Modul 2

Network Scanning
(Nmap)
Information Asset Protection
Tim Asisten 2024
What is Nmap?

Nmap (Network Mapper) adalah

sebuah pemindai jaringan dibuat
oleh Gordon Lyon / Fyodor Vaskovich.
Nmap digunakan untuk menemukan
host dan layanan di jaringan
komputer dengan mengirimkan
paket dan menganalisis responnya.
 How to use Nmap
Nmap CLI: Nmap GUI:
https://nmap.org/download.html https://nmap.org/zenmap/
Oracle VirtualBox network settings
Set VirtualBox to bridge network
Set VirtualBox to bridge network
Nmap help / manual

nmap -h man nmap

More information: https://nmap.org/docs.html

 Nmap basic commands
nmap <target>: Performs a basic TCP SYN scan of a single target IP
address or hostname.

Domain name IP Address

 Nmap basic commands
Subnet scan IP range scan

IP/Subnet scan (exclude)

Target list scan

 Nmap most used flags
-p (Port Specification): Specifies which ports to scan, can be single port numbers, ranges, or
comma-separated lists.
- Example: nmap -p 80 192.168.0.1
- Use case: Checking if port 80 (HTTP) is open on a specific host.

-sS (TCP SYN Scan): Sends SYN packets to target ports to determine open ports, stealthy.
- Example: nmap -sS 192.168.0.1
- Use case: Conducting a stealthy scan to identify open ports on a target host without
completing the TCP connection.

-sT (TCP Connect Scan): Establishes full TCP connections with target ports, less stealthy than SYN
scan.
- Example: nmap -sT 192.168.0.1
- Use case: Performing a comprehensive scan by fully connecting to each port to determine
their state.
 Nmap most used flags
-sU (UDP Scan): Sends UDP packets to target ports, useful for discovering UDP services.
- Example: nmap -sU 192.168.0.1
- Use case: Identifying open UDP ports, such as DNS (port 53), which are commonly used for
services that don't require a TCP connection

-Pn (No Ping): Skips host discovery, assumes target is online, proceeds with scan regardless of ping
response.
- Example: nmap -Pn 192.168.0.1
- Use case: Conducting a scan without relying on ping responses to determine if the target
host is online, useful in scenarios where ICMP is blocked or disabled.

-T (Timing Template): Sets timing template for scan speed and aggressiveness, from -T0 (paranoid)
to -T5 (insane).
- Ex: nmap -T4 192.168.0.1
- Use case: This can help balance scan speed and stealthiness based on the target
environment and requirements.
 Nmap most used flags
-sV (Service Version Detection): Determine the version of the services running on open ports of the
target host.
- Example: nmap -sV 192.168.0.1
- Use case: Identifying the exact versions of services running on a target host

-O (OS Detection): Enables OS detection, which attempts to determine the operating system
running on the target host based on various characteristics such as TCP/IP stack behavior.
- Example: nmap -O 192.168.0.1
- Use case: Identifying the operating system of a target host, which can provide valuable
information for security assessments and network management.

-oN / oX / oG / oA (Output): Saves scan results in normal format (.txt / .xml / .gnmap) to the
specified file.
- Example: nmap -oN scan_results.txt 192.168.0.1
- Use case: Saving scan results to a file in a human-readable format for later analysis or
documentation.
 Nmap scripts (NSE)
NSE (Nmap Scripting Engine) is a powerful scripting language embedded within Nmap, a
widely-used network scanning tool.

Script: http-title
Use case: retrieves the title of a webpage
Example: nmap --script http-title www.google.com

Language: Lua https://www.lua.org/

 Other footprinting tools
Whois is a simple yet effective tool for gathering information about a domain name. It queries a
WHOIS server, which maintains a database of registered domain names and their associated
contact details.
Example: whois google.com

DNSenum is a powerful tool for performing DNS enumeration. It can discover various records
associated with a domain, aiding in footprinting and reconnaissance.
Example: dnsenum google.com

TheHarvester is an open-source tool for gathering information from various online sources. It
focuses on collecting email addresses, names, etc.
Example: theHarvester -d google.com -b bing,yahoo
 Assignment
Lakukan scan menggunakan nmap terhadap device kalian sendiri, bukan VM Kali Linux atau VM
lainnya. Melainkan Host machine asli kalian Windows/Mac. Scan disarankan untuk dilakukan dari
VM Kali ke Host machine. Namun jika terkendala, silahkan scan langsung dari Host machine asli
(127.0.0.1 / localhost). Untuk scan, gunakan flags berikut:
a. -sT
b. -sU
c. -A -oN results.txt
Deadline: 4th April 2024,17:00 WIB
Untuk poin (a,b):
Dalam satu file dengan format:
- Apa saja port yang terbuka Format: TugasX_PAIY_NRP.pdf
- Jelaskan fungsi port yang terbuka X = Nomor Tugas
Y = Kelas
Untuk poin (c): Contoh: Tugas2_PAIC_5026201001.pdf
- Jelaskan fungsi flag (-A) berdasarkan hasil yang didapatkan
- Jelaskan insight apa saja yang ditemukan dari hasil scan
- Copy isi results.txt ke pada akhir laporan

Jangan lupa dokumentasikan setiap langkah menggunakan screenshot!

 FAQ

Q: Bagaimana cara melakukan scan terhadap device sendiri?

A: Apabila dari VM ke Host machine (Kali VM ke Windows/Mac) gunakan IP dari Host machine. Jika
secara langsung dari Host machine, gunakan 127.0.0.1 atau localhost.

Q: Bagaimana cara mencari IP dari Host machine?

A: Gunakan ipconfig / ifconfig. Umumnya akan berbentuk 192.168.0.X / 172.16.0.X / 10.0.0.X

Q: Dari VM tidak dapat melakukan scan terhadap Host Machine?

A: Cek konfigurasi VirtualBox / VMWare, gunakan NAT / NAT Network / Bridge. Atau install Nmap
pada Host machine https://nmap.org/download.html dan lakukan scan langsung dari Host
machine.