Chapter 7Nmap's Prodigious NSE

Even novice sysadmins have probably heard of and run port scans against local and remote hosts. They may also have heard of one famous port scanner on the market, created by the Nmap Project, called Nmap. Nmap stands for “Network Mapper,” and along with being superfast, sophisticated, and efficient, it's brimming with features.

Among its many features, you can test for which operating system a remote server is running, audit the security of both local and remote machines, and create an inventory of the machines and their active services on a network.

You may have used Nmap for port scanning in the past, but there's a good chance that you didn't realize what a powerful penetration-testing tool it is. This is partly thanks to its sophisticated built-in scripting engine. Before you look at that, however, you will first review Nmap's basic port scanning functionality. Then you will learn how Nmap can be used for more advanced white hat activities.

Basic Port Scanning

Even the basic (port scanning) features bundled with Nmap include advanced options such as spoofing your source IP address (using the -S option). A magnificent selection of features is available. But first, let's start with installing the package.

To install Nmap on Red Hat derivatives, you can use this command:

# yum install nmap

On Debian and its derivative distributions, you can use this command:

# apt-get install nmap

If you want to use RPM Package Managers on Red Hat's derivatives ...

Get Linux Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.