NMAP

00:00

Hello. My name is Dustin, and welcome to pen test basics scanning networks. We're gonna go into some actual and maps scans, and what I've got here is the real quick cheat sheet that goes through a few of the most common commands that you'll use in. The cool thing about this is once you know some of these, you can actually combine them,

00:19

and I'll see you how to do that when we get to it.

00:21

But the first command you'll want to nose the most basic command, and that's just end map and then an I P address. And what that will do is run and maps default scan on a single I P address. If you didn't know the I P address or you prefer to just scanned by hosting, you can do that as well. And you can do that by typing and map

00:40

and then the hosting

00:41

so pretty easy. You can also scanning range of I PS, and that's just end map. The first i p address in the range gaffe last I P address in the range.

00:54

Hey, maybe easier sometimes to scan a full sub net.

00:58

And in the case of that you would just type in end mouth and then the network address. So in this case, 19216810 sets the 1 90 to 1 68 1 network,

01:07

and we did a slash 24. And you see, do you want to do it in cider notation and that'll scan that whole network with the base and math scan.

01:17

You can also scan from, ah, list of targets and written into a file,

01:23

and that's really useful. If you ran a few scans, maybe to see what hosts are up, just ran a real quick pink skin and rode it to a file. You can then

01:34

use that list to run a more advanced scan,

01:38

so it's cool. You can combine a couple of these. If you're just looking for a single port, you can do that as well, and you do that by typing and map Dash P and in the port number. So, for example, sshh. Or if you want to look for telling that or a C P. D. N s anything, you could just enter the port number than the I P address.

01:57

You can also scan for a range of court numbers, and this is done in the same way that the range of eyepieces done. So it's end map dash p for port number, the first court number in the range and then the last port number

02:09

and then the i P address. And that'll scan for all of those ports on one I p. Address.

02:15

Another one that's really useful is just scanning the 100 most common ports. And you can do that by doing it and map dash capital F

02:24

then the I p address. So really easy Thio to do that, just the top 100 ports, most common ones.

02:31

Then, if you really want to, you can scan for every single port,

02:36

and you could do that by doing the map Dash P dash, then the I P address.

02:42

And like I said, you can kind of combine some of these commands So say he wanted to search for the most 100 common ports on a range of I P addresses.

02:53

You can do that by typing in and map

02:54

Dash F for the most common ports,

02:59

and then the first i P address in the range. One nine two one six eight one one dash the last I p. Address of the range. So we're gonna go ahead and hop in the lab now and kind of show you how some of these work.

03:14

All right, so I am in the lab now. As you can see, I've got a terminal open in Cali, Lennox, you can open it from the little sidebar over here or by typing in control T So we know where on the 1921681 network. So let's go ahead and scan a single. I pee on the way we do that again, it's just end map.

03:34

Then that I p address 19 to 1 68 11

03:38

So we will let that scan run. It should only take about 15 20 seconds or so.

03:53

All right, so that was real quick and only took about 17 seconds and we can see on the default skin that we've got a few different ports open on this device.

04:03

That's really cool. It shows it all there nice and easy.

04:09

Another really useful scam would be a

04:13

whose discovery scam. And that's just something you can kind of scan the whole network just to see if the hosts are up. So if we run

04:21

with scenes in math

04:26

Dash,

04:28

lower case S P and then the network rains were into the 1 91 6810 slash 24. And you could also take this as ah range of I p. So 19216811-2 55. Who wanted to scan everything? I know

04:46

for a fact you don't have that many devices on this network, so we're just gonna d'oh

04:50

and map one through 20.

04:57

As you can see with that just quick Discovery scan with the SP one through 20 looks like all 20 hosts are up, so there's a few other things you can do can combine these. Like I said, you can actually scan from a list, so it's going to create a list real quick. So you see a nano

05:15

and we will just listed as

05:17

we'll say no Nai peas.

05:21

All right, so let's say we know 192

05:25

Sure, we get our

05:27

16811 is ah, host. We wanna scan 121681 15 192.1 sexy. Got one.

05:39

13. It'll have to be any order. This is a list of hosts.

05:45

Two.

05:47

So if we hit control Um Oh, that'll right up file. Enter

05:53

control X look. Good and clear that.

05:57

And so l s Let's see if we can find

06:00

our file.

06:32

Oh,

06:35

okay. So we can see that this

06:39

scan did complete It Looks like it took just over a minute to scan those hopes. So we've got a couple of posts up, so we've got 121682 up. And it's showing that s h is open.

06:53

We've got 192168 That 1 15 with a bunch of filtered ports wanting to 1681 13. And it shows that 2069 is open. And then we've got our 19216811 So this is really useful for scanning and network to see what's on there.

07:13

What devices? Air running.

07:15

You can do a dash a for advance and that will attempt to discover what operating system is. What other service is. Maybe running. There's a lot of stuff that you could do with end map. It's a really powerful tool to discover what's on

07:30

your network. And one thing. I will mention this super handy like so you can scan from known I P lists.

07:38

One thing you can do

07:40

is we can do and maps can

07:43

any and maps can. So we'll just do the 192168.11 again, and you can actually write it to a text file

07:51

so we can stay Router scan results

07:58

dot text,

08:01

and we'll let that scan run. If you remember, this one should be pretty quick. It's already done, so it's unclear the screen. It's going a little crowded, and then we will cat router scan results. And here is your exact,

08:15

um,

08:16

scan results from that one,

08:18

and it's really easy to build. Some commands kind of filter through these outputs, look for only certain ports