Scribd
Upload
112 views

Nmap Explication and Basic Arguments: Author: - Bad - Boy

Nmap is a free and open-source tool used by network administrators to discover hosts on a network and identify services and vulnerabilities. The document discusses how to use basic Nmap arguments like -sC to run default scripts, -sV for service detection, and -A which combines -sC and -sV along with fingerprinting and traceroute. It also covers using the vuln script category to scan for vulnerable subdomains and provides an example of Nmap finding an exploit. The document is intended for educational purposes only.

Uploaded by

Sivi Karudijan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
112 views

Nmap Explication and Basic Arguments: Author: - Bad - Boy

Nmap is a free and open-source tool used by network administrators to discover hosts on a network and identify services and vulnerabilities. The document discusses how to use basic Nmap arguments like -sC to run default scripts, -sV for service detection, and -A which combines -sC and -sV along with fingerprinting and traceroute. It also covers using the vuln script category to scan for vulnerable subdomains and provides an example of Nmap finding an exploit. The document is intended for educational purposes only.

Uploaded by

Sivi Karudijan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Nmap Explication and basic arguments

Author : -Bad_Boy-
1. What is Nmap ? 
Nmap, short for Network Mapper, is a free, open-source tool for vulnerability
scanning and network discovery. Network administrators use Nmap to identify
what devices are running on their systems, discovering hosts that are available
and the services they offer, finding open ports and detecting security risks. 

source : https://www.networkworld.com/article/3296740/what-is-nmap-why-you-need-this-
network-mapper.html

2. How to lunch a scan with nmap ? 

For this tutorial I'll use the HackTheBox machine called "Blue" because i can't
scan a website or something like because it's not very legal… So you got 2
ways to lunch a scan. 
First you can lunch an nmap scan with the ip that you want to test like this. 
Or you can lunch an nmap scan with the url of a website. 
Now let's have more information about the IP or URL.
3. The -sC argument :

These scripts are the default set and are run when using the -sC or -A options
rather than listing scripts with --script. This category can also be specified
explicitly like any other
using --script=default.

For more explication visit this link : https://nmap.org/book/nse-usage.html

Let's try this argument ! 

As you can see we have some information about the OS running on a port but
for the moment we don't have all services discover so let's dig more deeper !
4. The -sV argument : 

Besides determining the state a TCP/UDP port, nmap can also try to figure out
which service is listening on that port. This is done by sending different
requests to the port, and analyzing the replies. This feature is called service
detection, and is activated with option -sV or you can use the
-A. ( the argument -A is the ~combination of the -sV and the -sC arguments ).

Use in first the -sV argument : 

As you can see after that we have all services running behind every port !
So now let's try the argument -A :

We can see that the argument -A is a combination of the -sC and the -sV but
with a little things plus, we have the tcp/ip fingerprint and the TraceRoute.
5. The vulnerable script

The last point of my "tutorial" is the vulnerable script, 


The way NSE scripts are based on a list of predefined categories. These
categories include: auth, broadcast, brute, default, discovery, dos, exploit,
external, fuzzer, intrusive, malware, safe, version, and vuln.
Vuln is the one that you'll be using to launch for scanning vulnerable
subdomains. 

As you can see nmap found an exploit 


So if you check on https://www.exploit-db.com you can see that the exploit
exist ( ms17–010)

------------------------------------------------------------------------------------------------------------------------

This Document is for educational purposes I do not


encourage anyone to use this article for illegal
actions. Stay on the right track

So It's finish thanks to read my article and enjoy ! Good bye see you
soon :) 

My HTB profile : https://www.hackthebox.eu/home/users/profile/66952

My Youtube Channel :

https://www.youtube.com/channel/UCANZaRZztsKsVYA_SoxanaQ

-Bad_Boy-

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy