Wednesday, 10 July 2019

Sample Network Scanning of Routers using Nmap


Nmap, or short for Network Mapper, is a free and pen-source tool for scanning vulnerabilities and can also be used for network discovery. It can help identify what devices are running on their systems, discovering hosts that are available and the services they running. To see the open ports or running daemon/services in your routers or switches, you can use nmap to test your routers.

where: 192.168.1.1 is your router IP
Sample1: To scan using default safe scripts
nmap -sV -sC 192.168.1.1

Sample result:
[networkbio@server ~]$ nmap -sV -sC 192.168.1.1

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-10 15:12 +08
Nmap scan report for 192.168.1.1
Host is up (0.41s latency).
All 1000 scanned ports on 192.168.1.1 are closed

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 99.49 seconds

Sample2: Reports the number of algorithms (for encryption, compression, etc.) that the target SSH2 server offers. If verbosity is set, the offered algorithms are each listed by type.

[networkbio@server ~]$ nmap --script ssh2-enum-algos -p22 192.168.1.1

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-10 15:06 +08
Nmap scan report for 192.168.1.1
Host is up (0.0017s latency).
PORT   STATE SERVICE
22/tcp open  ssh
| ssh2-enum-algos:
|   kex_algorithms (5)
|       ecdh-sha2-nistp521
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp256
|       diffie-hellman-group14-sha1
|       diffie-hellman-group1-sha1
|   server_host_key_algorithms (1)
|       ssh-rsa
|   encryption_algorithms (3)
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|   mac_algorithms (3)
|       hmac-sha2-512
|       hmac-sha2-256
|       hmac-sha1
|   compression_algorithms (1)
|_      none

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

Sample3: This script repeatedly initiates SSLv3/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphersuites and compressors that a server accepts.

[networkbio@server ~]$ nmap --script ssl-enum-ciphers -p 443 192.168.1.1

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-10 15:09 +08
Nmap scan report for 192.168.1.1
Host is up (0.0017s latency).
PORT    STATE  SERVICE
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds




No comments:

Post a Comment