. An SCTP INIT scan is similar to the TCP SYN scan but specific to the SCTP protocol. An INIT chunk is sent to the target port(s). If an INIT-ACK chunk is received back, the port is classified as open. If an ABORT chunk is received, the port is classified as closed. If no response is received after multiple transmissions, the port is classified as filtered.

Zenmap

The Nmap installation package comes with a front-end GUI for Nmap called Zenmap, used to control Nmap from a user interface rather than a command-line.

One of the key benefits of using the GUI front-end version is the ability to save scanning profiles. You can configure a profile to include customized scanning options, scan targets, ping options, scripts, and performance options.

You may wish to create a new profile before initiating a scan. To do this, go to Profile > New Profile or Command.

A default list of scan profiles is included and the description and options for each can be reviewed from Profile > Edit Selected Profile.


To kick off a scan, enter the target to be scanned and choose a scan profile before clicking ‘Scan’.

When the scan is complete, the results will be displayed in the ‘Nmap Output’ tab with a further breakdown available in the Ports/Hosts, Topology, Host Details, and Scans tabs.




Go to the Ports/Hosts tab for a detailed list of all the open ports found on the target host.



Zenmap saves a history of your scans and allows you to compare two scans side-by-side. To do this, go to Tools > Compare Results. This is useful for eyeballing whether two hosts have the same list of open ports.


                                                              and it's done 

Nmap cheatsheets:- 

host discovery and identification 

Basic scanningnmap <target>
Launch a ping scan (subnet)nmap -sn <target> Ex: nmap -sn 192.168.1.0/24
Scan a list of targetsnmap -iL [targets.txt]
Ping scan with traceroutenmap -sn –traceroute acme.org example.org
TCP SYN pingnmap -PS <target>
UDP pingnmap -PU <target>
Scan IPv6 targetnmap -6 <target>
Specify NSE scriptnmap -sn –script dns-brute example.org
Manually assign DNS serversnmap –dns-servers <servers> <target>
ARP discoverynmap -PR <target> Ex: nmap -PR 192.168.1.0/24
UDP discovery on specified portnmap -PU53 <target>
No DNS resolutionnmap -n <target>
Select network interfacenmap -e <interface> <target>
Skip host discoverynmap -Pn <target>

Version detection

Service detectionnmap -sV <target> Ex: nmap -sV scanme.nmap.org
OS detectionnmap -O <target>
Attempt OS guessingnmap -O –osscan-guess <target>
Increasing version detectionnmap -sV –version-intensity 0-9> <target>
Troubleshoot version scansnmap -sV –version-trace <target>
Aggressive detection modenmap -A <target>


Comments

Popular Posts