Nmap

Nmap Security Scanner

results of an Nmap scan
Original author(s) Gordon Lyon (Fyodor)
Initial release September 1997 (1997-09)
Stable release
7.31 / 20 October 2016 (2016-10-20)[1]
Repository github.com/nmap/nmap
Development status Active
Written in C, C++, Python, Lua
Operating system Cross-platform
Available in English
Type computer security, network management
License GPL v2
Website nmap.org

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)[2] used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection,[3] vulnerability detection,[3] and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community.

Nmap was originally a Linux-only utility,[4] but it was ported to Windows, Solaris, HP-UX, BSD variants (including OS X), AmigaOS, and IRIX.[5] Linux is the most popular platform, followed closely by Windows.[6]

Features

Nmap features include:

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.[8]

Typical uses of Nmap:

Graphical interfaces

NmapFE, originally written by Zach Smith, was Nmap's official GUI for Nmap versions 2.2 to 4.22.[14] For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.

Various web-based interfaces allow controlling Nmap or analysing Nmap results from a web browser. These include LOCALSCAN,[15] nmap-web,[16] and Nmap-CGI.[17]

Microsoft Windows specific GUIs exist, including NMapWin,[18] which has not been updated since June 2003 (v1.4.0), and NMapW[19] by Syhunt.

Reporting results

Nmap provides four possible input formats. All but the interactive output is saved to a file. Nmap output can be manipulated by text processing software, enabling the user to create customized reports.[20]

Interactive
presented and updated real time when a user runs Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.
XML
a format that can be further processed by XML tools. It can be converted into a HTML report using XSLT.
Grepable
output that is tailored to line-oriented processing tools such as grep, sed or awk.
Normal
the output as seen while running Nmap from the command line, but saved to a file.
Script kiddie
meant to be an amusing way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest1ng p0rtz.

History

Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included.[21] With help and contributions of the computer security community, development continued. Enhancements included operating system fingerprinting, service fingerprinting,[7] code rewrites (C to C++), additional scan types, protocol support (e.g. IPv6, SCTP[22]) and new programs that complement Nmap's core features. Changes include:

The Nmap Changelog records all changes.[14]

Ethical issues and legality

Nmap is a tool that can be used to discover services running on Internet connected systems. Like any tool it could potentially be used for black hat hacking,[31] as a precursor to attempts to gain unauthorized access to computer systems. Nmap is more often used by security and systems administration to assess networks for vulnerabilities.

System administrators can use Nmap to search for unauthorized servers, or for computers that do not conform to security standards.[32]

Nmap is related to vulnerability assessment tools such as Nessus, which test for common vulnerabilities in open ports. The included NSE[33] scripts that are packaged with modern versions of Nmap are able to perform vulnerability checks against discovered services.

In some jurisdictions, unauthorized port scanning is illegal.[34]

In The Matrix Reloaded, Trinity is seen using Nmap to access a power plant's computer system,[35] allowing Neo to "physically" break in to a building. The appearance of Nmap in the film was widely discussed on Internet forums and hailed as an unusually realistic example of hacking.[36]

Nmap and NmapFE were used in The Listening, a 2006 movie about a former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian alps.

Nmap source code can be seen in the movie Battle Royale, as well as brief views of the command line version of Nmap executing in Live Free or Die Hard and Bourne Ultimatum.[35] In 2013, Nmap continued to make appearances in movies including popular sci-fi movie Elysium.

The film Dredd, a film adaptation of the famous Judge Dredd comics, was released in 2012 and also contains multiple Nmap scenes.[35] Nmap is used for network reconnaissance and exploitation of the slum tower network. It is even seen briefly in the movie's trailer.

The command Nmap is widely used in the video game Hacknet, allowing to probe the network ports of a target system to hack it.

In academia

Nmap is an integral part of academic activities. It has been used for research involving the TCP/IP protocol suite and networking in general.[37] As well as being a research tool, Nmap has become a research topic.[38]

Sample output

Command:- nmap -A scanme.nmap.org
Starting Nmap 6.47 ( https://nmap.org ) at 2014-12-29 20:02 CET
Nmap scan report for scanme.nmap.org (74.207.244.221)
Host is up (0.16s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_  2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
80/tcp   open  http       Apache httpd 2.2.14 ((Ubuntu))
|_http-title: Go ahead and ScanMe!
9929/tcp open  nping-echo Nping echo
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|phone|storage-misc|WAP
Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (94%), Netgear RAIDiator 4.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/o:linux:linux_kernel:3 cpe:/o:netgear:raidiator:4 cpe:/o:linux:linux_kernel:2.4
Aggressive OS guesses: Linux 2.6.38 (94%), Linux 3.0 (92%), Linux 2.6.32 - 3.0 (91%), Linux 2.6.18 (91%), Linux 2.6.39 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.38 - 3.0 (90%), Linux 2.6.38 - 2.6.39 (89%), Linux 2.6.35 (88%), Linux 2.6.37 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 13 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   14.21 ms  151.217.192.1
2   5.27 ms   ae10-0.mx240-iphh.shitty.network (94.45.224.129)
3   13.16 ms  hmb-s2-rou-1102.DE.eurorings.net (134.222.120.121)
4   6.83 ms   blnb-s1-rou-1041.DE.eurorings.net (134.222.229.78)
5   8.30 ms   blnb-s3-rou-1041.DE.eurorings.net (134.222.229.82)
6   9.42 ms   as6939.bcix.de (193.178.185.34)
7   24.56 ms  10ge10-6.core1.ams1.he.net (184.105.213.229)
8   30.60 ms  100ge9-1.core1.lon2.he.net (72.52.92.213)
9   93.54 ms  100ge1-1.core1.nyc4.he.net (72.52.92.166)
10  181.14 ms 10ge9-6.core1.sjc2.he.net (184.105.213.173)
11  169.54 ms 10ge3-2.core3.fmt2.he.net (184.105.222.13)
12  164.58 ms router4-fmt.linode.com (64.71.132.138)
13  164.32 ms scanme.nmap.org (74.207.244.221)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.98 seconds

See also

References

  1. Lyon, Gordon (2016-10-21). "Nmap 7.31 stability-focused point release". Seclists.org. Retrieved 2016-11-26.
  2. "Matrix mixes life and hacking". BBC News. 2003-05-19. Retrieved 2009-01-14.
  3. 1 2 Nmap Scripting Engine. Nmap.org. Retrieved on 2013-02-01.
  4. The History and Future of Nmap. Nmap.org. Retrieved on 2013-02-01.
  5. Other Platforms. Nmap.org. Retrieved on 2013-02-01.
  6. "Nmap Installation for Windows". nmap.org. Retrieved 2008-05-14.
  7. 1 2 Service and Application Version Detection
  8. "Chapter 15. Nmap Reference Guide". Nmap.org. 2011-03-25. Retrieved 2011-04-23.
  9. Nmap Overview and Demonstration.
  10. When Good Scanners Go Bad, From , ComputerWorld 22 March 1999
  11. nmap-audit – Network auditing with Nmap. heavyk.org
  12. Nping - Network packet generation tool / ping utility.
  13. Leyden, John. "Revealed ... GCHQ's incredible hacking tool to sweep net for vulnerabilities: Nmap". theregister.co.uk. The Register. Retrieved 14 December 2014.
  14. 1 2 3 4 5 "Nmap Change Log". Nmap.org. Retrieved 2011-09-17.
  15. archive copy on Archive.org
  16. nmap-web: quick-n-dirty web interface to Nmap. Komar.org. Retrieved on 2011-09-17.
  17. nmap-cgi homepage. Nmap-cgi.tuxfamily.org. Retrieved on 2011-09-17.
  18. NMapWin v1.2.3. Nmapwin.sourceforge.net. Retrieved on 2011-09-17.
  19. Syhunt Technology: Web Application Security and Testing Tools. Syhunt.com (2010-10-23). Retrieved on 2011-09-17.
  20. Output. Nmap.org. Retrieved on 2011-12-10.
  21. Nmap Introduction – Phrack 51, Article 11. Phrack.org. Retrieved on 2011-09-17.
  22. SCTP Support for Nmap. Roe.ch (2007-01-26). Retrieved on 2011-09-17.
  23. 1 2 "The History and Future of Nmap". Nmap.org.
  24. "Nmap Hackers—Nmap 3.70 Released—Core Scan Engine Rewrite!". Seclists.org. Retrieved 2011-09-17.
  25. "Google sponsors Nmap summer student developers". Seclists.org. Retrieved 2011-09-17.
  26. "Nmap 4.50 Press Release". Insecure.org. Retrieved 2011-09-17.
  27. "Nmap Development—Nmap 4.85BETA5—Now with Conficker detection!". Seclists.org. Retrieved 2011-09-17.
  28. "Nmap 5.00 Release Notes". Nmap.org. Retrieved 2011-09-17.
  29. "Nmap 5.50—Now with Gopher protocol support!". Seclists.org. Retrieved 2011-09-17.
  30. https://nmap.org/7/
  31. "Hacking tool reportedly draws FBI subpoenas". Securityfocus.com. 2004-11-24. Retrieved 2011-09-17.
  32. "120 – How to conduct a security audit" (PDF). Tech Support Alert. Retrieved 2011-09-17.
  33. "NSE scripts with brief summaries". nmap.org. Retrieved 2014-01-12.
  34. "First ruling by the Supreme Court of Finland on attempted break-in". Osborne Clarke. 2003. Retrieved 2010-02-21.
  35. 1 2 3 "nmap in the movies".
  36. Kevin Poulsen (2003-05-16). "Matrix Sequel Has Hacker Cred". The Register.
  37. "Validation of Sensor Alert Correlators" (PDF).
  38. "A Data Mining Based Analysis of Nmap Operating System Fingerprint Database".

Bibliography

This article is issued from Wikipedia - version of the 12/4/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.