Nmap Does Much More Than Network DiscoveryNmap Does Much More Than Network Discovery
Nmap is among a network penetration tester's best friends, sitting high on a pedestal with the Metasploit Framework. I've been using the tool my entire career for network mapping and host discovery, typically on a weekly basis.
April 12, 2010
Nmap is among a network penetration tester's best friends, sitting high on a pedestal with the Metasploit Framework. I've been using the tool my entire career for network mapping and host discovery, typically on a weekly basis.Released on Sept. 1, 1997, Nmap has seen major updates and enhancements during the past decade that has turned it into more than just a network scanning tool. Nmap has become, essentially, a security suite that includes vulnerability detection, packet crafting, password cracking, and netcat functionality. The latest release as of about two weeks ago, 5.30BETA1, includes a slew of new NSE and library updates, an increased password list based on leaked password databases, a new DNS discovery script that leverages DNS-SD (a.k.a. Bonjour, Rendezvous, and Zeroconf), and Nping for packet crafting.
Wondering what some of those things are? The NSE scripts are scripts that enable Nmap to do more than just determine whether a host is up and which ports are listening. The Nmap Scripting Engine extends Nmap's scanning capabilities to include vulnerability detection (even exploitation like the new afp-path-vuln script), detailed service querying to learn as much about a host as possible, password attacks, and even remote process execution similar to the psexec tool my Microsoft Sysinternals.
While NSE is an enhancement to Nmap itself, there have been additional tools released during the years as part of the Nmap package. The latest is Nping; according to its documentation, it "is an open source tool for network packet generation, response analysis and response time measurement." Just like the well-known Hping tool, Nping allows you to arbitrarily craft packets in order to perform things like host discovery and IDS/IPS/firewall evasion.
Other additions to the Nmap package have included Ncat and Ncrack. Ncat is a "much-improved reimplementation of the venerable Netcat," which is most often referred to as the TCP/IP Swiss Army knife. Using Ncat, you can redirect TCP and UDP ports, proxy connections via SOCKS4 and HTTP, copy files, and interact with network services. It is an amazingly flexible tool that even comes in handy during forensics and incident response for copy files and imaging entire hard drives over the network.
The Nmap-related tool I want to mention is Ncrack. It is a brute-force password-guessing tool like Medusa that I wrote about recently. It isn't as full-featured as Medusa and is considered alpha quality code, but it definitely shows promise already considering it's part of the Nmap project and supports services like FTP, SSH, Telnet, SMTP, HTTP, and HTTPS (although the depth of support for each protocol isn't great as Medusa).
If you always thought Nmap was just a network scanner for finding which hosts are on a network and which services are listening on those hosts, then think again. Each new release brings a host of great, new features. It might be time to rethink some of your tools and how Nmap can fit better into your security processes.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
5 Reasons To Move your PKI Deployment to the Cloud