Note: This is the continuation of our previous lab. Where we set up a basic ethical hacking/Penetration lab using Metasploitable3 and Kali Linux. You can find the lab here: Setting Up an Ethical Hacking Lab. Also, I created an Nmap cheat sheet as a guide to help us in this lab. Click here: An Ultimate Nmap Cheat Sheet. Have it handy; you will find it useful.
Important! Please do not scan systems that do not belong to you or have legal permission to scan.
It is illegal to scan any network, system, or site without prior authorization from the owner. Alternatively, you can scan this site, scanme.nmap.org, if you haven’t set up your ethical hacking lab yet. Scanme.nmap.org by Nmap, was developed for the purpose of network scanning. See example below
Nmap is pre-installed in Kali Linux. Let’s perform a basic scan on the target. Open your terminal, type nmap scanme.nmap.org, and hit enter as shown below
nmap scanme.nmap.org
Next, type sudo nmap -A scanme.nmap.org and hit enter. -A flag enables aggressive scanning. Provides information about the OS, version, and other useful details. -A flag will scan the target using -sS, -sV, and -O flags. See the screenshot below
nmap -A scanme.nmap.org
Now, we are going to start scanning Metasploitable3 as a target. Kali Linux is our attacking machine. Metasploitable3 is our target machine. Find out what your Metasploitable3 IP address is. Open the command prompt, type ipconfig and hit enter. Take note of the IP address, as this is what you will need for this project.
Perform a basic scan on the target using the command below. Replacing <target> with the IP address of your target host.
nmap <target>
Perform an aggressive scan on the target using the command below. Replacing <target> with the IP address of your target host. Using -A flag provides us with information about the service version, Os version, and operating system.
sudo nmap -A <target>
Similar to when we used -A flag for an aggressive scanning above. Notice we got the service version, Os version, and operating system details.
sudo nmap -sS -sV -O <target>
Perform a stealth scan probing a specific port 21. Use the -sS syntax for a stealth scan and -p to probe a specific port.
sudo nmap -sS -p21 <target>
Perform a UDP scan on the target by using -sU flag. This command allows us to perform a UDP port scan on the target. This is a very useful command for identifying services that use UDP.
sudo nmap -sU <target>
Performs a scan on the target without sending an ICMP Echo Request (ping request) message. Using -Pn flag, this command allows us to scan systems with disabled ICMP responses.
sudo nmap -Pn <target>
Let’s perform a traceroute. We will also perform an advanced scan to determine the target’s service version, operating system, and script scanning. -A flag for an aggressive scan, which provides details about OS, Service Version, and other useful information. -T flag specifies the scan timing. -p- enables us to scan for all 65,535 open ports on a target.
sudo nmap -A -T4 -p- <target>
Use this cheat sheet to practice more. Click here: An Ultimate Nmap Cheat Sheet.