Network scans using nmap



Nmap is an open-source network scanning tool for port scanning, service fingerprinting, and identifying operation system versions. While it is popularly known as a network mapping and port scanning tool, it comes with the Nmap Scripting Engine (NSE) that can help in the detection of misconfiguration issues and security vulnerabilities.

It comes in a command-line interface (CLI) as well as a graphical user interface (GUI).

For scanning vulnerabilities there are range of scripts freely available with nmap, scripts can be found
here: vuln NSE Category

To run above scripts we do not need anything extra, nmap provides a command which will try to run all the scripts mentioned above on the target machine or the subnet.

sudo nmap --script vuln will run all the vulnerability scripts on the given subnet.

Example commands:

 sudo nmap -sT #Scan single IP for all ports  
 sudo nmap -sT #Scan entire subnet  
 #Scan for vulnerabilities using scripts available with nmap  
 sudo nmap --script vuln   

Generating and extracting reports:

nmap has an option to store the scan results in multiple formats.

-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,  and Grepable format, respectively, to the given filename.

XML formats can be converted to html reports, more on this here:Creating HTML Reports | Nmap Network Scanning

 xsltproc <nmap-output.xml> -o <nmap-output.html>  

NOTE: If xsltproc isn't recognized, install using below options

 # Using apt  
   sudo apt-get install xsltproc  
 # Using yum  
   sudo yum install libxslt  
 # Using brew  
   brew install libxslt  

Post a Comment