Introduction
The
Legendary NMAP's new version Nmap 5.61 TEST4 have released. It include
some new features as below.
- a spidering library and associated scripts for crawling websites.
- 51 new NSE scripts, bringing the total to 297.
- a new vulnerability management library which stores and reports found vulnerabilities.
Mostly we use nmap for the following scenario, but in this article I will like to share some information regard to the usage of the nmap for better discovery
- Host Discovery
- Port Scanning
- Version Detection
- OS Detection
- Scriptable interaction with the target
Configuration
You can refer the nmap download link from here. If you are a backtrack users, the software is preloaded and you can find the download page as well. A lot of people they use nmap for port scanning and they start to practice a hidden scanning and etc. But do you know that, by port scanning we just can know what does the remote system have. It won't tell you that the system is vulnerable for attack or etc. Just take for example on MS08-067 vulnerabilities. The most common syntax and flags that we use during the scanning will be nmap -sS ip address -P0 -A -sV.
Base on this result, what it give you?. Only information of the port opening, type of operating system and etc. From here you will fire up your metasploit and start performing exploitation. without knowing whether the system is really vulnerably for attack.
The next question, the most probably you want to ask will be, how do I know and where to seek for information regard to the list of scripts I can use. Well, now I have something for you at the nmap nsedoc library. You can refer to the above document library for a better understanding on what you needs when you are performing audits.
Summary
Stay tune with my articles. Let us know what you though , learns and
hope for next articles!. Connect with us on GOOGLE+ , TWITTER and FACEBOOK. 
No comments:
Post a Comment