sanskytech
🎩 Hack
Published on 7th of June 2024

Nmap: Essential Port Scanning for Penetration Testing!

Paniz
Paniz HeidariPentester
cover
Reading Time : 2 Min
Description

Discover the power of Nmap, an indispensable tool for port scanning and network exploration. In this blog, we'll delve into the various command-line switches and options that make Nmap a versatile and essential asset for penetration testers. Whether you're a beginner or an experienced professional, this guide will help you unlock the full potential of Nmap for your security assessments.

Introduction

Curious about how to effectively scan ports on a system? Meet Nmap, a powerful and versatile tool for port scanning and network exploration. In this post, we'll uncover the essential switches and techniques that make Nmap indispensable. Ready to dive in and unlock the full potential of Nmap? Let's get started! 😊

Nmap Basic Syntax

The basic syntax for using the Nmap command is nmap followed by the target's IP address. In the examples below, the IP address is provided for illustration purposes

BashCommand
nmap 192.168.1.64

Switch -T-

"-T" stands for timing, and it is possible to use a number from 0 to 5 with it. The higher the number, the faster the scanning process. However, the recommended number is 4, which balances speed and accuracy of scanning process effectively.

BashCommand
nmap -T4 192.168.1.164

Switch -p-

Using " -p- " allows us to scan all ports.

BashCommand
nmap -T4 -p- 192.168.1.164

Alternatively, you can use -p desired ports such as -p 80,21, to scan specific ports.

BashCommand
nmap -T4 -p 80,443,21,22,445 192.168.1.164

If you omit the -p switch, Nmap will scan the top 1,000 most common ports by default.

BashCommand
nmap -T4 192.168.1.164

Switch -A-

This switch enables Nmap to detect the operating system and the version of the services running on the target. This information is crucial for penetration testers to identify relevant vulnerabilities and exploits.

BashCommand
nmap -T4 -p- -A 192.168.1.164

Switch -Pn-

At times, the target machine being scanned may detect the scanning activity and choose not to respond, displaying the ports as closed. However, to bypass this protection, we can employ the -Pn option with Nmap. This instructs Nmap to treat the unresponsive machine as online, allowing us to circumvent such defenses.

BashCommand
nmap -Pn -T4 -p- -A 192.168.1.164

Scanning Result

The open ports (443, 80, 139, 445, and 22), as well as the detected OS name 'Kioptrix,' are shown in the picture below. Port 80 being open suggests that the machine is behaving as a web server, while port 443 indicates SSH services are active. Port 22 is specifically dedicated to SSH. Additionally, ports 445 and 139 are related to SMB and file and printer sharing services, which could provide valuable opportunities to identify relevant exploits.

Port scanning Nmap on youtube channel

Delve deeper into honing penetration testing skills and mastering port scanning with Nmap with our complementary video, available on both SanskyTech's website and our YouTube Channel: www.youtube.com/@sanskytech.