top of page

Mastering Network Scanning with Nmap: Discovery in Bug Bounty Hunting





Introduction


Network scanning is an essential part of network management and security. Nmap (Network Mapper) is a powerful open-source tool that can help you discover devices, services, and vulnerabilities on your network. In this comprehensive guide, we will explore Nmap and major Linux commands with plenty of practical examples to help you get started with network scanning and security auditing for bug bounty.


What is Nmap?

Nmap is a versatile and free network scanning utility originally developed by Gordon Lyon (Fyodor) and now maintained by a community of developers. It's available for Linux, Windows, and macOS and is widely used for:


  1. Host Discovery: Identifying live hosts on a network.

  2. Port Scanning: Scanning for open ports on a target host.

  3. Version Detection: Determining the versions of services running on open ports.

  4. OS Fingerprinting: Guessing the operating system of a target host.

  5. Scripting: Creating custom scripts for specific tasks using NSE (Nmap Scripting Engine).

  6. Vulnerability Detection: Identifying known vulnerabilities in target systems using scripts and databases.

Installing Nmap on Linux


Nmap is readily available on most Linux distributions. To install it, use your package manager:


Debian/Ubuntu:

sudo apt-get install nmap

CentOS/RHEL:

sudo yum install nmap

Fedora:

sudo dnf install nmap

Basic Nmap Commands for Bug Bounty Discovery with Examples


Let's dive into some basic Nmap commands with practical examples:


1. Discover Live Hosts

Use Nmap to discover live hosts on your network:

nmap -sn 192.168.1.0/24

This command scans the IP range from 192.168.1.1 to 192.168.1.254 and identifies live hosts without performing a port scan.


2. Basic Port Scan

Perform a basic port scan on a single host:

nmap -p 80 192.168.1.100

This command scans port 80 on the host with IP address 192.168.1.100.


3. Scan All Ports

Scan all 65,535 ports on a target host:

nmap -p- 192.168.1.100

This command scans all ports on the host with IP address 192.168.1.100.


4. Service Version Detection

Identify the versions of services running on open ports:

nmap -sV 192.168.1.100

Nmap will attempt to determine the version of each service on the target host.


5. OS Fingerprinting

Perform OS fingerprinting on a target host:

nmap -O 192.168.1.100

Nmap will try to guess the operating system of the target based on various characteristics.


6. NSE Scripts

Nmap comes with a wide range of pre-built scripts for advanced tasks, including vulnerability detection. Use an NSE script as follows:

nmap -p 80 --script <script-name> 192.168.1.100

Replace <script-name> with the name of the specific script you want to run. For example:


nmap -p 80 --script http-vuln-cve2021-3156.nse 192.168.1.100

This command uses an NSE script to check for the CVE-2021-3156 vulnerability on port 80 of the target host.


Conclusion

Nmap is a powerful tool for network scanning and security auditing. The examples provided here are just the tip of the iceberg. To become proficient with Nmap, explore its extensive documentation and experiment with various options and scripts.

Always remember to use Nmap responsibly and within legal and ethical boundaries. Unauthorized scanning can disrupt network services and violate privacy and security policies. With practice, you can harness Nmap's capabilities to enhance your network's security and management.


Take a quick questionnaire below :


You are tasked with identifying the operating system of a target host on your network. Which Nmap command should you use for OS fingerprinting?

  • 0%nmap -sS targethost

  • 0%nmap -sn targethost

  • 0%nmap -O targethost

  • 0%nmap -p 80 --script http-enum targethost

You can vote for more than one answer.


84 views

Comments


Get Started with Listing of your Bug Bounty Program

  • Black LinkedIn Icon
  • Black Twitter Icon
bottom of page