ADLER-TECH

Nmap Scanner Training

Day 1: Nmap Fundamentals and Network Discovery 🗺️ (7 Hours)

Module 1: Introduction to Network Scanning (1.5 Hours)

  • What is Nmap? (History, capabilities, and the role of Nmap in security and administration).
  • Installation and Environment (Installing Nmap on Linux/Windows/macOS and basic command-line usage).
  • Scanning Ethics (Legal and ethical considerations: only scan networks you have explicit permission to test).

Module 2: Host Discovery and Basic Port Scanning (2 Hours)

  • The Three Phases of Scanning (Discovery, Port Scan, Service/OS Detection).
  • Host Discovery Techniques (Identifying live hosts: -sP / -sn, ARP requests, ICMP echo requests (-PE), and TCP/UDP pings).
  • Basic Port Scan Types (Understanding TCP SYN Scan (-sS) vs. TCP Connect Scan (-sT)).
  • Specifying Targets (Scanning single hosts, IP ranges, subnets (CIDR), and reading targets from a file (-iL)).

Module 3: Port Specifications and Output Formats (2 Hours)

  • Targeting Ports (Scanning specific ports (-p), port ranges, and all ports (-p-)).
  • Scan Timing (Adjusting scan speed: Timing templates (-T0 through -T5) and their impact on network performance).
  • Output Formats (Saving results to files: Normal (-oN), Grepable (-oG), and XML (-oX) formats).
  • Advanced Target Specification (Excluding hosts (--exclude) and defining random hosts (-iR)).

Module 4: Firewall Evasion and Stealth (1.5 Hours)

  • Evasion Techniques (Using fragmentation (-f), specifying source ports (--source-port), and sending custom headers).
  • Decoy Scans (Using decoy hosts (-D) to obfuscate the origin of the scan).
  • IP Protocol Scan (-sO): Detecting which IP protocols (TCP, UDP, ICMP, etc.) are supported by target hosts.

Day 2: Advanced Detection, NSE Scripting, and Vulnerability (7 Hours)

Module 5: Service and Version Detection (2 Hours)

  • Service Probing (Executing the Service Version Detection scan (-sV)).
  • RPC Scan (Detecting available RPC services (-sR)).
  • Version Intensity (Controlling the depth of probes (--version-intensity)).
  • Operating System Detection (Executing the OS Detection scan (-O) and understanding its reliance on fingerprinting).
  • Aggressive Scan (Combining common detection options: -A (OS, Version, Script, Traceroute)).

Module 6: Nmap Scripting Engine (NSE) Fundamentals (2.5 Hours)

  • What is NSE? (Understanding the purpose and power of NSE for automation and advanced discovery).
  • Script Categories (Reviewing common categories: safe, vuln, auth, brute, discovery).
  • Running Scripts (Executing single scripts (--script <name>) and categories (--script <category>), and script arguments).
  • Key Security Scripts (Practical labs using popular scripts):
    • Vulnerability Scanning (vuln category scripts, e.g., smb-vuln-*).
    • Authentication (auth category scripts, e.g., ftp-anon).
    • Discovery (e.g., dns-brute, smb-enum).

Module 7: Troubleshooting and Advanced Techniques (1.5 Hours)

  • Debugging Scans (Using verbose output (-v) and debugging options (-d) to understand slow or failed scans).
  • Traceroute (--traceroute): Mapping the network path to the target.
  • Network Performance Tuning (Adjusting parallelization and timeouts for large-scale scanning).
  • Firewall Evasion Review (Recap of stealth techniques and what modern firewalls look for).

Module 8: Review and Practical Lab (1 Hour)

  • Scenario-Based Scanning (Applying the learned techniques to a simulated, layered network environment).
  • Analyzing XML Output (Reviewing advanced analysis tools that parse Nmap’s XML output).