Port Scanning using nmap and zenmap

Port scanning is basically scanning the port status whether they are open or closed. There are many ways to carry port scanning but one of the best tool for port scanning that I have came across is nmap and zenmap. There are many options provided by nmap with list of commands. The following below are the some of the commands which are very useful while doing penetration testing or gathering information about the victim.

Simple nmap scan.

Type nmap victimaddress

Port scanning for pentesters | Information Security

Trying to check all ports that are available .

Type nmap -p 1-65535 victimaddress.

As you can see the difference in output as in the first part only 1000 ports are scan and in the second part all 65535 ports are scan.

In BackTrack, the Nmap configuration files (such as the default port scan list) are located in /usr/local/share/nmap/.

Port scanning for pentesters | Information Security

Now scanning across the network to check whether a particular port is open or not.

Type nmap -p 139 victim’snetworkaddress.

Port scanning for pentesters | Information Security

As the output is not readable format we would convert in readabel format and most common and easy is ”greppable”.

Type nmap -p 139 victim’snetworkaddress -oG filename.txt

Port scanning for pentesters | Information Security

To extract only Ip address from the file

type cat filname.txt | cut -d “ “ -f2.

Port scanning for pentesters | Information Security

As of now we have information about the open port of a particular machine but we need information about the operating system because while attacking operating system matters a vital role as exploit would be selected based on operating system.

Port scanning for pentesters | Information Security

Now we would combining the operating system scan and check which systems has open port 139 and saving the output in txt file.

Type : nmap -p 139 victim’snetworkaddress -oG filename.txt

Port scanning for pentesters | Information Security

cat filename.txt | grep open | cut -d “ “ -f2 > filename-ips.txt

nmap -O -iL filename-ips.txt -oG filename-os.txt

cat filename-os.txt | grep open | cut -d “:” -f5

Port scanning for pentesters | Information Security

Now we can also find which port are running which services by typing nmap -sV 1victimaddress.

Port scanning for pentesters | Information Security

Port scanning can be used through graphical interface instead of command prompt. For that Zenmap is used. Open zenmap

Port scanning for pentesters | Information Security

Enter the address and the type of scan from the options and scan it.

Port scanning for pentesters | Information Security

Select Ports/ host tab for information about port

Port scanning for pentesters | Information Security

For Host information select Host Details tab and operating system update can be found out.

Port scanning for pentesters | Information Security

Upcoming post would be focussing on more nmap commands which would are helpful to get more information.

Please follow and like us:

Leave a Comment

Your email address will not be published. Required fields are marked *