Nmap: Network Exploration and Security Auditing Cookbook - Second Edition
- 416 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Nmap: Network Exploration and Security Auditing Cookbook - Second Edition
About This Book
Over 100 practical recipes related to network and application security auditing using the powerful NmapAbout This Book⢠Learn through practical recipes how to use Nmap for a wide range of tasks for system administrators and penetration testers.⢠Learn the latest and most useful features of Nmap and the Nmap Scripting Engine.⢠Learn to audit the security of networks, web applications, databases, mail servers, Microsoft Windows servers/workstations and even ICS systems. ⢠Learn to develop your own modules for the Nmap Scripting Engine.⢠Become familiar with Lua programming.⢠100% practical tasks, relevant and explained step-by-step with exact commands and optional arguments descriptionWho This Book Is ForThe book is for anyone who wants to master Nmap and its scripting engine to perform real life security auditing checks for system administrators and penetration testers. This book is also recommended to anyone looking to learn about network security auditing. Finally, novice Nmap users will also learn a lot from this book as it covers several advanced internal aspects of Nmap and related tools.What You Will Learn⢠Learn about Nmap and related tools, such as Ncat, Ncrack, Ndiff, Zenmap and the Nmap Scripting Engine⢠Master basic and advanced techniques to perform port scanning and host discovery⢠Detect insecure configurations and vulnerabilities in web servers, databases, and mail servers⢠Learn how to detect insecure Microsoft Windows workstations and scan networks using the Active Directory technology⢠Learn how to safely identify and scan critical ICS/SCADA systems⢠Learn how to optimize the performance and behavior of your scans⢠Learn about advanced reporting⢠Learn the fundamentals of Lua programming⢠Become familiar with the development libraries shipped with the NSE⢠Write your own Nmap Scripting Engine scriptsIn DetailThis is the second edition of 'Nmap 6: Network Exploration and Security Auditing Cookbook'. A book aimed for anyone who wants to master Nmap and its scripting engine through practical tasks for system administrators and penetration testers. Besides introducing the most powerful features of Nmap and related tools, common security auditing tasks for local and remote networks, web applications, databases, mail servers, Microsoft Windows machines and even ICS SCADA systems are explained step by step with exact commands and argument explanations. The book starts with the basic usage of Nmap and related tools like Ncat, Ncrack, Ndiff and Zenmap. The Nmap Scripting Engine is thoroughly covered through security checks used commonly in real-life scenarios applied for different types of systems. New chapters for Microsoft Windows and ICS SCADA systems were added and every recipe was revised. This edition reflects the latest updates and hottest additions to the Nmap project to date. The book will also introduce you to Lua programming and NSE script development allowing you to extend further the power of Nmap.Style and approachThis book consists of practical recipes on network exploration and security auditing techniques, enabling you to get hands-on experience through real life scenarios.
Frequently asked questions
Information
Nmap Fundamentals
- Building Nmap's source code
- Finding live hosts in your network
- Listing open ports on a target host
- Fingerprinting OS and services running on a target host
- Using NSE scripts against a target host
- Reading targets from a file
- Scanning an IP address ranges
- Scanning random targets on the Internet
- Collecting signatures of web servers
- Monitoring servers remotely with Nmap and Ndiff
- Crafting ICMP echo replies with Nping
- Managing multiple scanning profiles with Zenmap
- Running Lua scripts against a network connection with Ncat
- Discovering systems with weak passwords with Ncrack
- Launching Nmap scans remotely from a web browser using Rainmap Lite
Introduction
Building Nmap's source code
Getting ready
$ svn
#apt-get install libssl-dev autoconf make g++
How to do it...
- First, we need to grab a copy of the source code from the official repositories. To download the latest version of the development branch, we use the checkout (or co) command:
$svn co --username guest https://svn.nmap.org/nmap
- Now you should see the list of downloaded files and the message Checked out revision <Revision number>. A new directory containing the source code is now available in your working directory. After ...
Table of contents
- Title Page
- Copyright
- Credits
- About the Author
- Acknowledgments
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Preface
- Nmap Fundamentals
- Network Exploration
- Reconnaissance Tasks
- Scanning Web Servers
- Scanning Databases
- Scanning Mail Servers
- Scanning Windows Systems
- Scanning ICS SCADA Systems
- Optimizing Scans
- Generating Scan Reports
- Writing Your Own NSE Scripts
- HTTP, HTTP Pipelining, and Web Crawling Configuration Options
- Brute Force Password Auditing Options
- NSE Debugging
- Additional Output Options
- Introduction to Lua
- References and Additional Reading