360
Information Security

The Magnificent 7

What Is It?

Nmap is a network security scanner used to discover and enumerate services and server infrastructure. It is typically run at the command line but has many GUI add-ons including some for the Microsoft platform. Nmap is at version 4.2 as of April 2007 and has enjoyed a frequent feature addition and release schedule since its launch. As a result of this, it has tremendous depth and many options. Nmap major functionality includes:

  • Discovering computers on a network, e.g. listing those responding to pings, or which have a port open
  • Enumerating open ports on one or more target systems
  • Detecting application versions by interrogating listening network services
  • OS Recognition, remotely determining OS and hardware characteristics of networked systems

Nmap commonly presents its results as plain text, HTML, or XML. A number of 3rd party scripts and applications have been written to convert raw output into reports, spreadsheets, and charts.

How did it come about?

Nmap was first published in September 1997 in Phrack Magazine, by its author Fyodor aka Gordon Lyon. Nmap was created specifically with flexibility and speed in mind. It was designed to be able to quickly scan very large networks, and to allow the operator to choose from a variety of popular scanning methods all in one compact package. Prior to nmap, you would have needed 3 or 4 different scanners to cover all bases, or as Fyodor put it back in 1997 "Finally I decided to write a whole new scanner, rather than rely on hacked versions of a dozen different scanners in my /usr/local/sbin."

Where would I use it?

We recommend nmap widely to clients with their own security staff, no matter how small. Nmap saves time, narrows focus, and helps you find the most obvious entry points to networks and servers. Nmap can be of assistance in many different situations:

  • Auditing the security of a computer, by identifying the network connections which can be made to it
  • Identifying open ports on a target computer in preparation for attacking it
  • Network inventory, maintenance, and asset management
  • Auditing the security of a network, by identifying unexpected new servers

Why is it so good?

Nmap shows you things you didn't know. It can be both the satellite in orbit and the microscope on your desktop. It can perform slow and detailed analysis of a particular server or quickly scan an entire network. It is a tool that is easy to begin with (simply typing nmap will do something sensible) and has very few vices. The application is available on many platforms and supports an open format for output that facilitates post-processing.

Who uses it?

All professional security assessment and penetration testing consultants will at some time or other have used nmap. We at 360is use it to quickly narrow down a list of devices and then investigate further using our own proprietary tools.

Where do I start?

http://insecure.org/nmap

Our clients