Scribd
Upload
32 views

Da 02

This document provides instructions for conducting various network scans and reconnaissance using Nmap. It begins with basic commands for ping scanning a single IP or host, scanning specific ports or port ranges, and scanning multiple IPs or IP ranges. It then lists tasks for scanning the most popular ports, scanning from a text file, disabling DNS resolution, and detecting OS/services. Further tasks involve service version detection, TCP/UDP scanning, CVE detection, denial of service, and brute force attacks. The document ends with instructions to use Nmap to conduct reconnaissance on a test network, including commands to detect firewalls and filtering, identify host names, use IPv6 and decoys, and output results in various formats.

Uploaded by

Kumar Raja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views

Da 02

This document provides instructions for conducting various network scans and reconnaissance using Nmap. It begins with basic commands for ping scanning a single IP or host, scanning specific ports or port ranges, and scanning multiple IPs or IP ranges. It then lists tasks for scanning the most popular ports, scanning from a text file, disabling DNS resolution, and detecting OS/services. Further tasks involve service version detection, TCP/UDP scanning, CVE detection, denial of service, and brute force attacks. The document ends with instructions to use Nmap to conduct reconnaissance on a test network, including commands to detect firewalls and filtering, identify host names, use IPv6 and decoys, and output results in various formats.

Uploaded by

Kumar Raja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

CSE 3501 – Information Security Analysis and Audit

Lab Digital Assessment – 2

Name:-Kumar raja
Reg.No-20BIT0213

1.Basic Nmap Scan against IP or host


IP

Host
2.Nmap Ping Scan

3.Scan specific ports or scan entire port ranges on a local or remote server
All 65535
Specific port

4. Scan multiple IP addresses


Scan multiple IP:

Scan consecutive IP:

5. Scan IP ranges
Nmap to scan entire CIDR IP ranges:
Scan 14 consecutive IP ranges:

Wildcards to scan:

Exclude certain IPs:


6.Scan the most popular ports

7. Scan hosts and IP addresses reading from a text file


8. Save your Nmap scan results to a file

9. Disabling DNS name resolution


10. Scan + OS and service detection with fast execution

11. Detect service/daemon versions


12. Scan using TCP or UDP protocols

13. CVE detection using Nmap


14. Launching DOS with Nmap

15. Launching brute force attacks


WordPress brute force attack:

Brute force attack against MS-SQL:

FTP brute force attack:


16. Detecting malware infections on remote hosts
A common malware scan can be performed by using:

Or using Google’s Malware check:

Exercise SET
Using nmap to conduct a reconnaissance of your network
1. Use a broad ping scan to determine the hosts that are "up" on a portion of your network.

Enter the following scans & record the results


o nmap -n -sn 10.27.x.0/24
o nmap -n -sn 10.27.0.0/24
a. Why is the -n option used? What happens if you rerun this command without the -n option? (Try it).
b. What does the /24 represent?
Without -n

b. What does the /24 represent?


It represents the CIDR (Classless Inter-Domain Routing) notation of the IP address.

2. Conduct an IP protocol ping (switch -PO / -PS / -PU) on the Common Network hosts.
a. How many TCP ports are open on each?
b. Are there any UDP ports open on any machine?
3. Conduct an IP protocol ping on yourself.
a. How many ports are open?
b. Are the results different than that attained with the IP protocol ping? Explain.
[Hint: read the OS Detection section of the man pages and again note that you will need to use sudo to have
sufficient privilege.]

a. What operating system does nmap think your Server VM is running?

b. What is its MAC address?


c. What operating system does nmap think your Linux VM is running?

4. Type the following commands in zenmap. Use different IP address and generate a report. Take a screen shot
and write your comments on each command.
a) Scan a Host to Detect Firewall : namp –sA 192.168.0.64
b) scan a host if it is protected by any packet filtering software or Firewalls : nmap –PN 192.168.0.101
c) Complete a scan in Stealth Mode : nmap -sS 192.168.0.64
d) Identify Host Names : nmap -sL 192.168.0.1
e) Scan IPv6 Addresses : nmap -6 ::ffff:c0a8:1
f) Create Decoys while scanning : nmap -D 192.168.0.1,192.168.0.2,...
g) Scan remote Hosts using SCTP : nmap -sZ --top-ports 20 -T4 192.168.1.1/24
h) Scan output in xml format : nmap -oX scan-report.xml -n 192.168.1.1
i) Save nmap outputs : nmap -n 192.168.1.1 > scan-report
j) Using multiple script categories : nmap --script discovery,brute 192.168.1.1

a.
b.

c.

d.
e.

f.

g.
h.
i.

j.

You might also like