#NMAP:

- LUA Programming

Probe: probe means Sending packets

-----------------------------------------------------------------------------------
---------------

1)How scan works

2)Scan Status
3)#Basics-- Prerequisite
4)# Target
5)#Port

1)Scan types
2)Scan option
3)Detection of version
4)Runnig speed
5)Ping option
6)Scripting
7)input option
8)Misleneous
9)Output option
10)OS detection

#Phases of NMAP
1)Enemuration
2)Host Discovery
3)Port Scanning
4)Version Detection
5)OS Detection
6)Script Scanning
8)Output

#Host Discovery
1)ROOT
2)LOCAL

#How scanning works

1)PORT OPEN -- syn, syn+Ack, Ack (3 Way Handshake)

Lets assume there are two host HOST A & HOST B
Host A send packet to HOST B (Syn)
Host B accpet and sent packet to HOST A (Syn+Ack)
Host A will again send again Ack (Ack)
Three Way Handshake

2)Port Closed - Syn, (RST+ACK)

Host A send packet to Host B
Host will will give ACK but also give RST means reset becuse Host B ports are
closed
so when ports are closed its not possible to listen on that port
so there will be no connectvity

#Scan Status
1)Open
2)Closed
3)Filtered ---means firewall filtering the traffic
4)Open | Filtered -- Host will send Null Packet to Hsot B and bypss firewall and
when HOST B gives result to HOST A at that time firewall will block tht
5)Closed | Filtered -- it will not give any information means ports are open or
closed - nothing
6)Unfiltered -- No response from the host while synscing

#Basics
Prerequisite
1)IP- IP to scan the host
2)Port- Which port want to scan- ftp,ssh,rdp etc..
3)Scan type
4)Scan timing
5)Output types

------------------------------------------------------------------------------
------------------------------------------------------------

cmd - host discovery (-sn)

cmd - to disable host discovery scanning (-pn)
-----------------------------------------------------------------------------------
------------------------------------------

# Target
1)Single Ip address
2)Subnet range -- in subnet range nmap will do host discovery means i
will find other devices also which are connected in a network
3)IP address range -- means we will provide ip add range to nmap for
scanning means scan 192.168.0.10-192.168.0.20 thats all
4)Specific IP address --- we will provide multiple ip address to namp for
scanning
5).txt files cmd (-il)
6)domain a.com

-----------------------------------------------------------------------------------
------------------------------------------------------

Mostly NMAP Scan 1000 ports btdefault

-----------------------------------------------------------------------------------
---------------------------------------------------------

#Port
1)Singlr port -- nmap 192.168.0.10 -p 80
2)Sequential port -- nmap 192.168.0.10 -p 10-30 (means it will scan for
port 10,11,12,13,14,15-------29,30)
3)Distributed port --- nmap 192.168.0.1 -p 80,22,3389
4)Service speific --- nmap 192.168.0.10 -p http (means it will only scan
for specific service http port 80)
5)Protocol specif -- nmap 192.168.0.10 -p T:22, U:53 (T means TCP and u
measn UDP)
6)All Ports -- nmap 192.168.0.10 -p- (means it will scan
for all ports 65535)
7)All top ports --- nmap 192.168.0.10 --top-ports (means it will
scan all top ports)

-----------------------------------------------------------------------------------
----------------------------------------------------------------
# Scan Timings
1) T0 - Paranoid (Very very slow scanning)
2) T1 - Sneaky (very Slow)
3) T2 - Polite (Medium speed scanning)
4) T3 -Normal (Normal Speed Scanning)
5) T4 -Aggressive (Very fast scanning)
6) T5 -Insane (Very very fast scanning)

-----------------------------------------------------------------------------------
---------------------------------------------------------------

#Output types
.txt
.xml
-----------------------------------------------------------------------------------
---------------------------------------------------

# NMPA Script Engine (NSE)

-----------------------------------------------------------------------------------
----------------------------------------------------------------

#MISC
miscelinious

Service detection -- cmd nmap -sv 192.168.0.10

OS Detection -- cmd nmap -o 192.168.0.10

Verbocity -- cmd nmap -v 192.168.0.10