Constructing an Nmap Scan Lab Part 1 - NM
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
7 hours 1 minute
welcome to the lab on constructing an end map scan.
This lab is pretty long. So let's get started
in a lab. All quickly review how to get quick reference Help as you're running and map scans.
Then I'll demonstrate that and map scans can be typed out in various ways while delivering the same results.
Next, we'll go through the main target and output types and finally, I'll show you why I like putting target an output at the end of and map scans.
Okay, welcome to the lab on constructing an unmapped command line scan statement
in this lab, I'm gonna be using Windows 10.
Everything is the same with other operating systems. Except for the first part.
I'm gonna show you where to go on windows to make sure. And map is in your path, meaning that no matter where you are in the command prompt file system and map scans will run successfully.
So the first thing you want to do is click on your start button
then click on system control panel,
Then click advanced system settings over to the left
and then at the bottom you'll see environment variables click on that.
And so what we're looking for is the path variable,
which is right here. Well,
and right here, you'll see. And map is installed to see program files, back slash and map.
And that's correct. In my installation, that's pretty much the default installation of them. Map if you've installed it somewhere else, or you don't see and map anywhere in your environment Variables, um, in your path,
click on new,
and then just type the location where it iss.
You'll know better than I will. So
once you have it typed out there, or in most cases, you're gonna have it.
but what? Once you've verified that
and map is in your path, just click. Okay?
And then just close that
right? The next thing I want to show you is running and mapas an administrator. Just click on your start button in type C m. D for the command prompt.
Once it comes up at the top of the list,
right? Click on it and click Run his administrator
by default. When it opens, it should be at sea windows System 32. You can see that right there.
what I want to do is just show you that.
And map indeed does work from
kind of anywhere in the operating system. So we'll type
dash Capital V.
That'll give us the version of en map that we're running, hit, enter
and it works
now. Ah, type seedy space backslash hit Enter
and I'm at the root of the operating system now a root of C, I should say,
again type and map dash capital V just a test to make sure it's still working.
So a map will run
anywhere in the operating system. You can pretty much assume, because it's worked from the system 32 folder
and from the root of C.
Okay, now just a refresher.
for and map. You can type in map
space, Dash H,
and I'll scroll up here just so you can see
all of the different options available to you at and map.
Additionally, as we cover before you can type just in map and hit enter
the results of both of those two commands are exactly the same.
Okay, so one of the things that I wanna cover now our target types
and so I'm gonna scroll up
to the very top right after we
ran the end map command.
And right underneath. Here.
Here's the map. Command run underneath. It shows target specifications so
you can pass host names. I p addresses networks, et cetera.
If you ever want to refer back to it, that's where it ISS.
So I'm gonna go ahead and do a clear screen.
the first thing I want to do is show you how to scan a single host, even though we've done this before and map
1 92.1 68 1 dot to 54
That doesn't standard default and map scan of that, I'd be address.
There's the results.
Or you could do a scan of multiple hosts at the same time. You do? Ah, be range. So we'll do it in Mount Space
19 to 1 68 1.1 through 25.
the scan will take a little bit more time, so I'll probably cut it from the video.
All right, so you see that that scan took 9.62 seconds, which is a very nice,
very nice information to have,
for any scan.
Okay, So now I'm gonna clear the screen again.
All right? So N map also will accept
entire network range insider notation.
If you don't know what that is, I'll talk to you more about that in the T v i p section.
So we'll run a n map
So that will scan
every host on the 1921681.0 network,
which is Ah subnet Mask of 255.255 dot 255.0.
the scan takes awhile, so I'm definitely gonna cut this from the video.
Okay, so now we have our results from
the networks. Can insider notation
clear the screen again?
Okay, Now I'm gonna go back to another scan that we've done in the past just for demonstration purposes in that is unmapped space. Began me. That and matt dot or ge
This is just a show that you can also run an unmapped scan with the target of a fully qualified domain name.
clear the screen again.
Now we'll run a N map.
Now we'll do entire domain
insider notation form
of map dot or ge and we'll do a slash 29 which is a lot smaller network than a slash 24
since there's 29 bits
in the sub net mask,
meaning that there's 29 bits assigned to the
network portion of the I P address.