Zenmap For Mac

Posted on  by 



Some of this tool’s best features are that it’s open-source, free, multi-platform and receives constant updates each year. It also has a big plus: it’s one of the most complete host and network scanners available. It includes a large set of options to enhance your scanning and mapping tasks, and brings with it an incredible community and comprehensive documentation to help you understand this tool from the very start. Nmap can be used to:

Basic Nmap Scan against IP or host. Now, if you want to scan a hostname, simply. This command will scan your network from 192.168.0.1 to 255 and will display the hosts with their MAC address on your network. In case you want to display the mac address for a single client, use this command make sure you are on root or use 'sudo' sudo nmap -Pn 192.168.0.1 this command will display the host MAC address and the open ports. Get Mac Address Of Local System Get Mac Address Of Remote But Same Network System. We can use Nmap to get mac address of a host if we are in the same network segment. $ sudo nmap -sP -n 192.168.122.0/24 Get Mac Address Of Remote But Same Network System Get Mac Address Of Remote System With Snmp. The more complicated way is using SNMP service. Download Zenmap - You can easily track the network activity, as well as the traffic on a specific website, based on the available hosts, with this application.

  • Create a complete computer network map.
  • Find remote IP addresses of any hosts.
  • Get the OS system and software details.
  • Detect open ports on local and remote systems.
  • Audit server security standards.
  • Find vulnerabilities on remote and local hosts.
Zenmap

It was mentioned in the Top 20 OSINT Tools article we published, and today we’ll explore a little bit more about this essential security tool with some practical terminal-based Nmap commands.

Best 15 Nmap command examples

Let’s get to know a few useful command-line based scans that can be performed using Nmap.

1. Basic Nmap Scan against IP or host

nmap 1.1.1.1

Now, if you want to scan a hostname, simply replace the IP for the host, as you see below:

nmap cloudflare.com

These kinds of basic scans are perfect for your first steps when starting with Nmap.

2. Scan specific ports or scan entire port ranges on a local or remote server

Nmap

nmap -p 1-65535 localhost

In this example, we scanned all 65535 ports for our localhost computer.

Nmap is able to scan all possible ports, but you can also scan specific ports, which will report faster results. See below:

Nmap for mac

nmap -p 80,443 8.8.8.8

3. Scan multiple IP addresses

Let’s try to scan multiple IP addresses. For this you need to use this syntax:

nmap 1.1.1.1 8.8.8.8

You can also scan consecutive IP addresses:

nmap -p 1.1.1.1,2,3,4

This will scan 1.1.1.1, 1.1.1.2, 1.1.1.3 and 1.1.1.4.

Zenmap For Mac

4. Scan IP ranges

You can also use Nmap to scan entire CIDR IP ranges, for example:

nmap -p 8.8.8.0/28

This will scan 14 consecutive IP ranges, from 8.8.8.1 to 8.8.8.14.

An alternative is to simply use this kind of range:

nmap 8.8.8.1-14

You can even use wildcards to scan the entire C class IP range, for example:

nmap 8.8.8.*

This will scan 256 IP addresses from 8.8.8.1 to 8.8.8.256.

If you ever need to exclude certain IPs from the IP range scan, you can use the “–exclude” option, as you see below:

nmap -p 8.8.8.* --exclude 8.8.8.1

5. Scan the most popular ports

Using “–top-ports” parameter along with a specific number lets you scan the top X most common ports for that host, as we can see:

nmap --top-ports 20 192.168.1.106

Replace “20” with the desired number. Output example:

6. Scan hosts and IP addresses reading from a text file

In this case, Nmap is also useful to read files that contain hosts and IPs inside.

Let’s suppose you create a list.txt file that contains these lines inside:

The “-iL” parameter lets you read from that file, and scan all those hosts for you:

nmap -iL list.txt

7. Save your Nmap scan results to a file

On the other hand, in the following example we will not be reading from a file, but exporting/saving our results into a text file:

nmap -oN output.txt securitytrails.com

Nmap has the ability to export files into XML format as well, see the next example:

nmap -oX output.xml securitytrails.com

8. Disabling DNS name resolution

If you need to speed up your scans a little bit, you can always choose to disable reverse DNS resolution for all your scans. Just add the “-n” parameter.

See the difference with a normal DNS-resolution enabled scan:

9. Scan + OS and service detection with fast execution

Using the “-A” parameter enables you to perform OS and service detection, and at the same time we are combining this with “-T4” for faster execution. See the example below:

nmap -A -T4 cloudflare.com

This is the output we got for this test:

10. Detect service/daemon versions

This can be done by using -sV parameters

nmap -sV localhost

As you can see here:

11. Scan using TCP or UDP protocols

One of the things we love most about Nmap is the fact that it works for both TCP and UDP protocols. And while most services run on TCP, you can also get a great advantage by scanning UDP-based services. Let’s see some examples.

Standard TCP scanning output:

UDP scanning results using “-sU” parameter:

12. CVE detection using Nmap

One of Nmap’s greatest features that not all the network and systems administrators know about is something called “Nmap Scripting Engine” (known as NSE). This scripting engine allows users to use a pre-defined set of scripts, or write their own using Lua programming language.

Using NSE is crucial in order to automate system and vulnerability scans. For example, if you want to run a full vulnerability test against your target, you can use these parameters:

nmap -Pn --script vuln 192.168.1.105

Output example:

As you can see, in this vulnerability test we were able to detect one CVE (Slowloris DOS attack).

Stay in the loop with the best infosec news, tips and tools

Follow us on Twitter to receive updates!

13. Launching DOS with Nmap

Nmap features never seem to end, and thanks to the NSE, that even allows us to launch DOS attacks against our network testings.

In our previous example (#12) we found the host was vulnerable to Slowloris attack, and now we’ll try to exploit that vulnerability by launching a DOS attack in a forever loop:

14. Launching brute force attacks

NSE is really fascinating – it contains scripts for everything you can imagine. See the next three examples of BFA against WordPress, MSSQL, and FTP server:

WordPress brute force attack:

Zenmap Windows 10

Brute force attack against MS-SQL:

FTP brute force attack:

nmap --script ftp-brute -p 21 192.168.1.105

15. Detecting malware infections on remote hosts

Nmap is able to detect malware and backdoors by running extensive tests on a few popular OS services like on Identd, Proftpd, Vsftpd, IRC, SMB, and SMTP. It also has a module to check for popular malware signs inside remote servers and integrates Google’s Safe Browsing and VirusTotal databases as well.

A common malware scan can be performed by using:

nmap -sV --script=http-malware-host 192.168.1.105

Or using Google’s Malware check:

nmap -p80 --script http-google-malware infectedsite.com

Output example:

Nmap is one of the most complete and accurate port scanners used by infosec professionals today. With it, you can perform simple port scan tasks or use its powerful scripting engine to launch DOS attacks, detect malware or brute force testings on remote and local servers.

Today we covered the top fifteen Nmap commands to scan remote hosts, but there’s a lot more to discover if you’re starting to use Nmap in your OSINT strategy.

If you also need to map domains, IPs and discover DNS zones, try our SecurityTrails toolkit, or grab a free API account today.

Find all your DNS records, IP addresses, Ports and Domain names in seconds — without running any scans!

Zenmap Download For Mac

Fill out the form to learn how SurfaceBrowser™ can help you identify your attack surface.
Fill out my form.

Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

Zenmap For Mac

Get the best cybersec research, news, tools,
and interviews with industry leaders





Coments are closed