NMAP

Course
Time
7 hours 1 minute
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:00
Welcome to the lesson on constructing an end map scan.
00:04
This lesson is not intended to go into detail about building complex and map scans. The main point of it is really to show you several important command line switches. You should know about an end map because they're critical to consider in every single and maps can.
00:18
And I want you to see that map scans congee constructed in a variety of different ways. My hope is that you will figure out a way that works well for you and stick with it as you experiment within map.
00:31
Let's get started.
00:33
Here are the learning objectives for this lesson.
00:35
First, I'll remind you about how to get help.
00:39
Next, we'll go over basic requirements oven and maps can.
00:42
Then I'll answer the question. Does it matter what order options are blazed in and maps can?
00:49
Well, then cover two really important options that you should consider in every and maps can.
00:54
Next,
00:55
I'll talk to you briefly about a regular scan versus a script scan and finally will go through a quick lab on constructing an end maps can that will demonstrate the concepts discussed in this lesson.
01:07
If you haven't already. I suggest going back and revisiting Lesson 2.9, which was about ways and map. Users can get help
01:15
as a refresher. Let's go over a couple
01:18
simply diving in map or and map of space. Dash H Been hitting. Enter on your keyboard at the command. Prompt will show you many of the different options you have available in N map.
01:29
There isn't a tiny detail there, but it's a great way to remind yourself of the many options available and how to use them.
01:37
If you're considering running an NSC script,
01:40
you can type in map space. Dash dash, script dash help
01:45
space the name of the script
01:48
than hitting. Enter
01:49
if you want much more detail and are running Lennox or UNIX, Mac Os included.
01:55
You can type man space and map, then hit Enter
01:59
to dig his deepest possible. You should go to the End map website, which now includes Theodore's entire book.
02:06
I put a couple of key or else in this slide
02:08
finally, either create for yourself or find a cheat sheet online.
02:13
I will include one in this lesson, and I believe it will help a lot.
02:16
I won't include every single command or command sequence, but we'll share a single page of what I consider to be the most important and map scans, especially when you're starting out.
02:28
So what are the basic requirements? Oven end map scan?
02:30
Well, first of all, you must have an map installed properly.
02:34
If you've installed it according to my previous lessons, you should be good to go.
02:38
Secondly, and especially when starting out
02:42
open your terminal or Windows Command prompt as a privileged user
02:46
or what I should say is, if you're using Lennox UNIX or the Mac OS,
02:50
run and map using pseudo.
02:52
If you're running windows, open the command prompt. As administrator,
02:55
I'm sure you know what I mean here, but I'll demonstrate this in the lab.
03:00
The next thing to consider is where in the file system you are running and map from and whether your environment variables specifically the path variable are set correctly.
03:09
I'll show you this in the lab.
03:13
Finally, the most important thing that you must include in every single and maps can is the target.
03:19
No matter how sophisticated your scan is without a target, it will fail
03:24
every time I execute a command line program. I wonder, Does it matter what order I placed the switches or options in?
03:31
Well, unlike some programs or environments, an end map it really doesn't matter too much. In other words, you can type the switches that indicate the type of scan before or after the target.
03:43
For example, you could tell and map to scan 1 92.1 68 that one. That one
03:49
been placed. The details about the type of scan you want to perform, such as the dash capital A for an advanced scan or
03:55
dash capital O
03:58
for an operating system detection at the end.
04:01
You can also provide details about what layer for protocol or what ports before or after the type of scan or the target.
04:10
This provides for a lot of flexibility and a lot of different styles.
04:14
So does it really matter what order you put your command line options? Not really.
04:18
One thing that I think you should determine early on in your end map. Scanning adventures, though, is where you put your target and output options,
04:28
play around with a couple of different ways to do it and decide which way suits your needs.
04:31
I'll tell you the way that I usually do it, though, just in case it makes sense to you.
04:35
I typically place all my command line switches before the target and output. In other words, I put the target an output type at the end of every end map statement
04:46
as we go through scans later on, you'll see exactly what I mean.
04:50
But as an example, if I'm doing a simple advanced scan on a target, let's say scan me dot and map dot or GE and want toe out. Put the results into an XML file.
05:02
I would type
05:03
and map space, dash capital, a space scan me dot and map dot or GE
05:11
space. The target
05:13
Space
05:14
dash oh, capital X space results dot xml.
05:19
So the type of scan was determined by the dash capital? A.
05:24
Then I put the target.
05:26
Then I put the output option.
05:28
The reason I like this is that scans can sometimes get really long
05:31
after they execute. I can simply hit the up arrow on my keyboard, then on Lee change the name of the output file or the target very simply because they're at the end of the command.
05:43
So even though it really doesn't matter too much from n mouse perspective
05:47
from a success or failure or performance standpoint, it matters from a usability standpoint.
05:54
I'll show you what I mean in the lab, just in case this isn't clear.
05:58
Another thing I think you may want to consider is the previous lesson on any maps can phases.
06:03
So think about how unmapped processes a scan from phase two phase
06:08
and try to put your command line switches in that general order.
06:12
Sometimes this helps from a conceptual standpoint because it forces you to think about what it will take for your scan to be optimized.
06:18
This will take a little bit of time to master and may only be pertinent to some of you.
06:23
But I'd say that thinking about scans in this manner
06:27
has really helped me a lot to learn and map and memorize most important options and how and why they're used.
06:35
Ultimately, though,
06:36
find a standard that works well for you and stick to it
06:41
along with higher level reasoning and conceptualization. I'm a firm believer that most of us get really effective and efficient through rote memorization, executing and map scans using the same basic format every single time will really help you to burn the most important command line options into your mind.
06:59
Pick the style that works best for you and stick to it.
07:01
Now that I explained to you that I like to put the target and output type at the end, I'll discuss a little bit of detail about these two options.
07:10
For the target specifications, you can use many different options. You can use a local or remote host name or fully qualified domain name.
07:17
You can use an I P address where you can use multiple host names or I p addresses.
07:24
Additionally, you can use an entire network insider notation. For example. 192.168 dot 1.0 slash 24 would indicate every host on the 1 92.1 68 that 1.0 network.
07:39
You can also provide and map with a file that has all of the host names and or I P addresses that you want to scan.
07:46
The options are almost unlimited.
07:47
In fact, you can even ask and map to choose a number of random targets.
07:51
You can also provide and map with a bunch of targets than tell it which ones of those to exclude.
07:59
We'll go over all this stuff later on.
08:01
Now for the output
08:03
again. And map has a lot of capabilities here. The big things to consider our one. Do you want your output to go to the screen or to a file
08:11
too? If you wanted to go to a file, what format do you want it in? And three. How much detail do you want? Your skin and its results.
08:20
Dash Oh, capital end, followed by a foul name, will output the results to a text file that you specified in the normal and Matt format
08:30
Dash Oh, Capital X will output it to an XML formatted file
08:35
dash Oh, Capital s will out. Put it in script, Kiddie format
08:39
and
08:39
dash Oh, Capital G will output the results in a gribble format. For those of you who like to use ***
08:46
if he used dash oh, Capital A, followed by a file name without an extension
08:54
and map will create three different output files in normal xml incredible format.
09:00
The last two options I put here are Dash V and Dash V V
09:05
replaced them with all the output formats because what thes two options do is determine the level of detail or verbosity, which is what the V stands for
09:13
in the output.
09:15
If you leave them out
09:16
and map will output a normal level of detail. If you add the Dash V switch, it will increase the level of detail.
09:24
And if you add the dash V V, it will increase the level of detail even more
09:28
again. Play around with these options with some simple scans, you'll figure out the amount of detail that's right for you,
09:37
even though you have a lot of flexibility with how you construct your own map scan statements. There's a key distinction I'd like to make, and that's between a regular scan and an NSC script scan.
09:46
The same rules about the target and the output still apply, but a standard regular scan is usually simpler.
09:52
For example, you can run a regular simple scan against scan me dot and map dot org's by simply typing and map space. Scan me dot and map dot org's.
10:03
However, if you want to execute one of N maps and A C scripts against the same target, you would have to type and map space.
10:11
Dash s Capital C Space Scan me dot and map dot or GE,
10:16
which will run every NSC script labeled as default against the target,
10:22
or you would type
10:22
and map space. Dash Dash script equals the script name
10:28
Space Scan me dot and map dot org's
10:31
the main point that I'm trying to make here. Is that a simple script? Skin as one additional command line switch as a basic requirement of a scan?
10:39
We'll go into much more detail about NSC scripts later on, and I'll show you what I'm talking about in this lessons lab so you can follow along.
10:48
In this lesson. I reminded you about the value of help and where you can get it quickly.
10:52
I talked with you about the basic requirements Oven and Mount scan statement.
10:56
We discuss whether or not the order in which an end maps can statement is typed matters.
11:01
I showed you the two most important options target an output that you need to consider in every scan.
11:07
We then looked at the difference between a simple regular scan versus a script scan. The next lesson will run through the lab on constructing an end Maps can.
11:18
Thanks so much for walking through this lesson with me and I'll talk to you in the next lesson.

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor