Daim MetroCrew - Nmap memiliki beberapa option untuk meningkatkan performa dan
efisiensi scan terhadap sebuah atau beberapa target. Untuk melakukan
scanning terhadap port tertentu dapat digunakan perintah sebagai berikut
:
root@bt:~# nmap -p80 192.168.2.1 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 12:56 UTC Interesting ports on 192.168.2.1: PORT STATE SERVICE 80/tcp open http MAC Address: 00:E0:0F:7B:D2:C9 (Shanghai Baud Data) Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds root@bt:~# nmap -p80 -sV 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 13:08 UTC Interesting ports on 192.168.2.4: PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.2.6 ((Fedora)) MAC Address: 00:0C:29:18:53:42 (VMware) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 6.45 seconds
Untuk scanning terhadap beberapa host, perintah yang dapat digunakan adalah sebagai berikut :
root@bt:~# nmap -p80 192.168.2.1,3,4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 12:57 UTC Interesting ports on 192.168.2.1: PORT STATE SERVICE 80/tcp open http MAC Address: 00:E0:0F:7B:D2:C9 (Shanghai Baud Data) Interesting ports on 192.168.2.3: PORT STATE SERVICE 80/tcp closed http MAC Address: 00:01:4A:F8:03:A5 (Sony) Interesting ports on 192.168.2.4: PORT STATE SERVICE 80/tcp open http MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 3 IP addresses (3 hosts up) scanned in 0.31 seconds
Untuk scanning terhadap host 192.168.2.4 dengan range port 1 sampai dengan 5000, perintah yang dapat digunakan adalah sebagai berikut :
root@bt:~# nmap -p 1-5000 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 13:05 UTC Interesting ports on 192.168.2.4: Not shown: 4991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.96 seconds
Timing and Operation
nmap menyediakan opsi durasi pengiriman packet scanning terhadap target. Pengaturan timing berguna untuk menghindari Intrusion Detection System (IDS) dan Intrusion Prevention System (IPS) yang dipasang pada target. Nmap memiliki 6 mode pengaturan timing, yaitu :T0 : paranoid
T1 : sneaky
T2 : polite
T3 : normal
T4 : aggressive
T5 : insane
Secara default nmap akan menggunakan dengan template timing T3. Scanning dengan template waktu yang lebih lambat ditujukan untuk menghindari jatuhnya performa jaringan dan mencegah logging oleh Intrusion Detection System (IDS).
root@bt:~# nmap -T4 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:23 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
root@bt:~# nmap -T3 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:25 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds root@bt:~# nmap -T5 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:25 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds nmap juga menyediakan fitur fragmentation terhadap packet yang dikirimkan kepada target. Fitur ini akan memecah dalam kelipatan 8 MB. Ini juga ditujukan untuk menghindari IDS maupun IPS. Untuk memecah packet scanning menjadi 8 byte data dapat digunakan perintah sebagai berikut :
root@bt:~# nmap -f 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:32 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
Untuk memecah packet scanning menjadi 16 byte data dapat digunakan perintah sebagai berikut :
root@bt:~# nmap -f –f 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:36 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds
Juga dapat digunakan option –mtu untuk mengatur besaran byte data yang akan dikirimkan.
root@bt:~# nmap –mtu 16 192.168.2.4
Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:39 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds root@bt:~#
Decoy and Spoofing
Fitur decoy memungkinkan nmap menggunakan IP Address host lain secara bergantian dalam melakukan scanning, perintah yang dapat digunakan adalah sebagai berikut :root@bt:~# nmap -D 192.168.2.3,192.168.2.100,192.168.2.1 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:45 UTC mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 2.95 seconds
Untuk melakukan scanning dengan fake IP Address dapat digunakan perintah sebagai berikut :
root@bt:~# nmap -S 192.168.2.1 -e eth0 192.168.2.4 WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -PN . If you are using it to specify your real source address, you can ignore this warning. Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 12:58 UTC Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds
Untuk scanning dengan spoofing MAC Address, perintah-perintah yang dapat digunakan adalah sebagai berikut :
root@bt:~# nmap –spoof-mac -0 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:52 UTC Spoofing MAC address 00:A0:C9:41:63:FD (Intel – Hf1-06) mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed portsroot@bt:~# nmap –spoof-mac 11:22:33:44:55:66 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 05:54 UTC Spoofing MAC address 11:22:33:44:55:66 (No registered vendor) mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds
root@bt:~# nmap –spoof-mac D-Link 192.168.2.3 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:04 UTC Spoofing MAC address 00:05:5D:42:F6:99 (D-Link Systems) mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.3: Not shown: 997 closed ports PORT STATE SERVICE 135/tcp open msrpc 912/tcp open unknown 51493/tcp open unknown MAC Address: 00:01:4A:F8:03:A5 (Sony)
Nmap done: 1 IP address (1 host up) scanned in 1.54 seconds root@bt:~# nmap –spoof-mac D-Link 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 06:04 UTC Spoofing MAC address 00:05:5D:35:B2:C9 (D-Link Systems) mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds
Output Logging
nmap mempunyai fitur output untuk menyimpan hasil scanning kedalam file. Perintah yang dapat digunakan adalah sebagai berikut :root@bt:~# nmap -oN /root/hasil.scan 192.168.2.4 Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2010-01-20 13:31 UTC Interesting ports on 192.168.2.4: Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3128/tcp open squid-http 3306/tcp open mysql MAC Address: 00:0C:29:18:53:42 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds Bila menginginkan output dalam format XML, dapat digunakan perintah nmap -oX
Terima Kasih Sudah Meninggalkan Jejakmu Disini Kawan.. :)) EmoticonEmoticon