Nmap Tutorial For Beginners - 1 - What is Nmap?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys hack exploit here back again with another video and welcome to nmap for beginners so this is going to be a continuation in the ethical hacking course now what is nmap well basically nmap is a footprinting tool or a reconnaissance tool now i had already explained this in the first class the first ethical hacking class and this is basically the first step of hacking where you actually find information about the target or the ip or the website so basically nmap is a footprinting tool that gets more information about the um the target or the ip or the website for that matter in my opinion i think nmap is a must-have for any pen testers or ethical hackers or hackers for that matter so uh basically nmap is available on almost all the platforms all you have to do is just go to the website i'm just going to open nmap here it's nmap.org that's their website it's a free free software so you can go and download it as you can see here it's there available for linux windows and i believe mac os so if you're actually on map if you're actually on mac i believe it's there so uh you can actually install it on uh linux and windows because of the most popular operating systems however if you're using kali linux or parrot os like i am it already comes pre-installed so the two ways you can go about launching it on windows i think you just have to run the nmap command in the command prompt uh same as with linux but if you're actually running a um a penetration uh testing distro like parrot os or linux or kali linux it's just in the information gathering section which is basically recony reconnaissance so we have nmap right here and all you have to do is open nmap and it's going to ask you for your root password because it's going to need elevated privileges so that's one way of of starting inmate now the second way of starting nmap is just by opening a terminal entering your root password or launching it in administrator mode on windows and you just want to enter your password and then i'm just going to clear the console like so and i'm just going to enter nmap and i'm going to enter the help help option which will basically give me all the options available with nmap now it's going to look a bit overwhelming because it's going to give you a lot of lot of options you can just look at this as a manual basically they're giving you the different options that you can use for your different methods of scanning so just don't worry about anything just scroll down all the way to the bottom and look at where it says examples i'm going to use these examples to guide you um to guide you in your in this tutorial so firstly uh i wanna just say something nmap is a very very very noisy scanner now the reason what i mean by this is nmap is easily detectable by firewalls and uh by servers so they actually know that you're scanning them so the real charm of using nmap is not just scanning a server or a site or an ip address for that matter it's how to do it anonymously or very quietly so that you're not detected i'm going to get to that uh very very soon so uh just make sure that you don't do anything illegal i mean this is only for educational purposes so uh yeah so let's get to the next part all right now as i was saying in the example section uh it's just gonna give you an example of what a um a basic nmap run would look like you have your nmap command which initializes nmap and then you have your parameters that will bring results uh depending on what you want out of those results so you have your v and a now before we get to that nmap basically gives you a free testing scanning machine where they allow you to scan their this scanme.nmap.org this web address for educational purposes so as you can see here hello welcome to scanme.nmap.org don't worry the website will be in the description section if you're too lazy to type that out uh so as you can see we set up this machine to help folks learn about nmap and also to test and make sure that the nmap installation or internet connection is working properly you're authorized to scan this machine with nmap or the port scanners try not to hammer on the server too hard a few scans in a day is fine but do not scan 100 times a day or use this site to test your ssh brute force password tracking tool so basically they are allowing you they're giving you permission to scan this which is what i was going to say you need written permission to scan any ip address any any website or any server for uh whatever you do uh it's on you that's what i wanted to just put out so we're going to use this as an example during uh the the nmap tutorials so coming back here as you can see they've given you example scan with the scan me dot nmap.org address so what does v mean well v basically prints the version number or the name of the of these of the server uh basically the address name all right now the a basically prints the uh os detection the version detection and script scanning so it'll basically give you the operating system the version the operating system itself and this it will scan for scripts all right now if we go down to the second one we have a bit of a different uh command here just ignore the sn for now i will get to that in a future tutorial now we as you can see here there's something a bit confusing we have a very weird looking ip configuration well this is not really unusual in fact what this means is this is a range of ip addresses now don't be confused by this what this means uh is basically you can pass a range of ib ip addresses like from this ip address to this ib address you want nmap to scan that they could be belonging to an organization so you can basically do a very powerful nmap scan on like multiple ip addresses now before we move on i just want to show you an example of what i mean so what you want to do is open a browser and i just want you to search for this all right i want you to search for major ip block right that's the one i want you to search for major ip block with whichever search engine and it's going to open the major ip address blocks just click on that by near soft now this means is basically these are the ip ranges in every country all around the world so these are all the ip addresses registered to people or to companies so you can choose from whatever country that you want to scan from uh really anything it's up to you right so we can just try france uh let's just try france for example and it'll give you all the ips and their ranges so as you can see from this ip to this ip belongs to orange sa and it has the assigned date and the total amount of ip addresses now this comes to the very important part i wanted to explain about reconnaissance here if you have an ip address you can really do a lot with it and you can actually find a lot of information related to that ip address which is what i'm going to show you right now so i'm just going to pick a random ip address let's try um let's try this one here all right i'm just gonna copy it no it's not allowing me to copy there we are copying and i'm just gonna search uh for this is a very important command this will basically give us the info about who this ip belongs to who is all right so we're going to say who is and we're going to paste that there and we're going to enter and it's going to open in a search engine who the ip address belongs to so we're just going to open the first site that we get here so just open it and it shouldn't take too long and it's going to give you the um it's going to give you all the information about it so it's going to tell you uh the country i saw the time zone europe paris so you know it's in paris it also has the longitude and latitude um coordinates so you can actually get the location uh however with the with the ip range addresses what they do the the basically the providers the internet providers is they basically assign it to a location and no more they don't have like a specific address so usually the location is about 90 percent accurate i will get to geolog location in the future that's a bit of an advanced tutorial uh but basically you can get information about an ip using the who is the command which brings me to the second part of what i wanted to say about the who is nip addresses the search engines are your best best best friend when it comes to looking when it comes to reconnaissance or footprinting you can really really use them to advantage and as you can see it's given me the range here on this website and it will give you the location and the longitude and latitude and geolocation and so on and so forth so you get the idea don't worry the websites that i've used here will be linked in the description all right so let's just head over back to nmap all right um one more command i wanted to show you that's really not linked to nmap but is also important for scanning or reconnaissance is the ns lookup all right so nslookup is available on windows you don't need to install it it's just part of the operating system as it is on linux you hit ns lookup and then you enter the um the target it can be an ip address or a web or a website so i'm going to copy this site the scan me site because again i want to keep this as legal as possible and i'm just going to hit enter all right and it's going to give me the address so as you can see this allows you to actually get the address of the website and you can do it and vice versa so if i if i copied this all right and i said yeah ns look up and i pasted the uh the address there hopefully it will give me the name of the site all right and as you can see here the name is canme.nmap.org all right pretty awesome right now um if i just want to give you a quick tip with nslookup uh let's say you're running a lot of scans and you want to save them to a document or a to a file so what i'm going to do is i'm going to i want to save them on the desktop right so i'm going to hit ns lookup and we're going to let's say we want to find the name of the of this ip address we're going to find what who it's registered to and then what you want to do is you just want to use the two greater than signs and you want to give a name to a document that you want to save it to in this case i'm going to use a txt document and i'm going to save it on my desktop because that's where i opened the terminal from although you could change it to whatever directory you're in so i'm going to say results dot txt and i'm going to hit enter and it's going to open results.txt as you can see over here and if i open it it'll give me the scan results pretty awesome and you can keep on saving them in here and it's just going to do it for you automatically so uh this is uh basically what i wanted to explain to you for the first tutorial there's a lot of said in this tutorial and i just wanted all of that to sink in in the next tutorial i'm gonna go through the advanced nmap commands but uh that's basically what i wanted to tell you uh today um basically what we've gone through in to summarize is we've gone through what nmap is um the nmap help commands the what the end map the nmap what what do they call the parameters mean uh when i was talking about these parameters right here the v and the a and there's a lot of them here which i'll go get uh do in a in another video uh right after this one i just want you guys to practice what i've shown you in this video and just practice a bit of reconnaissance and uh yeah you'll get it you'll find it really really interesting to see how much information you can dig up from a lot of thing a lot of these servers and ip addresses so that's been it guys i hope this video helped you and you enjoyed it uh if you if it did help you please leave a like if it didn't help you you can dislike the video and let me know why in the comments section alternatively if you have any question hit me up in the comment section social media and or kick i'm always there and i'm ready to help you guys otherwise we're going to continue uh the advanced stuff in the next video thanks for watching so much and have a fantastic day peace
Info
Channel: HackerSploit
Views: 957,103
Rating: undefined out of 5
Keywords: nmap full tutorial, nmap kali, nmap tutorial for windows, nmap tutorial kali linux, nmap tutorial windows 7, nmap 101, nmap android, nmap beginner, nmap for hacking, nmap basics, nmap, nmap advanced, nmap and metasploit, nmap attack, nmap avanzado, a map, nmap complete tutorial, nmap course, nmap curso, nmap defcon, nmap download, nmap ddos, kali linux hacking tutorials, kali linux tutorial for beginners, kali linux tutorials, kali linux 2016.2, kali linux commands
Id: 5MTZdN9TEO4
Channel Id: undefined
Length: 13min 23sec (803 seconds)
Published: Thu Mar 16 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.