Tuesday, November 25, 2014

NMAPing Faster

NMAP or Network Mapper is a phenomenal tool used for mapping networks, determining the ports open on a host and performing security auditing. The NSE or NMAP Scripting Engine feature allows users to extend the functionality of NMAP by allowing the execution of scripts. These scripts allow users to automate network task such as performing dictionary attacks, performing vulnerability checks, checking for backdoors, etc.

Depending on the size of the network, network performance, open ports among other things, scans may take a long time to complete. By default NMAP will attempt to scan 1000 of the most common ports for each protocol. One combination of NMAP features we can use to make scans faster is to use the -n switch to disable DNS resolution along with limiting the ports that need to be scanned. As seen below the first scan using the default settings took over three seconds to complete but the same scan without DNS resolution and limited to five ports was done in .20 seconds. This technique can save time when looking for targets on a large network or dealing with limited bandwidth.


nmap xxx.xxx.x.xx

Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-25 19:29 CST
Nmap scan report for Muffin (xxx.xxx.x.xx)
Host is up (0.030s latency).
Not shown: 989 closed ports
PORT      STATE    SERVICE
135/tcp   open     msrpc
139/tcp   open     netbios-ssn
445/tcp   open     microsoft-ds
1110/tcp  filtered nfsd-status
5357/tcp  open     wsdapi
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49155/tcp open     unknown
49156/tcp open     unknown
49175/tcp open     unknown
MAC Address: F8:16:54:CA:48:60 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds


nmap -n -p 139,445,80,8080 xxx.xxx.x.xxx

Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-25 19:30 CST
Nmap scan report for xxx.xxx.x.xx
Host is up (0.093s latency).
PORT     STATE  SERVICE
80/tcp   closed http
139/tcp  open   netbios-ssn
445/tcp  open   microsoft-ds
8080/tcp closed http-proxy
MAC Address: F8:16:54:CA:48:60 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds

No comments:

Post a Comment