Getting Started with Nmap - The Ultimate Hands-On Course
- Description
- Curriculum
- FAQ
- Reviews
Welcome to this Nmap Ultimate Hands-On Course!
Nmap is a swiss army knife. You cannot go far as a hacker without it.
It belongs in the toolbox of every Cybersecurity professional, network engineer, penetration tester, ethical hacker, or SOC analyst.
The problem is that there are so many OPTIONS and SWITCHES to remember! What do they do? When do I use them? How can I remember them?
If you have ever felt that way when getting started with Nmap, this is the course for you. In this class there are a grand total of two powerpoint slides. Why? Because slides are boring. Instead, we will walk through several hands-on labs that will help you build your Nmap skills as you run each scan along with me.
But there is more.
With each scan, we are going to capture it with Wireshark and learn how it really works. Instead of just waiting for an output and hoping to understand what to do with it, we will be looking at the scan and responses from a target at the packet level. This will help us know and remember what we are putting out on the wire and what to do with the results we receive from the test.
My name is Chris Greer and I am a Wireshark University instructor, as well as a packet analysis consultant for companies all over the globe. Like you, I started out with a deep interest in cybersecurity and ethical hacking. Looking at Nmap scans in Wireshark helped me to understand them, remember them, and utilize them to find vulnerabilities in networks and servers.
Ready to SCAN? Let’s get to it!
-
1
IntroductionWelcome Nmappers! Let's learn the basics about this tool that should be mastered by all Cybersecurity professionals and Network Engineers. This video shows how in this course, we will be analyzing how Nmap works using Wireshark, the worlds leading protocol analysis tool.
-
2
What is Nmap?
What is Nmap? When should we use it?
-
3
Who Should Use Nmap?
Who should have Nmap in their toolbox? Only Red Hats?
-
4
Lab Setup for this Course
Let's look at how to setup the lab environment for this course. We will try to make this as simple as possible!
-
5
Capturing Nmap Scans with Wireshark
We will be capturing these scans with Wireshark, let's make sure that it is installed and ready.
-
6
Lab - Installing Nmap and Wireshark
If you have Kali you already have these tools, but in case we are using something else, let's find out how to install or upgrade these tools.
-
7
Lab - Your First Nmap Scan!
Enough sitting and watching... let's run a scan! Get Nmap and Wireshark ready. We're going to get hands-on!
-
8
Caution! Legal Considerations
Scanning any open system on the internet or within our Enterprise can get us into trouble. Let's look at some legal considerations before we start running any tests.
-
9
Introduction to Nmap - QuizLet's review what we learned in this section of the course.
-
12
Nmap Help to the Rescue!
Nmap can be very confusing when we are first getting started. Let's learn to use the help menu which will remind us of the options and descriptions we will most commonly use.
-
13
How to Scan a Host, Subnet, or IP Range
-
14
Identifying Open Ports an Services on a Host
Now that we have found an active host or group of hosts, let's learn how to scan specific ports.
-
15
The Top Five Nmap Commands
Most of the time with nmap you will be using the same five scans. Let's learn what these are and how they work.
1. Ping Scan
2. --top-ports 20
3. -O - OS Fingerprinting
4. -A (Aggressive Scan - OS, Version, Trace)
5. -p 80 (Specify the port number)
-
16
Configuring Wireshark for Analyzing Nmap
In this video we will learn how to configure, save, and share Wireshark Profiles.
-
17
Lab - Ping and Top Ports Scans
-
18
Lab - OS Fingerprinting and Aggressive Scanning
OS Fingerprinting can help to identify the operating system on a device, which will help when trying to find vulnerabilities or to take inventory of what systems need to be updated.
-
19
Analyzing The Phases of an Nmap Scan
Scans in Nmap are designed to work in phases. Let's use Wireshark to understand how a scan develops.
-
20
Test Your Core Nmap Knowledge!
In this section of the training we learned the most common types of Nmap scans. Let's test our knowledge.
-
21
Mapping a Network with Nmap
Let's learn some tips and tricks when scanning for active devices on a local network as well as a remote one.
-
22
The "Ping" Scan - Local Network Discovery
The "Ping" scan will change depending on the network we are enumerating. If it is a local network, we will send ARP traffic, however if it is a network that is at least one router hop away, nmap will use TCP SYNs. If sudo is used, Nmap will send ICMP pings to the subnet under test.
-
23
Is it Really a "Ping"
-
24
Deep Dive into the Default Scan
Let's dissect how a default scan progresses, learning what protocols are used as the scan progresses. We will deep dive into this scan with Wireshark.
-
25
Network and Host Discovery Techniques with Nmap
Let's test to see what we learned!
-
26
What is a TCP/UDP Port?
We use ports all the time in our Nmap scans, but what is a port?
-
27
The Six Port States
-
28
The Stealth Scan
-
29
The TCP Connect Scan
-
30
Which Ports Should We Scan?
-
31
TCP Null, Xmas, FIN, and Ack Scans
Let's learn how these unique scans work, why they work, and when to use them in enumeration.
-
32
When to Use UDP Scans
-
33
How to Interpret Nmap Scan Results
There are lots of different results to sift through after a scan completes. How can we interpret the findings?
-
34
OS Fingerprinting is Key to Exploiting a System
The Nmap OS Fingerprinting and Version scans are powerful features of this tool. Let's learn how they work and when we should use them.
-
35
How OS Fingerprinting Works (And When it Won't)
-
36
What is Version Discovery?
Learning about a service version can help us to take inventory of the active services, or can help us to identify a possible vulnerability.
-
37
Using Verbosity in Nmap Output
Verbosity will give us more detail in the output of an Nmap scan. This is a great option to know!
-
38
Exporting Nmap Results to a File
-
39
Discovering OS Fingerprints and Service Versions with Nmap
Let's test our knowledge of these features in Nmap!
-
44
What is the NSE?
Learning NSE is both fun and awesome! It really helps us to level up our scans. Let's see how.
-
45
The Script Database
Let's learn where the Nmap scripts are stored and how to update them.
-
46
Lab - NSE: The Default Scripts
-
47
Lab - NSE: Banners and HTTP Scripts
-
48
NSE: Practice, Practice, Practice
Don't get lost in the weeds! Practice using these scripts and learning how they work. There are thousands of them. Find your favorites and learn them well.
-
49
Nmap Scripting Engine - Let's Test Our Knowledge!
-
50
Lab Setup - Metasploitable
To go further and learn more NSE scripts, we need to install a vulnerable machine into our lab environment. This video talks about why we need to do this. Please use the link in this module to access a step-by-step walkthrough of how to set this up.
-
51
Lab - HTTP Enumeration - Finding Hidden Folders
Let's learn how to use the http-enum script to enumerate a server that has an open http port.
-
52
Lab - Hacking FTP Logins
Let's check to see if an FTP server supports anonymous logins, and if not, how to brute-force a username/password.
-
53
Lab - SMB Login Enumeration
In this video we will use the SMB scripts to check for common user accounts.
-
54
Lab - NSE Vulnerability Scripts
The "Vulners" script enables us to scan for service versions and will list possible CVE's that may work against the system to exploit it.
-
55
Lab - Scanning for TLS Certificates and Versions
Scanning for TLS versions and certificates will help blue teams to tighten up older systems, as well as give red teams a possible attack vector.
-
56
Why Do This? Be careful!
Let's learn about what Firewalls and IDS systems look for.
-
57
IP Fragmentation
The IP Protocol is designed to allow for fragmentation, especially when passing through a network segment with low MTU's (assuming the DF bit is not set). Let's see how this looks in Wireshark
-
58
Spoofing IP Addresses
Let's learn how to fake the source address we are originating from. If you cannot run this on your system, follow along with the included pcap file!
-
59
Using Decoys to Evade Detection
Decoys will allow us to bury our true address in a sea of other spoofed ones. The good part about using this scan is that we will be able to receive a reply from the target.
-
60
Try to Avoid IDS Systems Altogether!
Let's look at some best practices when performing active recon with Nmap.
-
61
Firewall/IDS Evasion and Spoofing Quiz
Let's test what we learned!
