Difference between revisions of "Nmap"
Jump to navigation
Jump to search
(18 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
== Installing the latest NMAP (form SOURCE as of 2023/10/21) == | == Installing the latest NMAP (form SOURCE as of 2023/10/21) == | ||
The following sequence of commands is based on fresh installs of LMDE 5, LMDE 6, Mint 21.2, Debian 12.2 & 11.6 and Ubuntu 22.04 & 23.04. | |||
Also works for Ubuntu 20.04.6 (Dell edition). | |||
* <code>apt update</code> | * <code>apt update</code> | ||
* <code>apt upgrade</code> | * <code>apt upgrade</code> | ||
* <code>apt install autoconf libssl-dev</code> | * <code>apt install make g++ autoconf libssl-dev libssh2-1-dev libc6-dev</code> | ||
** These dependancies are not all needed in all cases, but better safe than sory. | |||
* <span style="color: rgb(132, 63, 161);">'''apt install python3.11 python3.11-venv'''</span> | |||
** thanks to [https://github.com/nmap/nmap/issues/2649 this little issue] | |||
** For LMDE 5 or Debian 11 tho... | |||
** <span style="color: #843fa1;">'''apt install python3.9 python3.9-venv'''</span> | |||
* <code>mkdir src</code> | * <code>mkdir src</code> | ||
* <code>cd src</code> | * <code>cd src</code> | ||
Line 14: | Line 18: | ||
* <code>tar xvzf nmap-7.94.tgz</code> | * <code>tar xvzf nmap-7.94.tgz</code> | ||
* <code>cd nmap-7.94</code> | * <code>cd nmap-7.94</code> | ||
* <code>./configure | * <code>./configure</code> | ||
* <code>make</code> | * <code>make</code> | ||
* <code>sudo su</code> | * <code>sudo su</code> | ||
* <code>make install</code> | * <code>make install</code> | ||
== Some useful nmap scans == | == Some useful nmap scans == |
Latest revision as of 00:51, 23 October 2023
Installing the latest NMAP (form SOURCE as of 2023/10/21)
The following sequence of commands is based on fresh installs of LMDE 5, LMDE 6, Mint 21.2, Debian 12.2 & 11.6 and Ubuntu 22.04 & 23.04.
Also works for Ubuntu 20.04.6 (Dell edition).
apt update
apt upgrade
apt install make g++ autoconf libssl-dev libssh2-1-dev libc6-dev
- These dependancies are not all needed in all cases, but better safe than sory.
- apt install python3.11 python3.11-venv
- thanks to this little issue
- For LMDE 5 or Debian 11 tho...
- apt install python3.9 python3.9-venv
mkdir src
cd src
wget -4 https://nmap.org/dist/nmap-7.94.tgz
tar xvzf nmap-7.94.tgz
cd nmap-7.94
./configure
make
sudo su
make install
Some useful nmap scans
Using nmap to inventory a network
The following command with nmap with root privilegies (or using sudo):
sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> 192.168.0.1 28:C6:8E:F9:B8:BF ---> 192.168.0.2 28:C6:8E:29:9D:30 ---> 192.168.0.3 ...
(Good luck typing that in by hand...)
Want DNS?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> wap1.tinkernow.net ...
or both name & address?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> (192.168.0.1) zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> (192.168.0.2) switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> (192.168.0.3) wap1.tinkernow.net ...
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.
A rather more elaborate scan
I've built a script that does a thorough scan & catches things missed by the above scan(s).
But it's rather slow...
#!/bin/bash
sudo -v # Get the password demand for sudo over with before clearing the screen
clear
echo Scanning 192.168.0.0/23
for j in {0..1} # My network is a /23 so I need to cycle through 2 octets
do
for i in {0..255}
do
if (( $(expr $j + $i)!=0 )) # Don't bother pinging the broadcast address
then
### Display Categories
if [ $j -eq 0 ]
then
case $i in
1) echo Infrastructure ;;
10) echo Servers ;;
50) echo Mobile ;;
60) echo Sand Boxes ;;
70) echo Desktops ;;
100) echo Systems Being Developed ;;
200) echo Udder Stuph ;;
*) ;;
esac
fi
if [ $j -eq 1 ]
then
case $i in
0) echo IoT - Servers ;;
10) echo IoT - In Production ;;
40) echo IoT - Voice Assistants ;;
50) echo IoT - Entertainment ;;
60) echo IoT - Cameras ;;
80) echo IoT - Lab Control ;;
100) echo IoT - In Development ;;
200) echo Roaming Devices ;;
*) ;;
esac
fi
### Check Device
if ping -c 1 192.168.$j.$i > /dev/null
then
currentIP=192.168.$j.$i
nmapREPORT=`sudo nmap -sP 192.168.$j.$i`
nmNAME=`echo $nmapREPORT | awk '{printf $15;}'`
nmIP=`echo $nmapREPORT | awk '{printf $16;}' | sed 's/[()]//g'`
nmMAC=`echo $nmapREPORT | awk '{printf $24;}'`
nmMAKER=`echo $nmapREPORT | awk '{printf $25;}'`
if [ ${#nmMAC} -ne "17" ]
then
IPaddress=$currentIP
MACaddress="__:__:__:__:__:__"
MAKER="(________)"
NAME=`host 192.168.$j.$i | awk '{printf $5;}'`
else
IPaddress=$nmIP
MACaddress=$nmMAC
if [ ${#nmMAKER} -lt "6" ]
then
MAKER="$nmMAKER "
else
MAKER=$nmMAKER
fi
NAME=$nmNAME
fi
echo -e "$IPaddress\t$MACaddress $MAKER\t$NAME"
fi
###
fi
done
done