Example of Nmap scan
Let us use a result of a Nmap scan to understand and interpret that result. The following command was used and its output is saved in a file named nmap_res.txt.
nmap -T4 -A scanme.nmap.org > nmap_res.txt
The output of this command should be something like this
Now, let us go one by one through different parts of the result and understand them.
Here, Nmap tells us that the domain passed as an argument is up and running and returns its IPv4 and IPv6 addresses. Then, it comes down to PORTs, arguably the most helpful feature of Nmap. It shows upfront that port 22, which is a TCP port is open. It has SSH running and it also gives back the version of OpenSSH used. Now, one could use this data to find various exploits related to this particular version or one could use the SSH keys given back to exploit the given network. Let’s move to the next part.
Now, we get more port information such as ports 139, 445, and 514 are filtered. However, ports 80, 9929, and 31337 are open. Now, here port 80 is an HTTP port, which could be exploited as we also get the version of the server it is running on ‘Apache httpd 2.4.7 (Ubuntu)’. One can use any exploit for this version.
Here, Nmap gives us guesses of the possible OS running on the backend machine. It gives the probability for the different OS as the target has filtered it from the enumeration.
Footprinting with Nmap in Kali Linux
Footprinting is the technique of gathering information about a targeted network or computer system such as the version of OS the target is using, the kernel version (for Linux-based targets), the version of web hosting software (for server targets), etc. Footprinting could be both active and passive. Active Footprinting involves direct interaction with the target such as performing Nmap scans, etc. On the contrary, passive footprinting usually does not allows the target to be conscious of the enumeration. There are various tools out there to perform footprinting on various types of networks/systems. Nessus, Weblister, Harvester, Nmap, etc. are some of such tools. However, this article specifically focuses on Nmap.
Contact Us