🎛️Port Scanning

Port scanning is a technique used in cybersecurity to identify open ports and services on a networked system. It involves sending packets to specific ports on a target device and analyzing the responses to determine which ports are open, closed, or filtered. This process helps in identifying potential entry points for attacks and is commonly used in vulnerability assessments and penetration testing.

Nmap/Zenmap Tool

Nmap is a powerful network scanning tool used to discover hosts and services on a computer network. Zenmap serves as its graphical user interface (GUI), offering an intuitive way to visualize and interact with Nmap's scanning and mapping capabilities. Below, we will explore some Nmap flags that can be used for mapping the network or conducting network discovery in the Information Gathering Section.

Other Nmap Flag’s:

  • -iL flag in Nmap is used to specify a list of target IP addresses or hostnames from a text file for scanning.

  • The -sU flag in Nmap is used to perform UDP port scanning. It scans for open UDP ports on a target host.

  • The tftp command in Linux is used to interact with TFTP servers for file transfers, supporting both downloading and uploading files.

NMAP Automator

Nmap Automator is a tool designed to automate the process of running Nmap scans, streamlining the workflow for penetration testers and network administrators. It provides a simplified way to perform various types of scans, such as quick, full, and vulnerability scans, by combining Nmap with other tools and scripts to enhance efficiency and effectiveness in network reconnaissance and vulnerability assessment.

Features

Scans

  1. Network : Shows all live hosts in the host's network (~15 seconds)

  2. Port : Shows all open ports (~15 seconds)

  3. Script : Runs a script scan on found ports (~5 minutes)

  4. Full : Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)

  5. UDP : Runs a UDP scan "requires sudo" (~5 minutes)

  6. Vulns : Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)

  7. Recon : Suggests recon commands, then prompts to automatically run them

  8. All : Runs all the scans (~20-30 minutes)

Note: This is a reconnaissance tool, and it does not perform any exploitation.

Masscan

Masscan is a high-performance, open-source network scanner designed for rapid and large-scale port scanning. It can scan the entire Internet in mere minutes, making it one of the fastest tools available for discovering open ports and services. Masscan's efficiency and speed are achieved through its asynchronous and highly optimized scanning engine.

Rustscan

Rustscan is a fast and efficient port scanner written in Rust, designed to improve upon the speed of traditional scanners like Nmap. It leverages Rust's concurrency capabilities to scan ports quickly and then seamlessly integrates with Nmap for detailed service enumeration and vulnerability assessment, combining speed and thoroughness in network reconnaissance.

Autorecon

AutoRecon is an automated reconnaissance tool designed to simplify the initial information-gathering phase of penetration testing. It systematically performs a series of scans and enumerations on target hosts, leveraging various tools to collect and organize data on services, ports, and potential vulnerabilities, thereby enhancing the efficiency and thoroughness of the reconnaissance process.

Hacker's Mantra:Technology trust is a good thing, but control is a better one. - Stephane Nappo

PreviousMapping a NetworkNextEnumeration

Last updated