Menu
▾
▴
nmap-en
nmap
Phase(s):
Primary: Mapping.
Secondary: Discovery.
Description:
Tool that help us scan the ports of the server where the application is deployed. Additionally is provides several scripts which extend its functionality from data gathering to vulnerability scanning.
Objective:
- Identify the ports present on the server.
Features:
Supported technologies: Application Servers.
Operative mode: Active.
Identify the ports present on the server.
- Provides the port number and it state: open, closed, filtered.
Reports:
Output reports: ✔
- Text files and XML file with the scanning results.
Basic usage:
Perform a basic scan with the additional scripts. The following command initiates the ports scan for the requested server:
nmap -A -v -oA [path] /report [Server IP Address]
Where:
- -A: Include the additional scanning scripts.
- -v: verbose mode.
- -oA: Export the results in all the available formats (Text, XML, Grep) on the specified directory.
The tool will begin the scan with the additional scripts on the most common ports providing the details of its state.
NSE: Loaded 36 scripts for scanning.
Initiating ARP Ping Scan at 10:35
Scanning [dirección IP] [1 port]
Completed ARP Ping Scan at 10:35, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:35
Completed Parallel DNS resolution of 1 host. at 10:35, 0.04s elapsed
Initiating SYN Stealth Scan at 10:35
Scanning [dirección IP] [1000 ports]
…
Discovered open port 80/tcp on [dirección IP]
Discovered open port 443/tcp on [dirección IP]
Discovered open port 3306/tcp on [dirección IP]
Discovered open port 9001/tcp on [dirección IP]
Initiating ARP Ping Scan at 10:35
Scanning [dirección IP] [1 port]
Completed ARP Ping Scan at 10:35, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:35
Completed Parallel DNS resolution of 1 host. at 10:35, 0.04s elapsed
Initiating SYN Stealth Scan at 10:35
Scanning [dirección IP] [1000 ports]
…
Discovered open port 80/tcp on [dirección IP]
Discovered open port 443/tcp on [dirección IP]
Discovered open port 3306/tcp on [dirección IP]
Discovered open port 9001/tcp on [dirección IP]
Once the ports detection is completed, the additional scripts will begin a detailed port analysis in order to provide more details about the service and version that is running under it.
80/tcp open http Microsoft IIS webserver 6.0
..
3306/tcp open mysql MySQL (unauthorized)
…
9001/tcp open http Apache httpd 2.2.21 ((Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1)
3306/tcp open mysql MySQL (unauthorized)
…
9001/tcp open http Apache httpd 2.2.21 ((Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1)
Within the scripts it is included an operative system version detection.
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
OS details: Microsoft Windows Server 2003 SP1 or SP2
Once the scan is complete, the results will be available on the specified output directory:
- \[report\].gnmap: Text file for grep processing.
- \[report\].nmap: Text file with the scanning results.
- \[report\].xml. XML file with the scanning results.
Additionally, the tool can be executed through a graphical user interface that enables the scanning, results visualization and results exports.
Resources:
Link: http://nmap.org/
Author(s): Gordon Lyon
Contact: fyodor [at] nmap.org.
License: GNU General Public License v2