Syntax Nmap

C:\Documents and Settings\clark>nmap
Nmap 4.52 ( http://insecure.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL : Input from list of hosts/networks
-iR : Choose random targets
--exclude : Exclude hosts/networks
--excludefile : Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sP: Ping Scan - go no further than determining if host is online
-PN: Treat all hosts as online -- skip host discovery
-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO [protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers : Specify custom DNS servers
--system-dns: Use OS's DNS resolver
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags : Customize TCP scan flags
-sI : Idle scan
-sO: IP protocol scan
-b : FTP bounce scan
--traceroute: Trace hop path to each host
--reason: Display the reason a port is in a particular state
PORT SPECIFICATION AND SCAN ORDER:
-p : Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports : Scan most common ports
--port-ratio : Scan ports more common than
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity : Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=safe,intrusive
--script=: is a comma separated list of
directories, script-files or script-categories
--script-args=: provide arguments to scripts
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take


Daftar di atas adalah daftar syntax jika kita ketikkan nmap pada window cmd.
Saya akan menjelaskan syntax yang saya tahu dan pernah saya coba unutk scanning. Ingat ya, saya hanya scanning lho.. Ndak ada langkah lanjut buat hacking ataupun cracking. Soalnya ndak ada basic ilmu babar blass. wqeqeqeqeqe. Yang pasti sebelum menggunakan tool ini, check dulu target dengan ping. Kalau ping yang kita jalankan mendapatkan reply, bukannya time out, maka tool ini bisa untuk melanjutkan langkah kita untuk scanning target.
Sebagai contoh saya akan melakukan scanning pada server yahoo. Saya memilih server Yahoo karena saya yakin akan security mereka yang pasti rapat. Jadi kalau ada pengunjung yang mencoba seperti yang saya bahas persis di sini, tidak akan merugikan pihak Yahoo. Wqeqeqeqe...

C:\Documents and Settings\clark>ping www.yahoo.com

Pinging www.yahoo-ht3.akadns.net [209.131.36.158] with 32 bytes of data:

Reply from 209.131.36.158: bytes=32 time=404ms TTL=52
Reply from 209.131.36.158: bytes=32 time=354ms TTL=52
Reply from 209.131.36.158: bytes=32 time=311ms TTL=52
Reply from 209.131.36.158: bytes=32 time=343ms TTL=52

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 311ms, Maximum = 404ms, Average = 353ms

Nah, setelah ping tersebut jelas mendapat reply kita bisa melanjutkan dengan beberapa syntax nmap sesuai keperluan kita. Contoh hasilnya sebagai berikut.

nmap -v -A www.yahoo.com

Perintah ini akan melakukan pengintipan OS dari server, port yang terbuka, dan traceroute dari server tersebut.

C:\Documents and Settings\clark>nmap -v -A www.yahoo.com

Starting Nmap 4.52 ( http://insecure.org ) at 2008-07-26 13:16 SE Asia Standard
Time
Initiating Ping Scan at 13:16
Scanning 209.131.36.158 [2 ports]
Completed Ping Scan at 13:16, 0.53s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:16
Completed Parallel DNS resolution of 1 host. at 13:16, 5.59s elapsed
Initiating SYN Stealth Scan at 13:16
Scanning f1.www.vip.sp1.yahoo.com (209.131.36.158) [1714 ports]
Discovered open port 443/tcp on 209.131.36.158
Discovered open port 80/tcp on 209.131.36.158
Completed SYN Stealth Scan at 13:17, 45.80s elapsed (1714 total ports)
Initiating Service scan at 13:17
Scanning 2 services on f1.www.vip.sp1.yahoo.com (209.131.36.158)
Service scan Timing: About 50.00% done; ETC: 13:18 (0:00:50 remaining)
Completed Service scan at 13:18, 105.23s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against f1.www.vip.sp1.yahoo.com (209.131.36.15
8)
Retrying OS detection (try #2) against f1.www.vip.sp1.yahoo.com (209.131.36.158)

Initiating Traceroute at 13:19
209.131.36.158: guessing hop distance at 12
Completed Traceroute at 13:19, 21.81s elapsed
Initiating Parallel DNS resolution of 15 hosts. at 13:19
Completed Parallel DNS resolution of 15 hosts. at 13:19, 8.38s elapsed
SCRIPT ENGINE: Initiating script scanning.
Initiating SCRIPT ENGINE at 13:19
Completed SCRIPT ENGINE at 13:20, 12.39s elapsed
Host f1.www.vip.sp1.yahoo.com (209.131.36.158) appears to be up ... good.
Interesting ports on f1.www.vip.sp1.yahoo.com (209.131.36.158):
Not shown: 1712 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
|_ HTML title: Yahoo!
443/tcp open https?
| SSLv2: server still supports SSLv2
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_IDEA_128_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_RC4_64_WITH_MD5
| SSL2_DES_64_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
|_ SSL2_RC4_128_EXPORT40_WITH_MD5
2 services unrecognized despite returning data. If you know the service/version,
please submit the following fingerprints at http://www.insecure.org/cgi-bin/ser
vicefp-submit.cgi :

Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
No OS matches for host
TCP Sequence Prediction: Difficulty=246 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.00
2 0.00
3 46.00
4 125.00
5
6 ... 9 no response
10 62.00
11 110.00
12 110.00
13 344.00
14 328.00
15 297.00
16 297.00 ae0-p151.msr2.sp1.yahoo.com (216.115.107.75)
17 407.00 te-9-1.bas-a1.sp1.yahoo.com (209.131.32.23)
18 406.00 f1.www.vip.sp1.yahoo.com (209.131.36.158)

Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at http:
//insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 232.078 seconds
Raw packets sent: 3539 (159.682KB) | Rcvd: 667 (397.286KB)
Maaf kalau beberapa ada yang saya hilangkan untuk menjaga privacy saya sendiri dan keamanan akses yang saya pakai.

nmap -v -O (target)

Perintah ini akan melakukan pendeteksian Operasi System dari server tersebut. Apakah Windows server 2003, atau server berbasis Linux dengan beberapa distro yang ada, atau device lain seperti radio AP, IP Camera atau juga modem ADSL. Itu bisa diketahui dengan perintah ini.
Sebagai contoh seperti berikut:

C:\Documents and Settings\clark>nmap -v -O 125.163.201.xxx

Starting Nmap 4.52 ( http://insecure.org ) at 2008-07-26 13:30 SE Asia Standard
Time
Initiating Ping Scan at 13:30
Scanning 125.163.201.13 [2 ports]
Completed Ping Scan at 13:30, 0.36s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:30
Completed Parallel DNS resolution of 1 host. at 13:30, 5.59s elapsed
Initiating SYN Stealth Scan at 13:30
Scanning 13.subnet125-163-201.speedy.telkom.net.id (125.163.201.xxx) [1714 ports]

Discovered open port 21/tcp on 125.163.201.xxx
SYN Stealth Scan Timing: About 29.07% done; ETC: 13:32 (0:01:13 remaining)
Completed SYN Stealth Scan at 13:31, 67.72s elapsed (1714 total ports)
Initiating OS detection (try #1) against 13.subnet125-163-201.speedy.telkom.net.
id (125.163.201.xxx)
Retrying OS detection (try #2) against 13.subnet125-163-201.speedy.telkom.net.id
(125.163.201.xxx)
Host 13.subnet125-163-201.speedy.telkom.net.id (125.163.201.xxx) appears to be up
... good.
Interesting ports on 13.subnet125-163-201.speedy.telkom.net.id (125.163.201.xxx):

Not shown: 1705 filtered ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp closed telnet
25/tcp closed smtp
80/tcp closed http
110/tcp closed pop3
143/tcp closed imap
220/tcp closed imap3
443/tcp closed https
3389/tcp closed ms-term-serv
No OS matches for host
TCP Sequence Prediction: Difficulty=119 (Good luck!)
IP ID Sequence Generation: Incremental

Read data files from: C:\Program Files\Nmap
OS detection performed. Please report any incorrect results at http://insecure.o
rg/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 80.000 seconds
Raw packets sent: 5212 (233.544KB) | Rcvd: 43 (2442B)


Dari hasil tersebut kita bisa tahu kalau pemilik IP tersebut adalah sebuah modem ADSL yang terhubung dengan server Speedy Telkomsel. Beberapa saya edit untuk melindungi host yang saya scan untuk kasih contoh ini. Dan modem tersebut bisa diakses dengan telnet, karena port 23 terbuka dan bisa diakses via http karena port 80 nya terbuka. Jadi kalau kita ketikkan IP tersebut di browser kita, akan muncul tampilan login meminta username dan password.


nmap -v -iR 10000 -PN -p 80

Perintah ini akan menjalankan scanning pada network kita secara acak dengan target 10000 host dan yang terbuka port 80 nya. Jadi hasilnya nanti adalah 10000 host/device yang terbuka port 80 nya, yang terhubung dengan komputer kita. Kalau kita terhubung dengan internet, hasilnya biasanya web server.

Dough..
Capek juga rupanya nyusun tulisan ini. Itu aja dulu yagh.. Ntar kalau aku dapet ilmu lagi yang bener bener jelas, aku share lagi di blog ini.
Makasih dah baca dan kunjungi rumah saya yang buruk ini.. Wqeqeqeq...
Share on Google Plus

About Elang Raja

Menulis, menyusun, menyimpan dan mengingat beberapa gal yang sudah dan ingin ditelusuri dalam keseharian yang biasa biasa saja ini.

0 comments:

Post a Comment