Nmap Network Exploration and Security Auditing Cookbook
eBook - ePub

Nmap Network Exploration and Security Auditing Cookbook

Paulino Calderon

Condividi libro
  1. 436 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Nmap Network Exploration and Security Auditing Cookbook

Paulino Calderon

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

A complete reference guide to mastering Nmap and its scripting engine, covering practical tasks for IT personnel, security engineers, system administrators, and application security enthusiastsKey Features• Learn how to use Nmap and other tools from the Nmap family with the help of practical recipes• Discover the latest and most powerful features of Nmap and the Nmap Scripting Engine• Explore common security checks for applications, Microsoft Windows environments, SCADA, and mainframesBook DescriptionNmap is one of the most powerful tools for network discovery and security auditing used by millions of IT professionals, from system administrators to cybersecurity specialists. This third edition of the Nmap: Network Exploration and Security Auditing Cookbook introduces Nmap and its family - Ncat, Ncrack, Ndiff, Zenmap, and the Nmap Scripting Engine (NSE) - and guides you through numerous tasks that are relevant to security engineers in today's technology ecosystems.The book discusses some of the most common and useful tasks for scanning hosts, networks, applications, mainframes, Unix and Windows environments, and ICS/SCADA systems. Advanced Nmap users can benefit from this book by exploring the hidden functionalities within Nmap and its scripts as well as advanced workflows and configurations to fine-tune their scans. Seasoned users will find new applications and third-party tools that can help them manage scans and even start developing their own NSE scripts. Practical examples featured in a cookbook format make this book perfect for quickly remembering Nmap options, scripts and arguments, and more.By the end of this Nmap book, you will be able to successfully scan numerous hosts, exploit vulnerable areas, and gather valuable information.What you will learn• Scan systems and check for the most common vulnerabilities• Explore the most popular network protocols• Extend existing scripts and write your own scripts and libraries• Identify and scan critical ICS/SCADA systems• Detect misconfigurations in web servers, databases, and mail servers• Understand how to identify common weaknesses in Windows environments• Optimize the performance and improve results of scansWho this book is forThis Nmap cookbook is for IT personnel, security engineers, system administrators, application security enthusiasts, or anyone who wants to master Nmap and its scripting engine. This book is also recommended for anyone looking to learn about network security auditing, especially if they're interested in understanding common protocols and applications in modern systems. Advanced and seasoned Nmap users will also benefit by learning about new features, workflows, and tools. Basic knowledge of networking, Linux, and security concepts is required before taking up this book.

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Nmap Network Exploration and Security Auditing Cookbook è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Nmap Network Exploration and Security Auditing Cookbook di Paulino Calderon in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Cyber Security. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
Packt Publishing
Anno
2021
ISBN
9781838640781
Edizione
3
Argomento
Computer Science
Categoria
Cyber Security

Chapter 1: Nmap Fundamentals

Network Mapper (Nmap) was originally released by Gordon Lyon, known on the internet as Fyodor, in the infamous Phrack magazine Vol. 7 Issue 51 (https://nmap.org/p51-11.html). It is still acclaimed today as one of the best tools for network reconnaissance and security auditing in cybersecurity. The first public version was introduced as an advanced port scanner along with a paper describing research on novel techniques for port discovery, but since then, it has gone down a long road and become so much more. The Nmap project itself evolved into a family of advanced networking tools that includes amazing projects such as Ncrack, Ncat, Nping, Zenmap, and, built into Nmap itself, the Nmap Scripting Engine (NSE). Fyodor's own description on the official website is as follows:
"Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X."
Nmap's community is very active, so I encourage you to always keep up with the latest stable releases and patches. Announcements and discussions take place on the development mailing list, so if you would like to contribute to the project, I recommend you subscribe to the mailing list at https://nmap.org/mailman/listinfo/dev. These days, you will also find a GitHub repository serving as the official mirror from the Subversion code repository. For issues and pull requests, it is recommended to create them on GitHub and send a friendly reminder to the mailing list so they are easier to track and to avoid them getting lost in all the noise.
This first chapter is for newcomers to Nmap and its projects. It aims to give you a general overview of the main capabilities of the Nmap project. Starting with building Nmap projects from source code, you will become familiar with all the tools of the Nmap project. In just the initial recipes, you will learn how flexible and powerful the Nmap tools are, but as we move through the chapters, you will go deep into the internals to learn how to not only use the tools for a wide range of tasks useful in the cybersecurity field but also extend them and create new functionality by writing your own modules in Lua or C. The practical tasks chosen for this chapter will get you started with Nmap and the most common options and features to start scanning targets and customizing scans.
In this chapter, we will cover the following recipes:
  • Building Nmap's source code
  • Finding online hosts
  • Listing open ports on a target
  • Fingerprinting OSes and services running on a target
  • Using NSE scripts against a target host
  • Scanning random targets on the internet
  • Collecting signatures of web servers
  • Scanning with Rainmap Lite

Technical requirements

The following tools are officially part of the Nmap project and were created to accomplish common tasks for network diagnostics and security scanning:
  • Nping (https://nmap.org/nping/) specializes in custom network packet crafting for diagnostics and troubleshooting.
  • Ncrack (https://nmap.org/ncrack/) focuses on network authentication cracking, supporting the most popular applications and protocols.
  • Ncat (https://nmap.org/ncat/) is an enhanced version of Netcat that supports encryption out of the box and is extensible using Lua scripts.
  • Zenmap (https://nmap.org/zenmap/) is a cross-platform GUI for Nmap focused on usability.
  • NSE (https://nmap.org/book/nse.html) takes information obtained from scanned targets and provides an interface for users to script additional tasks using Lua.

Building Nmap's source code

Throughout this book, you will use all the tools from the Nmap project, so it is a good idea to start by installing the latest versions now. We will not work with pre-built binaries as mere mortals but build them from the latest source code available in the official repository. This recipe will show how to download the latest copy of the source code from the development repositories and compile and install Nmap and related tools in your Unix-based system.
We always prefer working with the very latest snapshot of the repository because precompiled packages take time to prepare and we will often miss important patches or new NSE scripts. The following recipe will show the process of downloading the source code and configuring, building, installing, and maintaining an up-to-date copy of the Nmap project in your ars...

Indice dei contenuti