This introductory guide is designed to introduce developers, testers, or anyone interested in learning the basics of network discovery and enumeration using the classic open-source network scanner – nmap.
nmap has been a mainstay for security testers and system administrators for years, generally for enumerating live hosts and discovering open ports and services. The benefits of the scanner extend beyond security professionals and may be useful in other areas, such as the software testing and development fields.
The lab will cover the following topics.
- Downloading and Installing
- Basic Usage
- Discovery
- Enumeration
- Other Useful Options
- OS/Version detection
- Avoiding Firewalls/IPS
- NSE Scripts
Target Audience The goal of this lab is to introduce the tool and demonstrate the basics of scanning and highlight some of the newer features to IT professionals with little experience with port scanning or who may not have considered having nmap as a standard tool in their toolkit. This lab will target IT professionals with the following roles:
- Software Developers
- Software Testers
- Security Professionals
- System Administrators
Throughout the lab, the instructor will draw upon real-world or “field” experience as a penetration tester to cite examples where nmap was a key tool in discovering flaws in web applications, mis-configured servers, and rouge hosts. These security flaws and weaknesses were leveraged and exploited to gain authorized access. Furthermore, the instructor will explain how simple scanning may have been used to identify these flaws before being reported as high risk findings in an audit report.
Objectives The objectives of the lab will be:
- To demonstrate downloading source code and installing nmap.
- To show basic techniques using nmap to perform:
- live host discovery,
- service enumeration,
- OS detection,
- service version detection, and
- stealth scanning (avoid IPS detection)
- To demonstrate some of the Nmap Scripting Engine (NSE) scripts that automate a wide variety of networking tasks.
- Demonstrate Zenmap, the GUI interface for nmap. Briefly show examples of scanning using the GUI version of nmap on Windows.
Hands-on Lab Requirements
- Ability to connect to a wireless network
- Must have a version of nmap (6.x preferred)
- Basic experience with Linux or Unix-based platforms and command-line interfaces
- General familiarity with basic TCP/IP concepts such as ports, TCP, UDP, and simple network protocols such as Telnet, FTP, DNS, SNMP, etc.
- It is assumed the attendees do not have extensive experience with nmap, as this is an introductory lab.