Nmap Flashcards

1
Q

What does Nmap stand for?

A

network mapper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Nmap

A

network mapper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Nmap used for?

A

Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what’s connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a port?

A

A port is a virtual point where network connections start and end.Each port is associated with a specific process or service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What networking constructs are used to direct traffic to the right application on a server?

A

Ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How many Ports are available on any network-enabled computer?

A

65535

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How many Ports are considered “well-known”?

A

1024

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

On which Port can a HTTP Webservice nearly always be found?

A

80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

On which Port can a HTTPS Webservice nearly always be found?

A

443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

On which Port can a Windows NETBIOS nearly always be found?

A

139

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

On which Port can a SMB (Server Message Block) nearly always be found?

A

445

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is nmap -h

A

help menu

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which switch would you use for a “UDP scan”?

A

-sU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which switch would you use for a “Syn Scan”?

A

-sS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If you wanted to detect which operating system the target is running on, which switch would you use?

A

-O

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Nmap provides a switch to detect the version of the services running on the target. What is this switch?

17
Q

The default output provided by Nmap often does not provide enough information for a pentester. How would you increase the verbosity?

18
Q

Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?
(Note: it’s highly advisable to always use at least this option)

19
Q

Why should we always save the output of our scans?

A

reducing network traffic and thus chance of detection, and gives us a reference to use when writing reports for clients. Also this means that we only need to run the scan once

20
Q

What switch would you use to save the nmap results in three major formats?

21
Q

What switch would you use to save the nmap results in a “normal” format?

22
Q

A very useful output format: how would you save results in a “grepable” format?

23
Q

Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

How would you set the timing template to level 5?

24
Q

Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

How would you set the timing template to level 5?

25
We can also choose which port(s) to scan. | How would you tell nmap to only scan port 80?
-p 80
26
How would you tell nmap to scan ports 1000-1500?
-p 1000-1500
27
A very useful option that should not be ignored: How would you tell nmap to scan all ports?
-p-
28
How would you activate a script from the nmap scripting library?
--script
29
How would you activate all of the scripts in the "vuln" category?
--script=vuln
30
When port scanning with Nmap, there are three basic scan types. These are:
TCP Connect Scans (-sT) SYN "Half-open" Scans (-sS) UDP Scans (-sU)
31
Additionally there are several less common port scan types These are:
TCP Null Scans (-sN) TCP FIN Scans (-sF) TCP Xmas Scans (-sX)