Port Scanners/ Networking Pentesting
Watch our 5 minute concise overview of the uses of Nmap (for beginners!)
Nmap is an abbreviation for ‘Network Mapper’ – ‘Network’ in an IT sense of the word. You can consider Nmap as being one of the best-known, and in fact, one of the most useful hacking tools out there. Period. If you are serious about pentesting, ethical hacking and IT Security in general, then learning Nmap is essential.
You betcha! In fact, a lot of other tools out there, Metasploit for example, pulls in Nmap for network discovery and security auditing. Many system admins will use Nmap along with other such tools as Wireshark (and perhaps even ‘Network Miner’) for a wide variety of port and network scanning. If you’re completely new to port and network scanning then we’d suggest this article here.
This concept refers to, somewhat obviously, scanning the network! ‘Ports’ on a network can be considered as being the entry points to a machine, or computer (box) that is connected to the Internet. An application or service that listens on a port functions by receiving data (bytes) from a client application, processing that data and then sending it back. If a network is hacked into, or compromosed, then a malicious client can be programmed to exploit vulnerabilities in the server code with the purpose of being able to gain access to sensitive data or execute malicious code remotely. The communication and commands would be administered through the implementation of a Remote Access Tool (RAT).
Network scanning and port scanning are often used interchangeably. Port scanners (of which there are several, such as Angry IP Scanner, NetScanTools, Unicornscan and NetworkMiner) are used by system and network administrators to verify security profiles of networks to prevent hackers from being able to identify services running on a host that have exploitable vulnerabilities. Of course, if a network admin (or any other IT professional) performing a scan discovers a vulnerability then there priority is to patch the hole without delay. Port scanning is a task performed in the initial phase of a penetration test (‘pentest’) in order to establish all network entry points into the target system.
At first it might seem that there are a ton of ‘similar’ tools. However, most of them service a particular need, or said in a more technical way, the tools have an expertize with regards to certain protocol scanning, for example, some are better at TCP ports scanning rather than UDP ports scanning and vica versa.
Nmap tool works by inspecting raw IP packets in creative ways to understand what hosts (servers) are available on the network, what services (application name and version) those hosts are using, what operating systems (including Operating System versions and possible patches) and what type and version of packet filters/ firewalls are being used by the target. In summary you’ve got to learn Nmap and if want to work in Cyber Security as a practioner.
Yes, Nmap works on all major computer operating systems, and official binary packages are available for Linux, Windows, Mac OS X,
IRIX, and AmigaOS. Of course, there’s a much easier way to install Nmap – just use Kali Linux or use BackBox since it ships with Nmap and you’ll be able to update the progam with ease. We have a lot of information on Linux Pentesting ‘Ethical Hacking’ Distributions here.
Zenmap is the GUI version of Nmap. Here’s our advice: learn how to use Nmap, but when you’re out in the field performing a penetration test etc., then fire-up Zenmap. The awesome thing about Zenmap is that it pre-loads all the command lines in one go so you don’t have to start tapping ‘nmap’ into the command terminal to load the command help prompts.
The fundamental use of Nmap is that it can recognize and list, in a verbose format, open ports on a target host in preparation for security auditing. Specifically however, here are a bunch of uses for Nmap, including:
Like any learning, especially cyber security hacking/ pentesting training, the more ‘hands-on’ the course is, the more we recommend it. We’ve selected our preferred courses here.
In this section we outline our favorite Nmap tutorials. If you have a tutorial or video to add then please get in contact with us.
Here’s our recommended Nmap Video Tutorial.