2.13 General Considerations - NM

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

NMAP

Course

Time

7 hours 1 minute

Difficulty

Beginner

CEU/CPE

Video Transcription

00:00

Welcome to the first lesson on Zen map, which is in maps graphical user interface.

00:05

This lesson will cover the basics.

00:08

Hard core network and security practitioners generally considered point click environments as the weaker versions of the real thing.

00:15

Even though I think you should work hard to master and map at the command line,

00:19

I hope to show you that end maps gooey can provide real value when it's available on your network scanning station.

00:27

It really can make you faster and more effective in many situations.

00:31

Let's get started.

00:33

Here are the learning objectives for this lesson.

00:36

First, we'll answer the question of whether you should use the Zen map gooey or the command line version of en map.

00:41

Next, we'll discuss the benefits of using Zen map.

00:45

Then we'll talk about the best ways to learn send map and finally will run through a lab on using it.

00:51

When network admin, DS and security professionals start using in map, they always wonder whether they should start with the command line or was send map

00:58

in general. I think you should start with N map at command line.

01:02

Getting comfortable there will always make you more effective when you toggle to Zen map,

01:06

additionally said, map may not be available on the machine you're using to run your scans. For example, if you're running a penetration test on a client's network using only their machines,

01:17

and map is easy to install and leaves less of a trace. So penetration testers may find that and maps command line is the best or only option in certain circumstances.

01:26

One really nice thing about N map is that you can create and run a bunch of scans from a batch file, then come back later and analyse the results.

01:34

To answer the main question on this slide. I believe that in order to be proficient in end map in zone map, you must get good at running it from the command line.

01:44

With that said, there are a lot of benefits to using Zen map.

01:48

For one thing, it provides a simple point and click environment.

01:52

This allows you to choose the type of scans you want to run easily than simply run them without typing out a long line of code.

01:59

This type of graphical environment may be much easier for some people, especially those who are visually oriented or visual learners.

02:07

Another great benefit of using Zen map is the ability to create and save custom scan profiles.

02:13

We'll touch on these in the next lesson.

02:15

They allow you to set a bunch of scan options than save them as named scans so that you can run them against different targets next time you opens and map.

02:24

Zen map also provides you with a good way to learn and map.

02:28

All of the scan types and options are laid out categorically, and you can see the way and map scans are constructed.

02:35

And finally, I find it much easier to learn about NSC scripts from inside Zen map.

02:40

There are so many NSC scripts and all of the developers help information is accessible from insides and map.

02:46

You could just click on the script. Do you want to learn about and read about what it does and what command line arguments it accepts?

02:54

I'll show you this in the lab.

02:57

So what is The best way to learn is that map

03:00

this slide provides you with some good options. Most of them are common sense.

03:04

Find the method that works best for you.

03:06

My sincere hope is that this training will be a great launching point for you.

03:09

One important tip in this slide, though, is to run Zen map as a privilege user and Windows. This means running it as a local admen. Some skin simply won't work as a regular user.

03:21

Other than that, play around with it.

03:23

Go through the labs with me and you'll have a running start.

03:27

Unless you're running intrusive or hostile scans against unknown targets, you don't have much to lose.

03:32

Run some simple scans and save the results. Start with a goal in mind with each scan. Ask the question. What information do I want to learn about the target?

03:42

This helps to focus your scan, and I'm certain that and Matt will leave you satisfied.

03:46

Beyond that, read the official book on the map website.

03:50

I'm positive that any question you will have will be answered there.

03:54

Okay, on to the lab in this lab. We're going to run through the most important aspects of Zen map.

04:00

When said map opens, it sits there awaiting your input.

04:02

If you don't have a basic understanding of how it works, will definitely be left wondering what to do next.

04:09

There are currently no wizards to guide you through running various scans.

04:14

Let's walk through the basics for now. Then I'll walk you through a little bit more detail later.

04:17

Let's do it.

04:19

Welcome to the Zen map. Basic slab. In this lab, we're gonna go through the most important components of Zen map, which are one the command text box to the target dropped down in text box.

04:31

And three, the profile dropped down

04:33

in the next lesson. We're gonna cover custom scan profiles, but I'll briefly show you one of the reasons I really like to use and map to find out Information about NSC scripts in the profile editor.

04:46

We'll finish out the lab by saving a scan than opening a previous scan.

04:51

As you can probably tell, I'll be using Windows 10 for this lab.

04:56

So to start out,

04:57

let's open up Zen map.

05:00

Click on the start button.

05:02

Start typing Zen map

05:05

once it pops up, right click.

05:08

Run his administrator.

05:15

Okay, now that you have Zen map up and the first thing I want to call your attention to is right here and that is the command text box.

05:23

The reason why I think it's the most important, and I'm sure you'll agree Is that

05:27

basically it's the equivalent to the command line. So in other words, we can just

05:33

type whatever we had type of the command line in this command text box and then over to the right hit scan,

05:42

and the results will show up in this end map output.

05:47

So we'll do. Ah, and map

05:49

scared me a map

05:53

dot or ge

05:55

and then click on scan.

06:00

You can see the results building down here in the end map output.

06:04

And there you have it. So

06:06

my main point is that any scan that you build at the command line, you can copy and paste it into this command text box and then hit scan

06:17

and the results will pop up here

06:23

and it goes the other way, too. If you want to build out your scan in Zen map,

06:29

you can build it out here and then simply copy and paste it back to the command line.

06:40

So the next thing I want to show you

06:44

in Zen map is the target.

06:46

Uh, right here. You can see that after I built that command in the command text box, the target was auto populated.

06:55

06:56

it goes in the reverse to I can type a different target. We'll use my default gateway, which is one attitude at 1 68 1 dot to 54

07:06

and you can see that in the command three command line was automatically built for you and changed the target to my default gateway.

07:16

So I can hit scan again

07:20

and there are the results. And those results would match the results that we got when we scanned my default gateway from the command line as well

07:33

get the next thing I want to show you. Is the profile dropped down?

07:41

If you click this drop down list, you'll see a list of default

07:45

profiles that were built out by the creators of In Map

07:49

s O There

07:50

Pretty cool scans that you can start with. And the neat thing about it is you could choose any one of these and you'll see the command line built out for you. So let's do a intense scan of my default gateway.

08:07

And there you see all of the options that were auto created

08:11

just by choosing the profile.

08:15

It's all gone and run this scan

08:16

and we'll kind of look at their differences in the results.

08:31

So the timing template

08:33

right here is four, which is aggressive.

08:37

This dash A makes it in advance scan.

08:41

And as we talked about before, dash lower Case V

08:46

is increasing the verbosity or detail that is shown in the output.

08:56

Okay, now that that scan completed weaken, scroll down and look at all of the details.

09:01

The dash A really

09:05

does a lot of stuff

09:07

and provides a lot of detail. If you ever want a lot of detail about a host, just remember Dash Capital A. We'll go over all those

09:16

different options later,

09:16

but it's a good one to remember.

09:20

Okay, so now what I want to show you is saving your scan.

09:24

Um, you could simply

09:26

after the scan is complete, you can click on scan

09:30

and then save scan

09:33

will bring up a drop down. Since we ran several scans, it's gonna ask you which one you want to save. And I want to say that last one that we ran, which is at the bottom of the list,

09:45

and then we'll click save.

09:46

And if you remember from the previous lesson, we created a folder in the root of C called results. So I'm gonna navigate to that folder.

09:56

And there's all the results from the previous scans that we did.

10:01

I can just next to name just type will type it. Um, we'll call it

10:07

results eight

10:09

dot xml

10:13

and then click save.

10:20

And I'm gonna go ahead and close out a Zen map just to show you

10:24

what that did. Basically,

10:30

so I'll reopens and map.

10:41

Okay, so now we're going to go and find that scan that we just ran.

10:45

Grand scan,

10:46

open scan,

10:48

and it automatically defaulted to my, uh it shows you're recently used scans, but I'm gonna go ahead and navigate to see

10:58

results,

10:58

and then results eight was the one that we just ran, so open it.

11:05

And there you can see

11:07

if you click on MM output. You can see exactly all of the output that we gathered from that scan,

11:16

and you can also see the command that was used to create that output.

11:22

Anything about it is you can run this scan again if you want, or you can just evaluate,

11:28

you know, all of the stuff that was gathered from that scan.

11:35

Okay. As I said before, we're gonna cover the and map scripting engine mawr in lessons later. But for now, I just wanted to show you how easy it is to get quick help information on see scripts from within Zen map.

11:52

So the way that you do that is, we'll click on profile

11:56

and then edit selected profile,

11:58

and it's gonna edit the intense skin profile. But that doesn't really matter too much because we're not gonna make any changes to it.

12:07

Click on Edit Selected profile,

12:09

and then you see this Ah, tab at the top called Scripting. Click on that

12:15

and