1
00:00:00,800 --> 00:00:03,180
Welcome back, security enthusiasts.

2
00:00:03,200 --> 00:00:09,020
In this lecture, we will explore the power of target specification options provided by Nmap.

3
00:00:09,170 --> 00:00:16,040
Understanding different target formats and scanning techniques will enable you to effectively scan IP

4
00:00:16,040 --> 00:00:18,020
addresses and host ranges.

5
00:00:18,020 --> 00:00:21,290
So let's dive into the world of Nmap target specification.

6
00:00:21,290 --> 00:00:24,980
First thing we're going to learn is multiple host specification.

7
00:00:24,980 --> 00:00:33,110
The simplest way to specify a target is by directly listing the IP addresses or hosts you want to scan.

8
00:00:33,110 --> 00:00:37,520
You can specify multiple hosts by separating them with spaces.

9
00:00:37,520 --> 00:00:43,550
For example nmap nmap let's code silly.com.

10
00:00:43,550 --> 00:00:46,610
And after that you can also enter the local IP address.

11
00:00:49,880 --> 00:00:52,910
Let me actually look at my local IP address.

12
00:00:52,940 --> 00:00:55,580
Ipconfig here ipconfig.

13
00:00:57,890 --> 00:00:58,340
And here.

14
00:00:58,340 --> 00:01:00,350
13.138.

15
00:01:00,380 --> 00:01:02,150
13.138.

16
00:01:02,150 --> 00:01:04,070
And so on.

17
00:01:04,190 --> 00:01:14,030
So here this command will scan the IP addresses of coastal domain here and this local IP address here

18
00:01:14,030 --> 00:01:15,650
and here.

19
00:01:15,770 --> 00:01:19,580
We can also have octet range addressing and wildcards.

20
00:01:19,580 --> 00:01:25,640
So to simplify the specifying a range of hosts, you can use octet range.

21
00:01:25,640 --> 00:01:33,470
Addressing it allows you to specify a range of IP addresses by using a hyphen between the starting and

22
00:01:33,470 --> 00:01:34,940
ending addresses.

23
00:01:35,840 --> 00:01:41,420
For instance, to scan host of, for example, this here.

24
00:01:41,420 --> 00:01:46,430
Let's actually delete the domain for now we will use on the localhost of this here.

25
00:01:46,430 --> 00:01:52,490
So to scan the host of this here, 192.168.

26
00:01:52,790 --> 00:01:57,950
13.1 and 192.168..

27
00:01:59,630 --> 00:02:02,690
13.3 here.

28
00:02:02,690 --> 00:02:04,960
And as you can see, we will scan this, right?

29
00:02:04,970 --> 00:02:11,180
So you instead of this, you can use, for example, this IP address here.

30
00:02:11,180 --> 00:02:13,850
So the only this IP address.

31
00:02:13,850 --> 00:02:18,800
And after that, you will enter the 168.1 13.1 here.

32
00:02:18,800 --> 00:02:20,510
And after that ternary operator here.

33
00:02:20,510 --> 00:02:24,860
So minus operator And here you will enter the IP address you want to range from.

34
00:02:24,860 --> 00:02:32,540
So if you want to scan the IP addresses from 1 to 20, you can use this like this here and now.

35
00:02:32,540 --> 00:02:36,740
In this case, octave range intuition also support wild cards.

36
00:02:36,740 --> 00:02:44,630
Keep in mind enabling you to scan from from 0 to 255 with the expression like this here.

37
00:02:46,460 --> 00:02:54,320
And here this is especially useful when you want to scan a subnet with a large number of hosts and you

38
00:02:54,320 --> 00:02:56,960
can also exclude host from the scan here.

39
00:02:56,960 --> 00:02:58,190
Let's actually clear that.

40
00:02:58,190 --> 00:03:06,290
So sometimes you might need to exclude specific hosts from your scan and Nmap provides the exclude option

41
00:03:06,290 --> 00:03:07,400
for this purpose.

42
00:03:07,430 --> 00:03:12,280
It allows you to exclude one or more hosts from the range being scanned.

43
00:03:12,290 --> 00:03:14,030
So here's an example here.

44
00:03:14,510 --> 00:03:16,280
Nmap 192.

45
00:03:17,760 --> 00:03:20,720
.168.1..

46
00:03:21,720 --> 00:03:34,110
1 to 255 here and we will use the exclude here with two minus operator exclude and 192.168.1. for example,

47
00:03:34,140 --> 00:03:40,680
or actually the IP addresses is 13 and not one and 13.

48
00:03:43,640 --> 00:03:43,940
Here.

49
00:03:44,180 --> 00:03:46,040
13 point example.

50
00:03:46,050 --> 00:03:47,770
Let's exclude 13.3.

51
00:03:47,780 --> 00:03:48,350
Right.

52
00:03:49,590 --> 00:03:58,500
And here with this comment, we are excluding the excluding the 13.3 from the range of this host being

53
00:03:58,500 --> 00:03:59,190
scanned.

54
00:03:59,220 --> 00:04:07,980
Alternatively, alternatively, you can create an exclusion list in a file using the exclude exclude

55
00:04:08,490 --> 00:04:15,060
file option to simply list the IP addresses or host you want to exclude in the file, each separated

56
00:04:15,060 --> 00:04:16,060
by a new line.

57
00:04:16,080 --> 00:04:21,690
For example, let's actually create a new file in graphical user interface here.

58
00:04:22,290 --> 00:04:29,250
Create document and my exclude list dot txt here.

59
00:04:29,250 --> 00:04:31,230
And after that you will open that.

60
00:04:31,230 --> 00:04:31,980
So.

61
00:04:33,130 --> 00:04:34,260
Of course we need to use it.

62
00:04:34,270 --> 00:04:36,010
Some notepad here.

63
00:04:44,920 --> 00:04:46,840
Or mousepad, I think.

64
00:04:48,340 --> 00:04:49,120
Here mousepad.

65
00:04:49,470 --> 00:04:51,760
This is a text programming and Linux.

66
00:04:53,310 --> 00:04:53,880
Here.

67
00:04:54,150 --> 00:04:55,530
So now.

68
00:04:57,010 --> 00:05:01,600
But we are going to do is we will write the IP address if we want to exclude here.

69
00:05:23,720 --> 00:05:24,770
And here.

70
00:05:24,770 --> 00:05:26,660
So we will save this.

71
00:05:26,660 --> 00:05:30,200
And after that, what we are going to do is nmap.

72
00:05:31,300 --> 00:05:32,260
Exclude.

73
00:05:33,720 --> 00:05:35,670
File here.

74
00:05:35,850 --> 00:05:38,220
And after that you will enter the file path.

75
00:05:38,430 --> 00:05:41,870
You can also enter the file path using this home here.

76
00:05:41,880 --> 00:05:42,770
Kali.

77
00:05:44,190 --> 00:05:44,970
And.

78
00:05:47,240 --> 00:05:48,470
Exclude List of text.

79
00:05:50,870 --> 00:05:57,410
And after that you will enter the your IP address range you want to scan, in this case from 1 to 255.

80
00:06:01,860 --> 00:06:02,640
I'm sorry.

81
00:06:06,890 --> 00:06:09,080
Would file unrecognized option.

82
00:06:09,110 --> 00:06:10,700
Exclude file here.

83
00:06:15,080 --> 00:06:18,860
Let's actually try it out this year.

84
00:06:20,110 --> 00:06:22,690
And exclude file again error here.

85
00:06:23,950 --> 00:06:29,620
So if you are getting this error, you're probably using the newer versions of this Nmap here.

86
00:06:29,890 --> 00:06:33,820
So in order to fix that, we will use some grep and here.

87
00:06:33,820 --> 00:06:39,550
So however you can achieve a similar result by using a combination of other tools and commands.

88
00:06:39,820 --> 00:06:45,760
And as I said, one approach is to use grep command to filter out the IP addresses or hosts you want

89
00:06:45,760 --> 00:06:49,150
to exclude and then pass the filtered list to Nmap.

90
00:06:49,180 --> 00:06:50,690
So let's actually clear here.

91
00:06:50,710 --> 00:06:52,120
So we will firstly.

92
00:06:53,880 --> 00:06:54,960
As you remember, we will create.

93
00:06:55,080 --> 00:06:58,980
We have created the file exclude list dot txt.

94
00:06:59,220 --> 00:07:00,810
So let's actually read it.

95
00:07:00,840 --> 00:07:01,650
Cat.

96
00:07:02,530 --> 00:07:04,000
Exclude list dot txt.

97
00:07:04,030 --> 00:07:05,620
And here, this is ours.

98
00:07:05,830 --> 00:07:10,720
This is our excluded, this IP address that we want to exclude from our scan.

99
00:07:10,720 --> 00:07:17,500
And we will using the grep command to exclude the IP addresses or hosts from the list you want to scan.

100
00:07:17,500 --> 00:07:22,390
So you can use the v here, let me actually do it again.

101
00:07:22,390 --> 00:07:27,940
Nmap v option to invert the match and select non-matching lines.

102
00:07:27,940 --> 00:07:32,470
So here nmap f here and here we will exclude.

103
00:07:32,470 --> 00:07:33,370
Exclude.

104
00:07:34,360 --> 00:07:37,160
Exclude list dot txt.

105
00:07:37,180 --> 00:07:46,660
And here we have all hosts dot txt and after that we will enter the filtered filtered dot txt here and

106
00:07:46,750 --> 00:07:47,980
we will use sorry.

107
00:07:48,580 --> 00:07:50,800
Here we will use a pseudo again.

108
00:07:52,180 --> 00:07:56,020
If you are getting this kind of errors, probably the sudo will fix it.

109
00:07:56,050 --> 00:08:01,130
No targets were specified and here failed to resolve exclude list like txt and all.

110
00:08:01,150 --> 00:08:02,230
Host dot txt.

111
00:08:02,410 --> 00:08:02,830
Here.

112
00:08:05,380 --> 00:08:09,190
And here we need to create the URL hosts.txt.

113
00:08:09,220 --> 00:08:09,790
In this case.

114
00:08:09,790 --> 00:08:12,340
And in order to do that, we will use the segue here.

115
00:08:12,490 --> 00:08:15,400
F1192 here with the code here.

116
00:08:15,400 --> 00:08:20,470
192.168.8..

117
00:08:21,840 --> 00:08:26,190
13 point g here and we will encode it.

118
00:08:26,280 --> 00:08:37,950
So one from 1 to 255 here, we will use this pipe key here and here we will print print it one by one

119
00:08:37,950 --> 00:08:38,670
print.

120
00:08:40,190 --> 00:08:41,150
Zero here.

121
00:08:42,080 --> 00:08:48,140
And after that we will encode it and we will write it to all posts.

122
00:08:48,140 --> 00:08:51,080
Dot txt here and now.

123
00:08:51,080 --> 00:08:54,980
Let's cut the text to see what's inside.

124
00:08:54,980 --> 00:09:00,920
And as you can see here, this is all the hosts from 1 to 255.

125
00:09:00,950 --> 00:09:06,230
So what we're going to do is we will run this command again, Nmap command and as you can see, we got

126
00:09:06,230 --> 00:09:07,370
the error again.

127
00:09:07,370 --> 00:09:09,920
Our host text warning no targets were specified.

128
00:09:09,920 --> 00:09:18,080
And here so here we have the two files all host txt and exclude list and we have the filter dot txt

129
00:09:18,110 --> 00:09:19,400
here and here.

130
00:09:19,400 --> 00:09:20,570
This is our output.

131
00:09:21,110 --> 00:09:26,360
So here we also have the exclude list at TXT and all hosts.txt.

132
00:09:29,970 --> 00:09:30,810
And here.

133
00:09:30,810 --> 00:09:32,250
Sorry for the confusion here.

134
00:09:32,250 --> 00:09:35,060
Instead of using nmap, we need to use the grep here.

135
00:09:35,070 --> 00:09:39,480
So what we're going to do is we will change the nmap to grep here.

136
00:09:40,540 --> 00:09:40,990
Rep.

137
00:09:42,570 --> 00:09:43,320
And here.

138
00:09:43,320 --> 00:09:44,130
That's it.

139
00:09:44,130 --> 00:09:49,440
And now let's open the filter that takes actually, we can use the we can open the filter text with

140
00:09:49,440 --> 00:09:50,130
cat here.

141
00:09:50,130 --> 00:09:57,330
And as you can see here, we have excluded the IP address from our list and 20 2120.

142
00:09:58,540 --> 00:10:02,410
22 and 23 doesn't exist because it already existed in filters.

143
00:10:02,410 --> 00:10:07,210
So this is this is a filtered list that all the ports that we want to scan.

144
00:10:07,210 --> 00:10:12,430
So we will we have subtracted exclude list from all hosts here.

145
00:10:12,430 --> 00:10:14,860
So let's actually watch the exclude list here.

146
00:10:14,860 --> 00:10:18,730
And as you can see, we don't have the 23 here, 22 here.

147
00:10:18,730 --> 00:10:23,710
And we will also don't have the 112 here.

148
00:10:24,190 --> 00:10:28,540
And as you can see here, we don't also have the 112 here and so on.

149
00:10:28,540 --> 00:10:34,120
So what we're going to do is here and now we will use the Nmap to scan all of this Nmap.

150
00:10:35,160 --> 00:10:42,180
The lowercase e here and uppercase L here, and we will pass the filtered list to Nmap for scanning

151
00:10:42,180 --> 00:10:49,290
and we will enter the filter dot txt and here Nmap is scans that and keep in mind that this method assumes

152
00:10:49,290 --> 00:10:56,100
you have a list of all the IP addresses or hosts you want to scan initially and a separate list of IP

153
00:10:56,100 --> 00:10:58,320
addresses or hosts you want to exclude.

154
00:10:58,350 --> 00:11:03,150
Adjust the comments accordingly to your to suit your specific requirements.

155
00:11:03,150 --> 00:11:09,870
And please keep in mind that the availability of certain features or options in software tools may be

156
00:11:09,870 --> 00:11:13,290
changed since the 2023.

157
00:11:13,290 --> 00:11:19,110
So this is the last version and updated version of this course and it's always a good idea to.

158
00:11:19,350 --> 00:11:27,150
You can also watch the documentation and the visual sources to make this nmap to more usable and keep

159
00:11:27,900 --> 00:11:36,760
keep keep an eye on the updates and we can also use this seed notation for targets.

160
00:11:36,760 --> 00:11:46,060
So Cidr notation and as actually this Cidr here also pronounced as the Cidr.

161
00:11:46,270 --> 00:11:53,890
So this notation provides a compact method for specifying IP addresses and their routing suffixes.

162
00:11:53,920 --> 00:11:59,860
It also allows for more granular subnet masks compared to classful addressing.

163
00:12:01,150 --> 00:12:07,900
And Cidr notation consists of an IP address followed by a forward slash and a network prefix length.

164
00:12:08,770 --> 00:12:15,430
The network prefix length represents the number of network bits and for example, in Cidr notation.

165
00:12:15,670 --> 00:12:20,710
Actually, let me open the grommet here to write marker here.

166
00:12:20,770 --> 00:12:25,930
So here the Cidr notation.

167
00:12:26,080 --> 00:12:35,650
24 After the IP address, this is the this means the subnet mask of 255 255.

168
00:12:38,020 --> 00:12:39,520
255.

169
00:12:40,620 --> 00:12:49,560
Point zero, indicating that the first 24 bits of the IP address are the network portion and the remaining

170
00:12:49,590 --> 00:12:53,240
eight bits are for are for host addresses.

171
00:12:53,250 --> 00:13:05,400
So to scan the 2256 hosts in this range from, for example, 0 to 255, you can use the Cidr notation

172
00:13:05,850 --> 00:13:08,210
after the IP address 24 here.

173
00:13:08,220 --> 00:13:08,760
Right?

174
00:13:08,760 --> 00:13:10,440
So in order to do that, we will.

175
00:13:11,250 --> 00:13:16,800
So some example here so Nmap 192192.168.

176
00:13:17,220 --> 00:13:18,990
13.0.

177
00:13:18,990 --> 00:13:23,400
And we will use the Cidr notation of 24 and 24.

178
00:13:23,400 --> 00:13:31,050
And as you can see here, we will simplify scanning an entire subnet so we can also work with a target

179
00:13:31,080 --> 00:13:33,090
list in Nmap here.

180
00:13:34,070 --> 00:13:39,290
Uh, for example, uh, let's actually use create a new target list here.

181
00:13:39,440 --> 00:13:49,310
So open the create document here and target my target here, dot txt here and here.

182
00:13:49,310 --> 00:13:52,820
We will open with it with a mousepad here.

183
00:13:52,820 --> 00:13:55,730
And now we will enter some IP addresses in this case.

184
00:13:55,730 --> 00:13:58,220
192192.1681.

185
00:13:58,220 --> 00:14:04,040
13.1382 .168.1 13.2.

186
00:14:04,040 --> 00:14:04,610
And so on.

187
00:14:04,610 --> 00:14:07,730
So in this case we will have two addresses for the scan.

188
00:14:07,730 --> 00:14:11,990
And in order to do that, let's actually use the cut targets here.

189
00:14:12,020 --> 00:14:19,040
My targets dot txt and as you can see, we have two targets and in order to scan the all of the IP IP

190
00:14:19,070 --> 00:14:25,820
addresses in this list, we can use the to and also to load the targets from the to load the targets

191
00:14:25,820 --> 00:14:28,010
from the my targets txt file.

192
00:14:28,010 --> 00:14:33,980
You can use the nmap nmap as we did in previous lecture previous example.

193
00:14:33,980 --> 00:14:39,230
Uh, lowercase e uppercase l here and my target dot txt here.

194
00:14:39,230 --> 00:14:45,710
And this feature greatly simplifies scanning multiple hosts and in the target value you can also mix

195
00:14:45,710 --> 00:14:51,710
different target formats for for instance, you can also add here, let's actually open the file here.

196
00:14:51,710 --> 00:14:54,200
So 192.168.

197
00:14:54,680 --> 00:14:58,850
13.22 50 right.

198
00:14:58,850 --> 00:15:06,530
So with this you can also mix different IP addresses and IP ranges in the same file.

199
00:15:06,560 --> 00:15:15,740
Remember here you can add comments to your target list by starting a new line here with this character

200
00:15:15,740 --> 00:15:16,220
here.

201
00:15:16,220 --> 00:15:27,530
This is really dangerous, dangerous IP here, and this allows you to annotate and organize your target

202
00:15:27,530 --> 00:15:29,510
files for better clarity.

203
00:15:29,660 --> 00:15:34,440
And fantastic, you learned the various target specification techniques in Nmap.

204
00:15:34,440 --> 00:15:41,640
And with our new whether you need to scan specific hosts, define IP ranges, utilize Cidr notation

205
00:15:41,640 --> 00:15:43,080
or work with the target list.

206
00:15:43,080 --> 00:15:49,950
Nmap offers a versatile set of options to meet your scanning requirements, and I'm waiting you in next

207
00:15:49,950 --> 00:15:51,570
lecture and here.