Difference between revisions of "Nmap"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
(Created page with "*[https://nmap.org/book/man.html Nmap Reference Guide] == Some useful nmap scans == === Using nmap to inventory a network === The following command with ''nmap'' with ''root'' privilegies (or using ''sudo''): *<code>sudo nmap -n -sP 192.168.0.0/24 {{!}} awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' {{!}} awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'</code> results in: 00:10:18:5D:B0:10 ---> 192.168.0...")
 
 
(34 intermediate revisions by 2 users not shown)
Line 1: Line 1:
*[https://nmap.org/book/man.html Nmap Reference Guide]
*[https://nmap.org/book/man.html Nmap Reference Guide]
== Installing the latest NMAP (form SOURCE as of 2023/10/21) ==
The following sequence of commands is based on fresh installs of LMDE 5, LMDE 6, Mint 21.2, Debian 12.2 & 11.6 and Ubuntu 22.04 & 23.04.
Also works for Ubuntu 20.04.6 (Dell edition).
* <code>apt update</code>
* <code>apt upgrade</code>
* <code>apt install make g++ autoconf libssl-dev libssh2-1-dev libc6-dev</code>
** These dependancies are not all needed in all cases, but better safe than sory.
* <span style="color: rgb(132, 63, 161);">'''apt install python3.11 python3.11-venv'''</span>
** thanks to [https://github.com/nmap/nmap/issues/2649 this little issue]
** For LMDE 5 or Debian 11 tho...
**  <span style="color: #843fa1;">'''apt install python3.9 python3.9-venv'''</span>
* <code>mkdir src</code>
* <code>cd src</code>
* <code>wget -4 <nowiki>https://nmap.org/dist/nmap-7.94.tgz</nowiki></code>
* <code>tar xvzf nmap-7.94.tgz</code>
* <code>cd nmap-7.94</code>
* <code>./configure</code>
* <code>make</code>
* <code>sudo su</code>
* <code>make install</code>


== Some useful nmap scans ==
== Some useful nmap scans ==
Line 34: Line 56:
  ...
  ...
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.
=== A rather more elaborate scan ===
I've built a script that does a thorough scan & catches things missed by the above scan(s).
But it's rather slow...
<syntaxhighlight lang="bash" line>
#!/bin/bash
sudo -v                                  # Get the password demand for sudo over with before clearing the screen
clear
echo Scanning 192.168.0.0/23
for j in {0..1}                          # My network is a /23 so I need to cycle through 2 octets
  do
  for i in {0..255}
    do
    if (( $(expr $j + $i)!=0 ))            # Don't bother pinging the broadcast address
      then
### Display Categories
        if [ $j -eq 0 ]
          then
            case $i in
                1) echo Infrastructure ;;
              10) echo Servers ;;
              50) echo Mobile ;;
              60) echo Sand Boxes ;;
              70) echo Desktops ;;
              100) echo Systems Being Developed ;;
              200) echo Udder Stuph ;;
                *) ;;
            esac
      fi
      if [ $j -eq 1 ]
        then
          case $i in
              0) echo IoT - Servers ;;
            10) echo IoT - In Production ;;
            40) echo IoT - Voice Assistants ;;
            50) echo IoT - Entertainment ;;
            60) echo IoT - Cameras ;;
            80) echo IoT - Lab Control ;;
            100) echo IoT - In Development ;;
            200) echo Roaming Devices ;;
          *) ;;
        esac
      fi
### Check Device
                if ping -c 1 192.168.$j.$i  > /dev/null
                then
                        currentIP=192.168.$j.$i
                        nmapREPORT=`sudo nmap -sP 192.168.$j.$i`
                        nmNAME=`echo $nmapREPORT | awk '{printf $15;}'`
                        nmIP=`echo $nmapREPORT | awk '{printf $16;}' | sed 's/[()]//g'`
                        nmMAC=`echo $nmapREPORT | awk '{printf $24;}'`
                        nmMAKER=`echo  $nmapREPORT | awk '{printf $25;}'`
                        if [ ${#nmMAC} -ne "17" ]
                        then
                                IPaddress=$currentIP
                                MACaddress="__:__:__:__:__:__"
                                MAKER="(________)"
                                NAME=`host 192.168.$j.$i | awk '{printf $5;}'`
                        else
                                IPaddress=$nmIP
                                MACaddress=$nmMAC
                                if [ ${#nmMAKER} -lt "6" ]
                                then
                                        MAKER="$nmMAKER      "
                                else
                                        MAKER=$nmMAKER
                                fi
                                NAME=$nmNAME
                        fi
                echo -e "$IPaddress\t$MACaddress  $MAKER\t$NAME"
                fi
###
    fi
    done
  done
</syntaxhighlight>
[[Category:Network Management]]

Latest revision as of 00:51, 23 October 2023

Installing the latest NMAP (form SOURCE as of 2023/10/21)

The following sequence of commands is based on fresh installs of LMDE 5, LMDE 6, Mint 21.2, Debian 12.2 & 11.6 and Ubuntu 22.04 & 23.04.

Also works for Ubuntu 20.04.6 (Dell edition).

  • apt update
  • apt upgrade
  • apt install make g++ autoconf libssl-dev libssh2-1-dev libc6-dev
    • These dependancies are not all needed in all cases, but better safe than sory.
  • apt install python3.11 python3.11-venv
    • thanks to this little issue
    • For LMDE 5 or Debian 11 tho...
    • apt install python3.9 python3.9-venv
  • mkdir src
  • cd src
  • wget -4 https://nmap.org/dist/nmap-7.94.tgz
  • tar xvzf nmap-7.94.tgz
  • cd nmap-7.94
  • ./configure
  • make
  • sudo su
  • make install

Some useful nmap scans

Using nmap to inventory a network

The following command with nmap with root privilegies (or using sudo):

  • sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'

results in: 

00:10:18:5D:B0:10 ---> 192.168.0.1
28:C6:8E:F9:B8:BF ---> 192.168.0.2
28:C6:8E:29:9D:30 ---> 192.168.0.3
...

(Good luck typing that in by hand...)

Want DNS?:

  • sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'

results in: 

00:10:18:5D:B0:10 ---> zathras.tinkernow.net
28:C6:8E:F9:B8:BF ---> switcha.tinkernow.net
28:C6:8E:29:9D:30 ---> wap1.tinkernow.net
...

or both name & address?:

  • sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'

results in: 

00:10:18:5D:B0:10 ---> (192.168.0.1)	zathras.tinkernow.net
28:C6:8E:F9:B8:BF ---> (192.168.0.2)	switcha.tinkernow.net
28:C6:8E:29:9D:30 ---> (192.168.0.3)	wap1.tinkernow.net
...

But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.

A rather more elaborate scan

I've built a script that does a thorough scan & catches things missed by the above scan(s).

But it's rather slow... 

#!/bin/bash
sudo -v                                   # Get the password demand for sudo over with before clearing the screen
clear
echo Scanning 192.168.0.0/23

for j in {0..1}                           # My network is a /23 so I need to cycle through 2 octets
  do
  for i in {0..255}
    do
    if (( $(expr $j + $i)!=0 ))            # Don't bother pinging the broadcast address
      then
### Display Categories
        if [ $j -eq 0 ]
          then
            case $i in
                1) echo Infrastructure ;;
               10) echo Servers ;;
               50) echo Mobile ;;
               60) echo Sand Boxes ;;
               70) echo Desktops ;;
              100) echo Systems Being Developed ;;
              200) echo Udder Stuph ;;
                *) ;;
            esac
      fi
      if [ $j -eq 1 ]
        then
          case $i in
              0) echo IoT - Servers ;;
             10) echo IoT - In Production ;;
             40) echo IoT - Voice Assistants ;;
             50) echo IoT - Entertainment ;;
             60) echo IoT - Cameras ;;
             80) echo IoT - Lab Control ;;
            100) echo IoT - In Development ;;
            200) echo Roaming Devices ;;
          *) ;;
        esac
      fi
### Check Device
                if ping -c 1 192.168.$j.$i  > /dev/null
                then
                        currentIP=192.168.$j.$i
                        nmapREPORT=`sudo nmap -sP 192.168.$j.$i`

                        nmNAME=`echo $nmapREPORT | awk '{printf $15;}'`
                        nmIP=`echo $nmapREPORT | awk '{printf $16;}' | sed 's/[()]//g'`
                        nmMAC=`echo $nmapREPORT | awk '{printf $24;}'`
                        nmMAKER=`echo  $nmapREPORT | awk '{printf $25;}'`

                        if [ ${#nmMAC} -ne "17" ]
                        then
                                IPaddress=$currentIP
                                MACaddress="__:__:__:__:__:__"
                                MAKER="(________)"
                                NAME=`host 192.168.$j.$i | awk '{printf $5;}'`
                        else
                                IPaddress=$nmIP
                                MACaddress=$nmMAC
                                if [ ${#nmMAKER} -lt "6" ]
                                then
                                        MAKER="$nmMAKER       "
                                else
                                        MAKER=$nmMAKER
                                fi
                                NAME=$nmNAME
                        fi

                echo -e "$IPaddress\t$MACaddress  $MAKER\t$NAME"

                fi
###
    fi

    done
  done
Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=Nmap&oldid=1836