☑️Introduction to Nmap

Enumeration is the most critical part of all. The art, the difficulty, and the goal are not to gain access to our target computer. Instead, it is identifying all of the ways we could attack a target we must find.

It's not hard to get access to the target system once we know how to do it. Most of the ways we can get access we can narrow down to the following two points:

• Functions and/or resources that allow us to interact with the target and/or provide additional information.

• Information that provides us with even more important information to access our target.

Most of the information we get comes from misconfigurations or neglect of security for the respective services.

Manual Enumeration is very important. As automated tools sometimes have timer thresholds and can show that some services are closed it the timeout expires.

One of such tool is Nmap or Network Mapper. Its a network scanning tool that offers the following techniques: Host discovery, Port scanning, Service enumeration and detection, OS detection, Scriptable interaction with the target service (Nmap Scripting Engine).

nmap --help

<SNIP>
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
<SNIP>

This is what the syntax looks like:

-sS

One of the options are TCP-SYN scan where we send TCP packets with SYN flag therefore never completing the three-way handshake. We know if the port is open if we receive a TCP-ACK packet. On the other hand if we receive RST flagged packets then the port is closed.