By @rosinni at 4Geeks Academy
Estas instrucciones están disponibles en Español
We need you! These exercises are built and maintained in collaboration with contributors such as yourself. If you find any bugs or misspellings please contribute and/or report them.
In this practice, we will learn how to use Nmap, a widely recognized open-source tool for network analysis and security. With Nmap, we will perform scans on a target machine (in this case, a Debian machine) from a Kali Linux machine.
We will identify active hosts, open ports on the network, and which services are operating on those ports. This will allow us to search for possible vulnerabilities in the detected services and understand the security weaknesses that may exist in the network.
- Virtual machine with Kali Linux (Scannig machine)
- Virtual machine with Debian (Target machine)
- Open this URL and fork the repository https://github.com/breatheco-de/scan-with-nmap-practic
A new repository will be created in your account.
- Clone the newly created repository into your localhost computer.
- Once you have cloned successfully, follow the steps below carefully, one by one.
On the Kali machine, we will perform a scan with Nmap to discover active hosts and open ports on a network or a specific device.
- Install Nmap (if not installed):
sudo apt-get install nmap- Basic scan of a target (Replace <debian_IP> with the Debian machine's IP):
nmap <IP_debian>After performing the scan, Nmap will provide a list of open ports and the services operating on those ports.
- Scan ports and services:
nmap -sV <debian_IP>This option (-sV) allows detection of the version of the service operating on each port.
- Detailed scan and vulnerability search:
nmap -sV --script=vuln <debian_IP>The option (--script=vuln) runs Nmap's built-in vulnerability detection scripts.
-
Note the Services and Their Versions From the scan results, take note of the services and their versions. For example:
- Apache 2.4.7
- OpenSSL 1.0.1f
- OpenSSH 6.6.1p1
-
Search for Vulnerabilities in Public Databases Use public vulnerability databases to find information about the detected services. The most common sources are:
- NVD (National Vulnerability Database): https://nvd.nist.gov/
- CVE Details: https://www.cvedetails.com/
- Exploit Database: https://www.exploit-db.com/
- Vulners: https://vulners.com/
💡Example: For the Apache 2.4.7 service, go to the NVD page: https://nvd.nist.gov/ and enter "Apache 2.4.7" in the search bar.
- Document the vulnerabilities in a structured manner. Here is an example of how to document a vulnerability:
- In the root of the forked project, upload the report in
.pdfformat with the namevulnerability-report.pdf.