Advanced nmap

Network Option

nmap memiliki beberapa option untuk meningkatkan performa dan efisiensi scan terhadap sebuah atau beberapa target. Untuk melakukan scanning terhadap port tertentu dapat digunakan perintah sebagai berikut :

root@bt:~# nmap -p80 192.168.2.1

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 12:56 UTC

Interesting ports on 192.168.2.1:

PORT STATE SERVICE

80/tcp open http

MAC Address: 00:E0:0F:7B:D2:C9 (Shanghai Baud Data)

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds

root@bt:~# nmap -p80 -sV 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 13:08 UTC

Interesting ports on 192.168.2.4:

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.6 ((Fedora))

MAC Address: 00:0C:29:18:53:42 (VMware)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 6.45 seconds

Untuk scanning terhadap beberapa host, perintah yang dapat digunakan adalah sebagai berikut :

root@bt:~# nmap -p80 192.168.2.1,3,4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 12:57 UTC

Interesting ports on 192.168.2.1:

PORT STATE SERVICE

80/tcp open http

MAC Address: 00:E0:0F:7B:D2:C9 (Shanghai Baud Data)

Interesting ports on 192.168.2.3:

PORT STATE SERVICE

80/tcp closed http

MAC Address: 00:01:4A:F8:03:A5 (Sony)

Interesting ports on 192.168.2.4:

PORT STATE SERVICE

80/tcp open http

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 3 IP addresses (3 hosts up) scanned in 0.31 seconds

Untuk scanning terhadap host 192.168.2.4 dengan range port 1 sampai dengan 5000, perintah yang dapat digunakan adalah sebagai berikut :

root@bt:~# nmap -p 1-5000 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 13:05 UTC

Interesting ports on 192.168.2.4:

Not shown: 4991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.96 seconds

Timing and Operation

nmap menyediakan opsi durasi pengiriman packet scanning terhadap target. Pengaturan timing berguna untuk menghindari Intrusion Detection System (IDS) dan Intrusion Prevention System (IPS) yang dipasang pada target. Nmap memiliki 6 mode pengaturan timing, yaitu :
T0     : paranoid
T1     : sneaky
T2     : polite
T3     : normal
T4     : aggressive
T5     : insane
Secara default nmap akan menggunakan dengan template timing T3. Scanning dengan template waktu yang lebih lambat ditujukan untuk menghindari jatuhnya performa jaringan dan mencegah logging oleh Intrusion Detection System (IDS).

root@bt:~# nmap -T4 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:23 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

root@bt:~# nmap -T3 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:25 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

root@bt:~# nmap -T5 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:25 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

nmap juga menyediakan fitur fragmentation terhadap packet yang dikirimkan kepada target. Fitur ini akan memecah dalam kelipatan 8 MB. Ini juga ditujukan untuk menghindari IDS maupun IPS. Untuk memecah packet scanning menjadi 8 byte data dapat digunakan perintah sebagai berikut :

root@bt:~# nmap -f 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:32 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled.

Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

Untuk memecah packet scanning menjadi 16 byte data dapat digunakan perintah sebagai berikut :

root@bt:~# nmap -f –f 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:36 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds

Juga dapat digunakan option –mtu untuk mengatur besaran byte data yang akan dikirimkan.
root@bt:~# nmap –mtu 16 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:39 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds

root@bt:~#

Decoy and Spoofing

Fitur decoy memungkinkan nmap menggunakan IP Address host lain secara bergantian dalam melakukan scanning, perintah yang dapat digunakan adalah sebagai berikut :

root@bt:~# nmap -D 192.168.2.3,192.168.2.100,192.168.2.1 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:45 UTC

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.95 seconds

Untuk melakukan scanning dengan fake IP Address dapat digunakan perintah sebagai berikut :

root@bt:~# nmap -S 192.168.2.1 -e eth0 192.168.2.4

WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -PN . If you are using it to specify your real source address, you can ignore this warning.

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 12:58 UTC

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds

Untuk scanning dengan spoofing MAC Address, perintah-perintah yang dapat digunakan adalah sebagai berikut :

root@bt:~# nmap –spoof-mac -0 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:52 UTC

Spoofing MAC address 00:A0:C9:41:63:FD (Intel – Hf1-06)

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed portsroot@bt:~# nmap –spoof-mac 11:22:33:44:55:66 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:54 UTC

Spoofing MAC address 11:22:33:44:55:66 (No registered vendor)

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds

root@bt:~# nmap –spoof-mac D-Link 192.168.2.3

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:04 UTC

Spoofing MAC address 00:05:5D:42:F6:99 (D-Link Systems)

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.3:

Not shown: 997 closed ports

PORT STATE SERVICE

135/tcp open msrpc

912/tcp open unknown

51493/tcp open unknown

MAC Address: 00:01:4A:F8:03:A5 (Sony)

Nmap done: 1 IP address (1 host up) scanned in 1.54 seconds

root@bt:~# nmap –spoof-mac D-Link 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:04 UTC

Spoofing MAC address 00:05:5D:35:B2:C9 (D-Link Systems)

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds

Output Logging

nmap mempunyai fitur output untuk menyimpan hasil scanning kedalam file. Perintah yang dapat digunakan adalah sebagai berikut :

root@bt:~# nmap -oN /root/hasil.scan 192.168.2.4

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 13:31 UTC

Interesting ports on 192.168.2.4:

Not shown: 991 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:0C:29:18:53:42 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

Bila menginginkan output dalam format XML, dapat digunakan perintah nmap -oX

Mempelajari Advanced nmap

Advanced nmap

Network Option

Timing and Operation

Decoy and Spoofing

Output Logging

{ 0 komentar... Views All / Send Comment! }

Posting Komentar

Postingan Populer

Arsip Blog

Pengikut

Total Tayangan Halaman