1
00:00:00,450 --> 00:00:01,650
Hello, my name is Stephen.

2
00:00:01,650 --> 00:00:05,190
Welcome to another awesome lecture of Nmap.

3
00:00:05,370 --> 00:00:08,400
Nmap is a versatile network scanning tool.

4
00:00:08,400 --> 00:00:15,930
It's widely recognized for its exceptional capability to not only detect the open ports, but also identify

5
00:00:15,930 --> 00:00:20,900
the operating systems and services running on remote hosts.

6
00:00:20,910 --> 00:00:28,980
So this recipe explores the process of fingerprinting, operating systems and services using Nmap,

7
00:00:29,280 --> 00:00:36,360
providing valuable insights for security assessments, vulnerability detection and network monitoring.

8
00:00:41,630 --> 00:00:49,430
Terrorist detection is a crucial feature of Nmap that unveils detailed information about the specific

9
00:00:49,430 --> 00:00:54,830
software versions running on a target host to enable service detection include.

10
00:00:54,830 --> 00:00:59,720
You can include the SV option in your port scan command, for example.

11
00:00:59,720 --> 00:01:05,690
Nmap, nmap sv and here you can enter the target host here.

12
00:01:05,690 --> 00:01:09,050
In this case, let's actually scan the code sally.com.

13
00:01:09,050 --> 00:01:17,300
And here by employing this SV option, Nmap initiates service detection and augments the scan results

14
00:01:17,300 --> 00:01:24,980
with additional column named version displaying the precise software version associated with each detected

15
00:01:24,980 --> 00:01:25,880
service.

16
00:01:25,880 --> 00:01:32,300
And here now we are waiting for let's actually and as you can see you can by using the arrow here arrow

17
00:01:32,300 --> 00:01:32,600
keys.

18
00:01:32,600 --> 00:01:35,390
You can see the process here.

19
00:01:53,760 --> 00:01:59,790
And here let's actually learn my open my windows machine on my.

20
00:02:02,170 --> 00:02:05,020
So I opened my windows machine on my.

21
00:02:05,790 --> 00:02:07,200
Uh, virtual machine here.

22
00:02:07,230 --> 00:02:09,000
Now, what we're going to do is.

23
00:02:13,120 --> 00:02:17,120
Scan all the hosts to find that open here.

24
00:02:17,550 --> 00:02:20,110
Parsley and here.

25
00:02:22,060 --> 00:02:22,780
Say that.

26
00:02:23,900 --> 00:02:25,610
And our scan is almost complete.

27
00:02:25,610 --> 00:02:27,980
It's 81% here.

28
00:02:39,150 --> 00:02:45,330
And here are operating system detection is ended here on console.com.

29
00:02:45,330 --> 00:02:51,570
And here as you can see here we are seeing the domain here with ports and so on.

30
00:02:51,600 --> 00:02:54,870
We have next service fingerprint.

31
00:02:54,870 --> 00:03:02,460
So when performing a port scan with a service detection enabled in Mac Nmap furnishes us an extensive

32
00:03:02,460 --> 00:03:05,340
report on the identified services.

33
00:03:06,570 --> 00:03:11,190
So the service version information is enclosed in parentheses here.

34
00:03:11,220 --> 00:03:14,550
Red Hat Enterprise Linux six.

35
00:03:14,700 --> 00:03:24,180
So let's consider an example where we can where we can well known scan and mapped at all costs here.

36
00:03:24,180 --> 00:03:26,220
And as you can see, let's actually read this.

37
00:03:26,220 --> 00:03:34,980
And here we are seeing some information here, fingerprint, open ports and their versions, their services,

38
00:03:34,980 --> 00:03:36,480
lightspeed, so on.

39
00:03:36,480 --> 00:03:38,880
So this gives us a good.

40
00:03:40,330 --> 00:03:51,670
Insight on what this posting is using in this case, for example, XML, Smtp smtpd 4.95.

41
00:03:51,700 --> 00:03:54,460
In this case we can search exploits for this.

42
00:03:54,490 --> 00:03:56,440
We can also search exploits for this.

43
00:03:56,470 --> 00:04:01,270
In this case it's a red hat, but in most cases it's actually pretty secure.

44
00:04:01,270 --> 00:04:05,940
But nothing in nothing is unhackable.

45
00:04:05,950 --> 00:04:06,850
So.

46
00:04:07,950 --> 00:04:11,610
And here we have XM Smtpd as well.

47
00:04:11,610 --> 00:04:14,220
So here let's actually use the Nmap.

48
00:04:14,220 --> 00:04:18,540
Scan me here, let's clear and now Nmap sv again.

49
00:04:19,020 --> 00:04:22,470
Actually if we use the sudo it will be much pretty good here.

50
00:04:22,470 --> 00:04:30,540
Nmap scan me.nmap.org here and nmap sv.

51
00:04:31,940 --> 00:04:34,940
To though we forgot to write Nmap here.

52
00:04:36,840 --> 00:04:38,160
Nmap is face scan.

53
00:04:38,460 --> 00:04:40,500
Org and.

54
00:04:41,370 --> 00:04:42,140
Here.

55
00:04:42,180 --> 00:04:42,840
I'm sorry.

56
00:04:43,740 --> 00:04:53,730
Here, we will see an output here, which the output showcases a comprehensive list of open ports along

57
00:04:53,730 --> 00:05:00,120
with their corresponding services and versions, aiding in identifying potential vulnerabilities and

58
00:05:00,120 --> 00:05:01,910
monitoring software updates.

59
00:05:01,920 --> 00:05:03,870
So here we are waiting for this.

60
00:05:05,090 --> 00:05:09,140
It's actually and here, I think 16% is done by now.

61
00:05:17,810 --> 00:05:19,040
Let's check it again.

62
00:05:20,910 --> 00:05:23,460
Let's say it's 18.13 here.

63
00:05:29,090 --> 00:05:35,930
So while scanning this actually use another here so we can also enable the operating system detection

64
00:05:35,930 --> 00:05:36,200
here.

65
00:05:36,200 --> 00:05:42,470
So in addition to service detection and Map offers powerful operating system detection capabilities

66
00:05:42,470 --> 00:05:50,150
to activate the operating system detection, you can include the uppercase or option in your scan command.

67
00:05:50,150 --> 00:05:57,110
And keep in mind that running Nmap with operating system detection requires privileged, privileged

68
00:05:57,110 --> 00:05:58,070
user access.

69
00:05:58,070 --> 00:06:06,950
In this case, we will use the sudo here again and sudo nmap here and operate uppercase o and here we

70
00:06:06,950 --> 00:06:13,250
will write code solely code Silicom and then here.

71
00:06:13,890 --> 00:06:14,520
That's it.

72
00:06:39,090 --> 00:06:42,210
And here are scanning is complete by now.

73
00:06:42,240 --> 00:06:48,120
You can see the server again, the services and here we are and provides a.

74
00:06:51,160 --> 00:06:58,840
Output here or scan results may be real or unreliable or unreliable because we could not find at least

75
00:06:58,840 --> 00:07:00,370
one open and one closed port.

76
00:07:00,370 --> 00:07:08,800
And here aggressive operating system guesses is action tag this here we probably servers and it's probably

77
00:07:09,040 --> 00:07:21,490
to windows in 1997 present Linux 94% 94% and VMware player virtual net device here so no exact operating

78
00:07:21,490 --> 00:07:22,810
system matches for host.

79
00:07:22,810 --> 00:07:25,810
So here we can also scan the our localhost.

80
00:07:25,810 --> 00:07:34,180
So I have Windows 10 machine on my network 1333 here and now we are going to scan this.

81
00:07:34,180 --> 00:07:43,930
So because of the, our Windows system, so our target system in our localhost, it will do much more

82
00:07:43,930 --> 00:07:44,320
fast.

83
00:07:44,320 --> 00:07:52,460
And here, as you can see here, it's guessing Microsoft Windows 2019, which is Microsoft Windows 10.

84
00:07:52,580 --> 00:07:59,420
And here aggressive guesses is say they are the pretty same here, but that's it.

85
00:07:59,420 --> 00:08:03,290
So this is how operating system guessing works.

86
00:08:03,290 --> 00:08:09,140
So the actually let's actually I want to also tell you something.

87
00:08:09,140 --> 00:08:11,270
Let's actually run it again.

88
00:08:11,270 --> 00:08:18,770
So this upon enabling the operating operating system detection Nmap appends operating system related

89
00:08:18,770 --> 00:08:26,060
information at the bottom of the port list in the scan results, as you can see here and here, Nmap

90
00:08:26,060 --> 00:08:34,010
service detection is facilitated by the SRV option operates by dispatching a series of predefined probes

91
00:08:34,010 --> 00:08:38,570
for the Nmap service probes file to the open ports detected during the scan.

92
00:08:38,570 --> 00:08:45,140
So this probes are selected based on their likelihood of identifying a specific service, taking into

93
00:08:45,140 --> 00:08:48,440
account the port number and rarity score.

94
00:08:48,440 --> 00:08:54,650
So service detection plays a crucial critical role in various scenarios such as vulnerability assessment,

95
00:08:54,650 --> 00:08:58,760
service verification and patch update assessment.

96
00:08:58,760 --> 00:09:07,910
So similarly, the operate minus O option here empowers Nmap operating system detection features, so

97
00:09:07,910 --> 00:09:16,520
it achieves this by sending probes to the TCP, UDP and ICMP protocols against both open and closed

98
00:09:16,520 --> 00:09:17,060
ports.

99
00:09:17,060 --> 00:09:25,100
So Nmap is a vibrant user community has contributed an extensive collection of fingerprints encompassing

100
00:09:25,100 --> 00:09:31,490
diverse systems including residential routers, operating systems, IP webcams and various hardware

101
00:09:31,490 --> 00:09:32,120
devices.

102
00:09:32,120 --> 00:09:39,950
And it's important to note that operating system detection and necessities, raw packet manipulation

103
00:09:39,950 --> 00:09:47,090
requiring Nmap to be executed in privileged mode so Nmap adopts the common platform.

104
00:09:47,240 --> 00:09:51,980
Common platform enumeration CP naming scheme.

105
00:09:51,980 --> 00:09:58,340
So while the embraced in the information security industry to accurately identify services and operating

106
00:09:58,340 --> 00:09:59,090
systems.

107
00:09:59,090 --> 00:10:06,800
So this standardized convention facilitates precise identification of a packages, platforms and systems,

108
00:10:06,800 --> 00:10:10,370
streamlining vulnerability assessment and risk analysis.