None of us wants to be held responsible for something like this happening, and one of the many ways we can help prevent this is by scanning for vulnerabilities and fixing them. Now, to do this, we can use the Nmap tool, which is used to scan networks, search for hosts and open ports that they have, and what services they use.
To Begin
So, let’s start by installing Nmap. I work on a Kali Linux host that uses the apt package manager, so I will use apt-get install Nmap to install Kali. This also works for a Linux system using an application package manager such as Ubuntu, Kali, or Debian.
But if you are working with a Red Hat distribution, you can use yum install Nmap, such as CentOS, Fedora, or Red Hat.
But if you don’t use Linux at all, for example, maybe you are running on a Windows host, in this case just go to (https://nmap.org/book/inst-windows.html) and use the Download Page, where you will see binary Windows files. This is the setup.exe file, and if you are working on a Mac, you can use the Mac binaries as (.dmg package).
So, now that we have Nmap installed, we are going to download the script using the Nmap scripting engine to scan for vulnerabilities to give Nmap some additional features.
These scripts are used to perform a variety of tasks, but we are going to use them to scan vulnerabilities. So I’m going to go to GitHub at the following address: https://github.com/vulnersCom/nmap-vulners, and I’m on Nmap – a spacious space.
Now click the clone or download button and copy the fill-in URL. But before inserting, switch directories and jump to the directory – because that’s where all the Nmap writings are located. And since I’m downloading a new one, I want to put it where everyone else is. That way, when I run my Nmap command, the Nmap service knows exactly where to find it.
- So let’s go ahead and switch to
- and then paste this URL directly into.
- Downloading takes only a couple of seconds.
Run script
Now we have our script, so let’s continue and clear the screen. Then it’s time to start a vulnerability scan using Nmap. The command looks like this:
- Nmap – – script
- which says Nmap: “Hey, I want to use a script.”
- And then we look in the directory of this script, in which we placed the just downloaded file.
Scenario name:
Nmap – that is, what we need to use is a lowercase letter V, and this is because we are going to scan which host for the version of the service as SV, and then insert what I’m going to scan. It can be a server or a workstation or an entire network. For example, in your home or office where you are allowed to perform this type of scan. It should look like this:
Now insert the host that you are scanning, which is 56. 105 for me, and at that moment we can start Nmap and it will scan.
Create a Text File
But he will output all this information to our terminal, which is a bit awkward to work around. And it’s much easier to get this output in the form of a text file that we can find, so we will do it. Let’s use the larger character (>) to output to my root desktop, and then give it a name, for example 105 – vulner txt:
root @ kali: / # cd / usr / share / nmap / scripts # nmap –script nmap-vulners -sV 192.168.56.105> /root/Desktop/105-vulners.txt
And at that moment, if we press the enter button, it will start scanning and output this information to a text file. It looks like this:
Nmap text file
Reading output
You will notice the target or host that I scanned: 56.105, and again it could be any of your servers or workstations, things that you want to scan for vulnerabilities. So, now you can see the port and then specify. Our port number on which the service is running and the status is open, which means that the port is open. And then we have a version. It is very important that we get this version (highlighted above), so we used this command – SV because we need a version of the service.
Since there are different versions of the same service, one version may have a vulnerability, but then they will fix it and release a new version. Therefore, we need to know exactly which version we are dealing with. Now look at port 22, which is SSH and runs on OpenSSH version 4.7 p1, and here you can see where it discovered possible vulnerabilities in this version.