Wednesday, February 01, 2006

Nmap 4.0 released. Review here.


Nmap, one of the most popular, and best (my opinion) Network Mappers has reached version 4 today. Nmap is a free Network Mapper and has a range of nice pen-test features. Both as a traditional command line tool $ nmap -v -A target_host, and with a GUI (Graphical User Interface). I came in contact with nmap back in 1999, version 2.x something, and it's has been my companion ever since.


Nmap is perfect if you want to make certain what ports you are exposing, and what
services that are running. I always use nmap to make a last check before I plug a new
machine online. This is good common practice, even if you are only going online with your home office machine.


Installation example from a Linux box.
[user@mimir INCOMING]$ tar -zxvf nmap-4.00.tgz


(Extract the compressed tarball, the *.tgz is
gzip and tar:ed, so you will need the Z before gz, or gunzip the tarball first and the use # tar -xvf
to extract all the files.


Next step is to cd (change directory ) into the source dir of nmap.
[user@mimir INCOMING]$ cd nmap-4.00


[user@mimir INCOMING]$ ./configure
(Run the configure script, using the default options first)
You will see a great deal of output echo:ed to your terminal.



If all goes well, you should be ready to compile nmap.
checking for pkg-config... /usr/bin/pkg-config
checking for GTK+ - version >= 2.0.0... yes (version 2.4.13)
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
configure: creating ./config.status
config.status: creating Makefile



[user@mimir INCOMING]$ make
(make command to compile the source into executable binaries)
This can take some time, depending on your computers resources, but on 1 GHz with 512 RAM, about 3-4 minutes top.



If you want nmap to be installed in /usr/local/bin you will need root privileges.
If that is the case (congrats) you just type # make install as user root. ( su - command to switch to user root)


Here is sample output from an nmap scan of localhost (127.0.0.1) the loopback interface.



[user@mimir INCOMING]$ ./nmap -v -sT localhost

Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-02-01 20:44 CET
Machine 127.0.0.1 MIGHT actually be listening on probe port 80
DNS resolution of 0 IPs took 0.00s. Mode: Async [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 0, CN: 0]
Initiating Connect() Scan against localhost.localdomain (127.0.0.1) [1672 ports] at 20:44
Discovered open port 443/tcp on 127.0.0.1
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1



The Connect() Scan took 0.46s to scan 1672 total ports.
Host localhost.localdomain (127.0.0.1) appears to be up ... good.
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1667 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
3306/tcp open mysql



Nmap finished: 1 IP address (1 host up) scanned in 0.949 seconds



Remember!, Nmap is a powerful tool, and should be used with care. I have seen hosts ( I will not mention what OS) that has taken a nose dive, after being scanned by nmap. (This is of course not the purpose of nmap, but it could happen). So don't go off scanning a production environment before
you know for sure what will happen on the scanned hosts.



Ok, may nmap force be with you!


One final note. If you have seen Matrix 2, reloaded, you have seen nmap in action. Trinity used it to target some host in the movie.



Nmap is free and open source and source code for *nix, Windows and MacOS is available.
Download Nmap here


Technorati Tags:
, , , , , , , ,


http://nordstrommarna.mine.nu/article.php/nmap_version_4_review

No comments: