Introduction
Network scanning is an essential part of network management and security. Nmap (Network Mapper) is a powerful open-source tool that can help you discover devices, services, and vulnerabilities on your network. In this comprehensive guide, we will explore Nmap and major Linux commands with plenty of practical examples to help you get started with network scanning and security auditing for bug bounty.
What is Nmap?
Nmap is a versatile and free network scanning utility originally developed by Gordon Lyon (Fyodor) and now maintained by a community of developers. It's available for Linux, Windows, and macOS and is widely used for:
Host Discovery: Identifying live hosts on a network.
Port Scanning: Scanning for open ports on a target host.
Version Detection: Determining the versions of services running on open ports.
OS Fingerprinting: Guessing the operating system of a target host.
Scripting: Creating custom scripts for specific tasks using NSE (Nmap Scripting Engine).
Vulnerability Detection: Identifying known vulnerabilities in target systems using scripts and databases.
Installing Nmap on Linux
Nmap is readily available on most Linux distributions. To install it, use your package manager:
Debian/Ubuntu:
sudo apt-get install nmap
CentOS/RHEL:
sudo yum install nmap
Fedora:
sudo dnf install nmap
Basic Nmap Commands for Bug Bounty Discovery with Examples
Let's dive into some basic Nmap commands with practical examples:
1. Discover Live Hosts
Use Nmap to discover live hosts on your network:
nmap -sn 192.168.1.0/24
This command scans the IP range from 192.168.1.1 to 192.168.1.254 and identifies live hosts without performing a port scan.
2. Basic Port Scan
Perform a basic port scan on a single host:
nmap -p 80 192.168.1.100
This command scans port 80 on the host with IP address 192.168.1.100.
3. Scan All Ports
Scan all 65,535 ports on a target host:
nmap -p- 192.168.1.100
This command scans all ports on the host with IP address 192.168.1.100.
4. Service Version Detection
Identify the versions of services running on open ports:
nmap -sV 192.168.1.100
Nmap will attempt to determine the version of each service on the target host.
5. OS Fingerprinting
Perform OS fingerprinting on a target host:
nmap -O 192.168.1.100
Nmap will try to guess the operating system of the target based on various characteristics.
6. NSE Scripts
Nmap comes with a wide range of pre-built scripts for advanced tasks, including vulnerability detection. Use an NSE script as follows:
nmap -p 80 --script <script-name> 192.168.1.100
Replace <script-name> with the name of the specific script you want to run. For example:
nmap -p 80 --script http-vuln-cve2021-3156.nse 192.168.1.100
This command uses an NSE script to check for the CVE-2021-3156 vulnerability on port 80 of the target host.
Conclusion
Nmap is a powerful tool for network scanning and security auditing. The examples provided here are just the tip of the iceberg. To become proficient with Nmap, explore its extensive documentation and experiment with various options and scripts.
Always remember to use Nmap responsibly and within legal and ethical boundaries. Unauthorized scanning can disrupt network services and violate privacy and security policies. With practice, you can harness Nmap's capabilities to enhance your network's security and management.
Take a quick questionnaire below :
You are tasked with identifying the operating system of a target host on your network. Which Nmap command should you use for OS fingerprinting?
0%nmap -sS targethost
0%nmap -sn targethost
0%nmap -O targethost
0%nmap -p 80 --script http-enum targethost
You can vote for more than one answer.
Comments