Welcome back ! This is going to be out second tutorial on Recon Series . if You haven't gone through the first tutorial of this series please Click the Link The Harverster-Recon Part 1 . In this tutorial we are going to discuss about nmap tool. If you really don't know what is nmap google it down and learn some basic definition and functions about nmap and remeber to use This-CheatSheet While practicing nmap.
What is nmap ?
The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:
- Network discovery
- More sophisticated and accurate OS version detection
- Vulnerability detection
- Backdoor detection
- Vulnerability exploitation
Installing Namp on kali Linux:
>>Open Terminal and Type
>>apt-get install nmap
>>Press Enter and wait till installation is completed.
Finding Nmap Scripts in Your Local System:
>locate *.nse
As you can see in the screenshot above, our terminal displays hundreds of Nmap scripts.Among the most useful to us are the vulnerability scanning scripts. These scripts are usually designed to find a specific vulnerability or type of vulnerability that we can then come back later and exploit.
Finding Scripts designed to find a specific vulnerabilities:
>>locate *vuln*.nse
As you can see, it returned a few vulnerability scanning scripts
Getting Info About The script:
With these hundreds of scripts, we may need some help in determining what they do and how they work. For instance, if we scroll down to the "http" section of the scripts, we will see a script named: http-iis-webdav.vuln.nse
Executing The Script:
>>Open Terminal
>>nmap --script http-methods.nse 127.0.0.1 -p 80,443
which will Execute script http-methods.nse on host 127.0.0.1 through ports 80 and 443
The Nmap scripting engine is a powerful item in our arsenal of hacking tools that can be tailored to a multitude of tasks. In future posts, I will explore more of its capabilities and show you how to write your own Nmap scripts. So keep coming back, my tenderfoot hackers!
Comments
Post a Comment