Networking Security

NMAP

Reading Time: < 1 minute

NMAP or “Network Mapper” is a free utility that can “map” your network. It can be used to do port scans. It can perform OS detection. it’s scriptable and can be used in vulnerability detection. It’s wildly supported and included in Metasploit.

root@kali-linux:/home/user# nmap 192.168.122.186

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-17 11:23 EST
Nmap scan report for dc (192.168.122.186)
Host is up (0.00014s latency).
Not shown: 990 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown
49157/tcp open  unknown
MAC Address: 52:54:00:F3:51:47 (QEMU virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 55.67 seconds
root@kali-linux:/home/user#
nmap --script-updatedb

https://nmap.org/nsedoc/categories/vuln.html

smb-vuln-conficker
smb-vuln-cve2009-3103
smb-vuln-ms06-025
smb-vuln-ms07-029
smb-vuln-regsvc-dos
smb-vuln-ms08-067

http-vuln-cve2017-5689   
Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075 privilege 
 
nmap --script smb-check-vulns -p445 192.168.122.123
nmap --script smb-vuln-ms08-067 -P0 192.168.122.184
nmap --script smb-vuln-regsvc-dos  -p445  -P0 192.168.122.123
nmap --script smb-vuln-cve2009-3103 -p445  -P0 192.168.122.184
nmap --script http-vuln-cve2017-5689 -P0 192.168.122.184
nmap -p445 --script smb-vuln-ms17-010 192.168.123.111

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-03 16:22 EST
Nmap scan report for WIN-P4UOJH0OVJ4 (192.168.122.184)
Host is up (0.00041s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 52:54:00:8C:20:B7 (QEMU virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.80 seconds

Related posts

John

Tom Hamilton

Vulnerability Analysis Tools

Tom Hamilton

Password Management

Tom Hamilton