Sunday, January 27, 2013

Working Of Zenmap ( Network Scanning Tool )

Zenmap is the official graphical user interface (GUI) for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scans can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

CHOSEN SETUP
As Zenmap runs on a windows/Linux so i chose the following setup :
 Windows  OS – Windows 7 installed on a system
 Version- Zenmap 6 (http://nmap.org/dist/nmap-6.00-setup.exe)
 Scanning
Begin Zenmap by typing zenmap in a terminal or by clicking the Zenmap icon in the desktop environment.
Firstly, select the Target. Target could be any domain name or the IP Address, so right now my target is  10.0.0.2.


Profile
Profile combo box. Profiles exist for several common scans. After selecting a profile the Nmap command line associated with it is displayed on the screen. Of course, it is possible to edit these profiles or create new ones.
It is also possible to type in an Nmap command and have it executed without using a profile. Just type in the command and press return or click “Scan”.
 In Zenmap there are 10 Types of Profile :

a.  INTENSE SCAN
Command = nmap -T4 -A 10.0.0.2
Description  = An intense, comprehensive scan. The -A option enables OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute (–traceroute). Without root privileges only version detection and script scanning are run. This is considered an intrusive scan.


SCAN RESULT TABS
Each scan window contains five tabs which each display different aspects of the scan results. They are:
a) Nmap Output
b) Ports / Hosts
c) Topology
d) Host Details
Each of these are discussed in this section:

NMAP OUTPUT
The “Nmap Output” tab is displayed by default when a scan is run. It shows the familiar Nmap terminal output.

PORT/HOSTS
When a service is selected, the “Ports / Hosts” tab shows all the hosts which have that port open or filtered. This is a good way to quickly answer the question “What computers are running HTTP?”
 

TOPOLOGY

The “Topology” tab is an interactive view of the connections between hosts in a network.
 

  
HOST DETAILS
The “Host Details” tab breaks all the information about a single host into a hierarchical display. Shown are the host’s names and addresses, its state (up or down), and the number and status of scanned ports. The host’s uptime, operating system, OS icon. When no exact OS match is found, the closest matches are displayed.