in , , ,

Nmap – Scanning and identifying services

Web App Penetration Testing – Kali Linux – Nmap

Kali Linux – Nmap – Scanning and identifying services

Nmap is probably the most used port scanner in the world. It can be used to identify live hosts, scan TCP and UDP open ports, detect firewalls, get versions of services running in remote hosts, and even, with the use of scripts, find and exploit vulnerabilities.

In this recipe, we will use Nmap to identify all the services running on our target application’s server and their versions. We will do this in several calls to Nmap for learning purposes, but it can be done using a single command.

Getting ready

All we need is to have our vulnerable_vm running.

How to do it…

1. First, we want to see if the server is answering to a ping or if the host is up:

root@kali~# nmap -sn

2. Now that we know that it’s up, let’s see which ports are open:

root@kali~# nmap

3. Now, we will tell Nmap to ask the server for the versions of services it is running and to guess the operating system based on that.

root@kali~# nmap -sV -O

4. We can see that our vulnerable_vm has Linux with kernel 2.6 with an Apache 2.2.14 web server, PHP 5.3.2, and so on.

How it works…

Nmap is a port scanner, this means that it sends packets to a number of TCP or UDP ports on the indicated IP address and checks if there is a response. If there is, it means the port is open; hence, a service is running on that port.

In the first command, with the -sn parameter, we instructed Nmap to only check if the server was responding to the ICMP requests (or pings). Our server responded, so it is alive.

The second command is the simplest way to call Nmap; it only specifies the target IP address. What this does is ping the server; if it responds then Nmap sends probes to a list of 1,000 TCP ports to see which one responds and then reports the results with the ones that responded.

The third command adds the following two tasks to the second one:

-sV asks for the banner—header or self identification—of each open port found, which is what it uses as the version

-O tells Nmap to try to guess the operating system running on the target using the information collected from open ports and versions

There’s more…

Other useful parameters when using Nmap on Kali Linux are:

-sT: By default, when it is run as a root user, Nmap uses a type of scan known as the SYN scan. Using this parameter we force the scanner to perform a full connect scan. It is slower and will leave a record in the server’s logs but it is less likely to be detected by an intrusion detection system.

-Pn: If we already know that the host is alive or is not responding to pings, we can use this parameter to tell Nmap to skip the ping test and scan all the specified targets, assuming they are up.

-v: This is the verbose mode. Nmap will show more information about what it is doing and the responses it gets. This parameter can be used multiple times in the same command: the more it’s used, the more verbose it gets (that is, -vv or -v -v -v -v).

-p N1,N2,…,Nn: We might want to use this parameter if we want to test specific ports or some non-standard ports, where N1 to Nn are the port numbers that we want Nmap to scan. For example, to scan ports 21, 80 to 90, and 137, the parameters will be: -p 21,80-90,137.

–script=script_name: Nmap includes a lot of useful scripts for vulnerability checking, scanning or identification, login test, command execution, user enumeration, and so on. Use this parameter to tell Nmap to run scripts over the target’s open ports. You may want to check the use of some Nmap scripts at: This Link.

See also

Although it’s the most popular, Nmap is not the only port scanner available and, depending on varying tastes, maybe not the best either. There are some other alternatives included in Kali Linux, such as:

  • unicornscan
  • hping3
  • masscan
  • amap
  • Metasploit scanning modules

If you have encountered a problem or you have any questions or remarks please feel free to set a comment.

If this article helped you to solve your problem please feel free to share it with your friends … with love and prosperity K4LINUXTEAM.

With Love and Prosperity K4LINUX-TEAM.



What do you think?

1078 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

One Comment

Leave a Reply
  1. I simply wanted to post a simple remark to express gratitude to you for all the precious advice you are placing on this website. My long internet look up has finally been compensated with reliable insight to go over with my classmates and friends. I ‘d mention that we readers are extremely lucky to be in a good site with very many wonderful individuals with valuable strategies. I feel very lucky to have come across your entire website page and look forward to some more fun moments reading here. Thank you once again for everything.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

web application penetration testing with kali linux

Getting to know web applications on a vulnerable VM

penetration testing with kali linux

NMAP & WAFW00F – Identifying a web application firewall