Author Topic: What to look for in a nmap scan ? (Read 1152 times)

blackrat · « **on:** September 24, 2015, 07:08:54 pm »

Hello i am woundering what to look for in a nmap scan (What do you guys look for). I like to belive that i have an understanding of networks in general and nmap. I have read the tutorial on nmap on their website. And i know that i should look for open ports and services. But is there anything in particular that i should look for first. Srry for bad english not my native

Thanks.

blindfuzzy · « **Reply #1 on:** September 24, 2015, 07:10:22 pm »

Quote from: blackrat on September 24, 2015, 07:08:54 pm

Hello i am woundering what to look for in a nmap scan (What do you guys look for). I like to belive that i have an understanding of networks in general and nmap. I have read the tutorial on nmap on their website. And i know that i should look for open ports and services. But is there anything in particular that i should look for first. Srry for bad english not my native

Thanks.

Use Google. Find a list of services-of-interest.

white-knight · « **Reply #2 on:** September 24, 2015, 08:01:10 pm »

Basically you want to scan the network to see what machines have what ports open and what services are running on the open ports & what operating system the machine is running .

You want to find what versions of the services that are running, then you can move on further .

So if you find say a old version of FTP, SMB ,SSH and so on then you can google to see what exploits are available for that version of the service.

You can also google the port that is open for know vulnerabilities http://www.enigmagroup.org/exploits/rport/135/

There are also lots on nmap scripts to help gather more information in the usr/share/nmap/scripts directory .. https://nmap.org/nsedoc/

The more information you gather the more luck you will have finding a vulnerability.

proxx · « **Reply #3 on:** September 26, 2015, 01:06:02 am »

White-knight pretty much said it.
Be sure to check the uncommon ports, often forgotten , Nmap doesn't scan for them by default , mostly because it takes forever.
If you combine that with a fingerprint scan you might be suprised how frequent you can find stuff that is 'put away'.
Also most people seem to pretend that UDP does not exist, all they ever talk about is somewhere TCP and up, there many interesting protocols running UDP, they are harder to scan though.

x41r3d · « **Reply #4 on:** October 05, 2015, 04:22:12 am »

do nmap -sV http://targeturl.com. that will give you output of ports, services and their version number.

after that search these services + version numbers in exploit-db etc.

lolwut · « **Reply #5 on:** October 05, 2015, 10:11:05 am »

The main thing is to look at what ports are open, and what ports are not open.

This can give you an idea of what sort of person has configured the machine - if it seems that FTP, SSH, TELNET are all open on one internet facing machine on a interesting target you might either have an extremely incompetent admin or more likely looking at a honeypot.

ram1r3z0 · « **Reply #6 on:** October 07, 2015, 09:34:39 pm »

It depends what you are looking.
The start
nmap -sV -O target
is good one

EvilZone

News:

Author Topic: What to look for in a nmap scan ? (Read 1152 times)

blackrat

What to look for in a nmap scan ?

blindfuzzy

Re: What to look for in a nmap scan ?

white-knight

Re: What to look for in a nmap scan ?

proxx

Re: What to look for in a nmap scan ?

x41r3d

Re: What to look for in a nmap scan ?

lolwut

Re: What to look for in a nmap scan ?

ram1r3z0

Re: What to look for in a nmap scan ?