Nmap is a powerful tool for network scanning. Whether it is good or bad is a different question and that is upto the users' motives to use it. It has a lot of options. Here are some of those options together to get a reasonable amount of information about an ip or network without bothering the owner by telling her about your existence :). Not sure though how efficient it would be considering the latest IDS/IPSes. But that's all I could get out of the options provided by NMAP. The command and its explanation are as follows:
sudo nmap -n -sS -f -A -T1 -S fake_ip -e interface_to_use -D fake_ip1, fake_ip2, fake_ip3 -vvv ip_to_scan -P0
Sudo: You have to have root permission to run it.
-n: Do not resolve host. Show the ips.
-sS: Stealth SYN scan. SUpposed to be less noisy.
-f: fragment the packets before sending to the ip_to_scan. Reduces the chance to get detected. New IDS/IPS can get it still (as per the information I got).
-A : Do OS and version detection, script scanning, and traceroute.
-T1 : Range is T0 (slowest) to T5 (fastest) -speed of execution. Slower packet sending increases your anonymity.
-S fake_ip: Use fake_ip as the source of the packets.
-e interface_to_use: Since source address is spoofed in precious option, you have to give the network interface details to send/receive packets.
D fake_ip1..ME : Decoy option - Use all these fake_ips mentioned and ME, i.e. my ip to create packets to send. More invisibility.
-vvv: very very verbose mode. Explains the output more elaborately.
ip_to_scan: IP/Network to scan.
-P0: Do not ping , do only scan. Saves time and finds more machines.
Subscribe to:
Post Comments (Atom)
Sombody did a better job : http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=10640&mode=thread&order=0&thold=0
ReplyDeleteAbout scanning and related tools in general http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=10637&mode=thread&order=0&thold=0
ReplyDelete