Nmap Tutorial For Beginners - 2 - Advanced Scanning
Advanced Nmap Commands Tutorial
Introduction to Nmap
- The video introduces advanced Nmap commands and how to scan with Nmap, read results, and utilize them effectively.
- The presenter opens the terminal (Linux) or command prompt (Windows) to initialize Nmap and demonstrates using the help command for options and examples.
Basic Scanning with Nmap
- A demonstration of scanning a domain allowed for educational purposes is conducted without any options to show default results.
- By default, Nmap scans 1,000 ports; it can scan up to 6,500. The initial scan takes about 15 seconds due to this limitation.
- Results indicate that out of 1,000 ports scanned, four are open or filtered. Closed ports total 996.
Understanding Scan Results
- Active ports identified include SSH (port 22), HTTP (port 80), nping, and echo. None are in a filtered state.
- A "filtered" state means Nmap cannot determine if a port is open or closed; it's advised to avoid these when possible.
Targeting Specific Ports
- Scanning all ports indiscriminately is inefficient; hackers typically target specific services like SSH on port 22 for efficiency.
- The importance of saving scan results is emphasized as closing the terminal prematurely can lead to loss of valuable data from lengthy scans.
Performing Subnet Scans
- The presenter prepares to scan their home network subnet by identifying their IP range using the
ifconfigcommand.
- Users should locate their current network interface's inet line and netmask for determining the IP range available for scanning.
Saving Scan Results
- An example command is prepared:
nmap -oG <output_file> <IP_range>which saves results in a grippable format for easy reading.
How to Generate Grappable Output Files from Scans
Setting Up the Scan and Output File
- The process begins with a command that includes "double v" for verbose output, which provides more detailed information during the scan. A greater than sign is added to direct the output.
- The user selects a directory (desktop) to save the grappable output file, naming it "results." Upon completion of the scan, this results file appears on the desktop.
Understanding Scan Results
- The scanning process checks a thousand ports for any open connections. Initially, all ports are reported as down until port 21 (FTP) and port 80 (HTTP) are identified as open.
- The results document is well-organized and includes timestamps indicating when the scan was performed, serving as good documentation.
Targeting Specific Ports
- To target a specific port, users can modify their previous command by adding "-p" followed by the desired port number (e.g., port 22).
- After executing this command, if successful, it confirms that SSH on port 22 is active and provides details about how long the scan took.
Encouragement for Practice and Feedback
- Viewers are encouraged to practice scanning different ports and saving outputs in various formats (like .txt), noting differences in documentation style.
Community Engagement
- The presenter invites viewers to engage with content through likes or dislikes based on their experience with the video. They also encourage sharing videos to reach a wider audience who may benefit from this knowledge.