Nmap Essentials

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Introduction to Nmap

Nmap's humble beginnings

The many uses of Nmap

Installing Nmap

Building Nmap from source

Summary

2. Network Fundamentals

The structure of the Internet

The OSI model

Port scanning

TCP and UDP

Service banners

Summary

3. Nmap Basics

How to choose a target

Running a default scan

Service version scans

Logging scans

Specified scan ranges

Understanding the reason flag

Summary

4. Advanced Nmap Scans

Host detection methods

Running a ping agnostic scan

Scanning UDP services

Special TCP scans

Operating system detection

Increasing verbosity in scans

Packet tracing

Summary

5. Performance Optimization

Nmap timing optimization

Customized host group sizes

Increasing and decreasing parallelism

Dealing with stuck hosts

Delaying and increasing probe rates

Summary

6. Introduction to the Nmap Scripting Engine

The history of the NSE

The inner working of the NSE

Finding Nmap scripts

Running Nmap scripts

Summary

7. Writing Nmap Scripts

Anatomy of an Nmap script

Defining an Nmap script – script headers

Triggering functions – the rule

Defining a script's action

Summary

8. Additional Nmap Tools

Attacking services with Ncrack

Host detection with Nping

File transfers and backdoors with Ncat

Comparing Nmap results with Ndiff

Summary

9. Vulnerability Assessments and Tools

Conducting vulnerability scans with Nessus

Assessing web server issues with Nikto

Identifying sensitive web directories with DirBuster

Getting started with intercepting proxies

Summary

10. Penetration Testing with Metasploit

Installing Metasploit

Scanning with Metasploit

Attacking services with Metasploit

What to learn next

Summary

Index

Copyright © 2015 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: May 2015

Production reference: 1220515

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78355-406-5

www.packtpub.com

Author

David Shaw

Reviewers

Rajdeep Bhattacharya

Nikhil Kumar

Aravinda Babu T

Ravi Chandra Vinjanampati

Commissioning Editor

Amarabha Banerjee

Acquisition Editor

Shaon Basu

Content Development Editor

Siddhesh Salvi

Technical Editor

Madhunikita Sunil Chindarkar

Copy Editor

Trishya Hajare

Project Coordinator

Nidhi Joshi

Proofreaders

Stephen Copestake

Safis Editing

Indexer

Hemangini Bari

Production Coordinator

Nitesh Thakur

Cover Work

Nitesh Thakur

David Shaw has extensive experience in many areas of information security. He began working in the trenches of perimeter analysis and conducting external threat research for large financial institutions. After switching to offensive security, he joined Redspin to conduct application security assessments and network penetration tests.

David is currently the Chief Technology Officer and Vice President of Professional Services at Redspin, specializing in external and application security, and managing a team of highly skilled engineers. He has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at THOTCON, NolaCon, ToorCon, LayerOne, DEF CON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

Rajdeep Bhattacharya is a Principal Server Engineer at Nimbuzz Technologies, located in Gurgaon, India. He has been working on the security and scalability of different products for Nimbuzz. Currently, he is working on the behavior-driven development approach and the performance optimization of various caching layers. In his spare time, he enjoys listening to music, travelling, cooking, and playing table tennis.

Nikhil Kumar is an Information Security Analyst at Biz2Credit Inc. He is a Certified Ethical Hacker, and has a bachelor's and master's degree in computer science. He has written many articles on web application security, security coding practices, web application firewalls, and so on.

He has discovered multiple vulnerabilities in big hotshot applications, including Apple, Microsoft, and so on.

He is currently pursuing the OSCP certification.

Nikhil can be contacted on LinkedIn at https://in.linkedin.com/in/nikhil73.

Aravinda Babu T is a senior staff member at Fornetix. In this role, he focuses on architecture and the development of encryption key orchestration technologies. He previously worked as an advisory software engineer in IBM Software Labs for the power servers division, and as an open source contributor in ONF for the wireless and mobility group. He has 14 years of experience in network security, datacom, and mobile technologies. He has also worked at Nokia, Motorola, and IBM previously. His experience includes mobile middleware, wireless LAN switches, UTM appliances, and HPC servers.

Ravi Chandra Vinjanampati has been working in the infosec domain for the past 7 years. He holds a GCIH certification, has worked with global finance giants in the past, and is currently working with an engineering company.