Tuesday, February 7, 2012

Nmap 5.61 TEST4 released

Nmap 5.61 TEST4 released

The Legendary NMAP's new version Nmap 5.61 TEST4 have released. It include some new features as below.
  • a spidering library and associated scripts for crawling websites.
  • 51 new NSE scripts, bringing the total to 297.
  • a new vulnerability management library which stores and reports found vulnerabilities.

Mostly we use nmap for the following scenario, but in this article I will like to share some information regard to the usage of the nmap for better discovery

  • Host Discovery
  • Port Scanning
  • Version Detection
  • OS Detection
  • Scriptable interaction with the target
You can refer the nmap download link from here. If you are a backtrack users, the software is preloaded and you can find the download page as well. A lot of people they use nmap for port scanning and they start to practice a hidden scanning and etc. But do you know that, by port scanning we just can know what does the remote system have. It won't tell you that the system is vulnerable for attack or etc. Just take for example on MS08-067 vulnerabilities. The most common syntax and flags that we use during the scanning will be nmap -sS ip address -P0 -A -sV. 

Base on this result, what it give you?. Only information of the port opening, type of operating system and etc. From here you will fire up your metasploit and start performing exploitation. without knowing whether the system is really vulnerably for attack.

Since few years back , nmap have the ability to check for vulnerabilities and I am not sure how well this news was broadcasted to the rest. Now we can perform the syntax and flags by typing the following command nmap –sT –script=smb-check-vulns  –P0 By doing this, we will know whether the system is vulnerable for attack.

The next question, the most probably you want to ask will be, how do I know and where to seek for information regard to the list of scripts I can use. Well, now I have something for you at the nmap nsedoc library. You can refer to the above document library for a better understanding on what you needs when you are performing audits.

Stay tune with my articles. Let us know what you though , learns and hope for next articles!. Connect with us on GOOGLE+ , TWITTER and FACEBOOK.

No comments:

Post a Comment