Nmap is the most powerful tool for network discovery and security auditing and is used by millions of IT professionals, from system administrators to cybersecurity specialists. Nmap: Network Exploration and Security Auditing Cookbook, Third Edition, will introduce Nmap and the rest of its family, Ncat, Ncrack, Ndiff, Zenmap, and the Nmap Scripting Engine, and guide you through numerous tasks that are relevant to security engineers in today's technology ecosystems. The book discusses some of the most common and useful tasks for scanning hosts, networks, applications, mainframes, Unix and Windows environments, and ICS/SCADA systems.

Advanced Nmap users can benefit from this book by learning about hidden functionality within Nmap and its scripts, advanced workflows, and configurations to fine-tune their scans. Seasoned users will find new applications and third-party tools that can help them manage scans and even take a leap to the next step and start developing their own Nmap Scripting Engine scripts.

Practical examples in a cookbook format make this book perfect for quickly recapping Nmap options, scripts, and arguments, and for learning new things you didn't even know were possible with Nmap. By the end of this book, you will be able to successfully scan numerous hosts, exploit vulnerable areas, and gather valuable information.

The book is for IT personnel, security engineers, system administrators, application security enthusiasts, and anyone who wants to master Nmap and its scripting engine. This book is recommended to anyone looking to learn about network security auditing, especially common network protocols and applications in modern systems. Advanced and seasoned Nmap users can also learn about new features, workflows, and tools.

The book requires knowledge of basic concepts of networking, Linux, and security.

Chapter 1, Nmap Fundamentals, introduces basic Nmap usage and the Nmap Scripting Engine.

Chapter 2, Getting Familiar with Nmap's Family, introduces all the tools in the Nmap project.

Chapter 3, Network Scanning, explores the different scanning techniques supported by Nmap to discover hosts on networks.

Chapter 4, Reconnaissance Tasks, shows different tasks for information gathering that you can do with Nmap.

Chapter 5, Scanning Web Servers, covers web application security checks you can do with Nmap.

Chapter 6, Scanning Databases, illustrates how to perform security checks against the most popular database engines.

Chapter 7, Scanning Mail Servers, teaches you how to perform security checks against mail servers using Nmap.

Chapter 8, Scanning Windows Systems, covers scanning tricks and Nmap Scripting Engine scripts to work with Windows systems.

Chapter 9, Scanning ICS/SCADA Systems, introduces you to scanning ICS/SCADA critical systems.

Chapter 10, Scanning Mainframes, shows how Nmap can interact with mainframes.

Chapter 11, Optimizing Scans, looks at Nmap options and tricks to optimize scans.

Chapter 12, Generating Scan Reports, covers the output options included in Nmap and will teach you how to generate reports in different formats.

Chapter 13, Developing for the Nmap Scripting Engine, introduces you to using the Nmap Scripting Engine API and libraries to develop your own scripts.

Chapter 14, Exploiting Vulnerabilities with the Nmap Scripting Engine, introduces you to exploiting and reporting vulnerabilities with Nmap.

Readers who are familiar with security concepts and attack techniques, including the different scanning techniques used by Nmap, will get the most out of this book. However, readers with any level of expertise can learn about basic and advanced Nmap usage.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book's GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781838649357_ColorImages.pdf.

There are several text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The --exclude and --exclude-file options will be ignored when -iL is used."

A block of code is set as follows:

local vuln = { 
 title = "<TITLE GOES HERE>",
 state = vulns.STATE.NOT_VULN, 
 references = {"<URL1>", "URL2"},
 description = [[<DESCRIPTION GOES HERE> ]],
 IDS = {CVE = "<CVE ID>", BID = "BID ID"},
 risk_factor = "High/Medium/Low" 
}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

local vuln = { 
 title = "<TITLE GOES HERE>",
 state = vulns.STATE.NOT_VULN, 
 references = {"<URL1>", "URL2"},
 description = [[<DESCRIPTION GOES HERE> ]],
 IDS = {CVE = "<CVE ID>", BID = "BID ID"},
 risk_factor = "High/Medium/Low" 
}

Any command-line input or output is written as follows:

# nmap -sV --script vuln --script-args vulns.showall <target>

Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "The -sV option adds an additional column named VERSION that displays the specific software version."

Tips or important notes

Appear like this.

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at customercare@packtpub.com and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Once you’ve read Nmap Network Exploration and Security Auditing Cookbook, Third Edition, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.