Okay everyone knows the basic nmap usage such as treating all hosts online with the "-PN" command, or probing ports to determine the services/versions are with the "-sV" command but I wanted to talk about alittle bit more than that.
Here we will spoof our mac while scanning an intruder connected to our network in order to determine what services they're running, then log in XML format for further analyzing while only displaying the open ports.
nmap 192.168.1.100 -sV --spoof-mac Cisco -oX nlog --open
We can also play with the nmap scripts that come packaged with the tool, these are excellent and if you haven't used them before than you're missing out. We will use the discovery scripts to obtain more information.
nmap 192.168.1.100 -sV --spoof-mac Cisco -oX nlog --open --script=discovery
We could also increase the intensity of the service detection (-sV) with "--version-all". This would try every probe that's available. We may also want to enable OS detection by issuing the "-O" option. We could also just use the "-A" command to enable OS and service detection, traceroute and default script scanning. Keep in mind doing this would make for a noisy and potentially detectable scan. I
In addition to the discovery scripts we could use other script categories such as the "intrusive" or "auth" categories which you can read more about here - http://nmap.org/book/nse-usage.html
We can also do things to increase anonymity and evade Intrusion Detection Systems (IDS) such as using the SYN stealth scan, adding random data to the packets sent and fragmenting them, we will also use the "-iR" command to scan random IP's.
nmap -iR 100 -sS --spoof-mac Cisco --data-length 9 -f
That's where I'll end this little "tutorial", hope someone finds this useful.
No comments:
Post a Comment