Nmap 101

Presented at AppSec USA 2014, Sept. 18, 2014, 10:30 a.m. (45 minutes)

This introductory guide is designed to introduce developers, testers, or anyone interested in learning the basics of network discovery and enumeration using the classic open-source network scanner - nmap. nmap has been a mainstay for security testers and system administrators for years, generally for enumerating live hosts and discovering open ports and services.  The benefits of the scanner extend beyond security professionals and may be useful in other areas, such as the software testing and development fields. The lab will cover the following topics. Downloading and Installing Basic Usage Discovery Enumeration Other Useful Options OS/Version detection Avoiding Firewalls/IPS NSE Scripts Target Audience The goal of this lab is to introduce the tool and demonstrate the basics of scanning and highlight some of the newer features to IT professionals with little experience with port scanning or who may not have considered having nmap as a standard tool in their toolkit. This lab will target IT professionals with the following roles: Software Developers Software Testers Security Professionals System Administrators Throughout the lab, the instructor will draw upon real-world or "field" experience as a penetration tester to cite examples where nmap was a key tool in discovering flaws in web applications, mis-configured servers, and rouge hosts.  These security flaws and weaknesses were leveraged and exploited to gain authorized access.  Furthermore, the instructor will explain how simple scanning may have been used to identify these flaws before being reported as high risk findings in an audit report. Objectives The objectives of the lab will be: To demonstrate downloading source code and installing nmap. To show basic techniques using nmap to perform: live host discovery, service enumeration, OS detection, service version detection, and stealth scanning (avoid IPS detection) To demonstrate some of the Nmap Scripting Engine (NSE) scripts that automate a wide variety of networking tasks. Demonstrate Zenmap, the GUI interface for nmap.  Briefly show examples of scanning using the GUI version of nmap on Windows. Hands-on Lab Requirements Ability to connect to a wireless network Must have a version of nmap (6.x preferred) Basic experience with Linux or Unix-based platforms and command-line interfaces General familiarity with basic TCP/IP concepts such as ports, TCP, UDP, and simple network protocols such as Telnet, FTP, DNS, SNMP, etc. It is assumed the attendees do not have extensive experience with nmap, as this is an introductory lab.

Presenters:

• Jon Pettyjohn - Security Engineer - Aerstone
  Jon Pettyjohn is a Cybersecurity engineer at Aerstone and member of their security testing and mitigation team. Jon has a great deal of experience in IT security supporting Federal, DoD, and commercial customers. His areas of expertise include network and web application testing, SA&A, and PCI. Accomplishments include perfecting his homemade hot sauce and managing to finish a marathon a year.

Links:

• https://owaspappsecusa2014.sched.com/event/1nGopED/nmap-101

Similar Presentations:

• DEF CON 13 (2005) / Hacking Nmap
• Black Hat USA 2010 / Mastering the Nmap Scripting Engine
• DEF CON 18 (2010) / Mastering the Nmap Scripting Engine