Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Nmap Network Exploration and Security Auditing Cookbook, Third Edition

You're reading from   Nmap Network Exploration and Security Auditing Cookbook, Third Edition Network discovery and security scanning at your fingertips

Arrow left icon
Product type Paperback
Published in Sep 2021
Publisher Packt
ISBN-13 9781838649357
Length 436 pages
Edition 3rd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Paulino Calderon Paulino Calderon
Author Profile Icon Paulino Calderon
Paulino Calderon
Arrow right icon
View More author details
Toc

Table of Contents (22) Chapters Close

Preface 1. Chapter 1: Nmap Fundamentals 2. Chapter 2: Getting Familiar with Nmap's Family FREE CHAPTER 3. Chapter 3: Network Scanning 4. Chapter 4: Reconnaissance Tasks 5. Chapter 5: Scanning Web Servers 6. Chapter 6: Scanning Databases 7. Chapter 7: Scanning Mail Servers 8. Chapter 8: Scanning Windows Systems 9. Chapter 9: Scanning ICS/SCADA Systems 10. Chapter 10: Scanning Mainframes 11. Chapter 11: Optimizing Scans 12. Chapter 12: Generating Scan Reports 13. Chapter 13: Writing Your Own NSE Scripts 14. Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine 15. Other Books You May Enjoy Appendix A: HTTP, HTTP Pipelining, and Web Crawling Configuration Options 1. Appendix Β: Brute-Force Password Auditing Options 2. Appendix C: NSE Debugging 3. Appendix D: Additional Output Options 4. Appendix Ε: Introduction to Lua 5. Appendix F: References and Additional Reading

Managing multiple scanning profiles with Zenmap

Scanning profiles are a combination of Nmap options that can be used to save time when launching Nmap scans.

This recipe is about adding, editing, and deleting a scanning profile in Zenmap.

How to do it...

Let's add a new profile for scanning web servers:

  1. Launch Zenmap.
  2. Click on Profile on the main toolbar.
  3. Click on New Profile or press Ctrl + P. Profile Editor will be launched.
  4. Enter a profile name and a description on the Profile tab.
  5. Enable Version detection and select TCP connect scan (-sT) in the Scan tab.
  6. Enable Don't ping before scanning (-Pn) in the Ping tab.
  7. Enable the following scripts on the Scripting tab:

    http-backup-finder

    http-config-backup

    http-cors

    http-cross-domain-policy

    http-csrf

    http-dombased-xss

    http-enum

    http-favicon

    http-headers

    http-methods

    http-open-redirect

    http-robots.txt

    http-server-header

    http-svn-info

    http-title

  8. Next, go to the Target tab and click on Ports to scan (-p) and enter 80, 443.
  9. Save your changes by clicking on Save Changes:

Figure 2.1 – NSE script selection in Zenmap

Your new scanning profile should be available from the Profile drop-down menu. We selected some of the available scripts to give you an idea, but you can adjust the scan according to your needs.

How it works...

After using the editor to create our profile, we are left with the following Nmap command:

$ nmap -sT -sV -p 80,443 -T4 -v -Pn --script http-backup-finder,http-config-backup,http-cors,http-cross-domain-policy,http-csrf,http-dombased-xss,http-enum,http-headers,http-methods,http-open-redirect,http-robots.txt,http-server-header,http-title <target>

Using the Profile wizard, we have enabled service scanning (-sV), set the scanning ports to 80 and 443, disabled host discovery (-Pn), and selected a bunch of HTTP-related scripts to gather as much information as possible from this web server. We now have this command saved and easily accessible for our scanning activities against new targets in the future.

There's more...

Customizing scan profiles can be done through the user interface. Default scanning profiles can be used as templates when creating new ones. Let's review how we work with the scanning profiles.

Zenmap scanning profiles

The predefined Zenmap scanning profiles help newcomers familiarize themselves with Nmap. I recommend that you analyze them to understand the scanning techniques available in Nmap along with some useful combinations of its options:

  • Intense scan: nmap -T4 -A -v
  • Intense scan plus UDP: nmap -sS -sU -T4 -A -v
  • Intense scan, all TCP ports: nmap -p 1-65535 -T4 -A -v
  • Intense scan, no ping: nmap -T4 -A -v -Pn
  • Ping scan: nmap -sn
  • Quick scan: nmap -T4 -F
  • Quick scan plus: nmap -sV -T4 -O -F --version-light
  • Quick traceroute: nmap -sn --traceroute
  • Regular scan: nmap
  • Slow comprehensive scan: nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 - PA3389 -PU40125 -PY -g 53 --script "default or discovery and safe"

    Important note

    You can find other scanning profiles in the database of Rainmap Lite at https://github.com/cldrn/rainmap-lite/wiki/Scanning-profiles.

Editing or deleting a scan profile

To edit or delete a scan profile, you need to select the entry you wish to modify from the Profile drop-down menu. Click on Profile on the main toolbar and select Edit Selected Profile (Ctrl + E).

The editor will be launched, allowing you to edit or delete the selected profile.

You have been reading a chapter from
Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition
Published in: Sep 2021
Publisher: Packt
ISBN-13: 9781838649357
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image