Week 3: Scanning & Enumeration

Path: Ethical Hacking | Module: 3 of 8

Knocking on Doors

Once you know where the target is (IP address), you need to find out what services are running. This is Scanning.

1. Nmap (Network Mapper)

The industry standard tool. You must master it.

  • nmap -sS target: SYN Scan (Stealthy).
  • nmap -sV target: Version Detection (Is it Apache 2.4 or 2.2?).
  • nmap -p- target: Scan all 65,535 ports (not just the top 1000).

2. Enumeration

Extracting detailed info from the services you found.

  • SMB (Port 445): Can you list shares? Are there file permissions misconfigured? (Tool: enum4linux).
  • SNMP (Port 161): Simple Network Management Protocol often leaks system info.

🔬 Lab Exercise: Scanning Metasploitable

Objective: Map a vulnerable network.

  1. Download Metasploitable 2 (a predominantly vulnerable VM).
  2. Set it to "Host Only" networking in VirtualBox so it is not exposed to the internet.
  3. Run Kali Linux in another VM.
  4. Scan the Metasploitable IP: nmap -A -p- [IP].
  5. Look at the results. How many open ports do you see?
← Previous Week Next: Vulnerability Assessment →