Scan-Discover Open Ports and Active Services with NMAP for Website Security

Nmap may be used to discover which services are active on a network, which devices are turned on, what operating system they are running, and much more. Many different types of users use Nmap, including network security professionals, system administrators, and network administrators.

You must first install Nmap on your computer before you can use it. To install Nmap on Ubuntu, type "sudo apt-get install nmap" into the terminal.

Nmap is an extremely powerful tool with a plethora of settings. To scan for an IP address or a hostname, use the "nmap [IP address or hostname]" command. This program will discover the open ports of the supplied host or IP address, as well as the service versions and operating system. For example, the command "nmap 192.168.1.1" will look for open ports, functioning services, and an operating system at IP address 192.168.1.1. This is your local network, and it displays open ports and running services on your modem.

What types of services and devices does NMAP show? What is its specific use?

It can, for example, reveal whether a web server is operating and which ports are open, whether a mail server is running, whether an FTP server is running, whether a VPN server is running, and whether a router or firewall is running. Nmap can also detect IP addresses, MAC addresses, operating systems, and even open port versions.

To scan for a specified port range, use the "-p" option. You can scan for service versions with the "-sV" option, use ready-made scripts with the "-sC" option, and detect operating systems with the "-O" option.

Basically the parameters are as follows;

-p: Can be used to scan a specific port range. For example, the command "nmap 192.168.1.1 -p 80,443" will only scan ports 80 and 443.
-sV: Can be used to scan for service versions. This option will try to detect the versions of the scanned services.
-sC: Can be used to use ready-made scripts. Nmap provides ready-made scripts for specific services or ports.
-O: Can be used to detect operating system. This option will try to detect the OS type of scanned devices.

There is also nmap-nse (Nmap Scripting Engine) in the Nmap toolkit. With this toolkit, you can use scripts that you can use in various scenarios in addition to nmap commands.

Technical parameters;

-sP: Scans by ping
-PS: Scans with TCP-Syn
-PA: Scans with TCP-ACK
-PE: Performs ICMP Echo Request scan
-PU: UDP ping scan
-PR: Scan with ARP ping
-traceroute: Performs the path analysis of the package
-R: discover hostname from ip address
-system-dns: uses operating system DNS servers

* For more parameter details you can use nmap -h command

You can also use the following methods to set goals;

You can scan all threads in this range, including 1 and 10, with the nmap 192.168.1.1-10 command.
With the nmap 192.168.1.0/24 command (start from 0), 256 ip in this ip environment is scanned.

What are Port Scanning Techniques?

TCP Connect Scan

This form of scan sends a SYN packet to the target system in order to connect to a port. If the port is open, the target system sends a SYN/ACK packet, and the scan tool that receives it connects to the port by sending an ACK message and indicates that it is open. If the target system closes the port, it will send a RST packet. This form of scan records all sessions that are open on the target machine.

SYN Scan

If the target system sends a SYN/ACK packet, this type of scan sends a SYN packet and reports that the port is open. When the target system sends a RST packet, it indicates that the port has been closed. This type of scan does not totally log you out.

UDP Scan

This type of scan determines whether the target system's UDP ports are open or closed. A UDP packet is sent to the target system by the scan tool. When the target system delivers an ICMP Port Unreachable message, it is assumed that the port has been closed. If the target machine transmits a UDP packet, the port is assumed to be open.

How should NMAP outputs be interpreted?

The results of Nmap scanning are analyzed in terms of website security, and the locations of danger are identified. Open ports and services, for example, suggest potential system vulnerabilities. The following are some significant outputs that should be interpreted for website security, as well as some information regarding potential attacks:

Open ports: Open ports display the services that are currently operating on the system. For web services, for example, ports 80 and 443 must be open. However, leaving ports open unnecessarily can invite system attacks. Legacy protocols, such as Telnet or FTP, are not secure and might give an easy access point for system attacks. As a result, you should block any superfluous open ports and take security precautions to prevent unauthorized access.

Service versions: The Nmap scan result also includes a list of service versions. Outdated or insecure service versions can open the door to system attacks. For example, an obsolete PHP version may leave the system open to SQL injection attacks. As a result, you should monitor and upgrade service versions on a regular basis.

The operating system is also discovered as a result of Nmap scanning. Outdated or insecure operating systems might open the door to system attacks. Because it is no longer supported, the Windows XP operating system, for example, may be more vulnerable. As a result, the operating system should be updated on a regular basis, and the usage of obsolete systems should be avoided.

Open services: The Nmap scan result also includes a list of open services. These services may provide an avenue for system attacks. Open services for web services, for example, may be vulnerable to system attacks such as SQL injection, cross-site scripting, or cross-site request forgery. As a result, the security of services should be regularly monitored, and fixes should be implemented as soon as vulnerabilities are discovered.

In general, the Nmap scan outputs can be used to identify areas that present chances for system attacks. As a result, when security flaws are discovered in systems, patches should be applied immediately and relevant precautions should be taken. For example, unneeded open ports should be closed, service versions should be updated, the operating system should be kept up to date, and the security of services should be verified on a regular basis. Furthermore, all applications running on the system should be kept up to date, backups should be made, and user authorizations should be checked on a regular basis. These safeguards will make the system more resistant to attackers.

Furthermore, you can use the following parameters to view printouts more easily by taking them in different formats;

-sS -oN myfile.txt : Saves the NMAP output as it is, with the filename you specified.
-sS -oX myfile.xml : Output as XML
-sS -oG myfile.txt : Exports editable nmap output
-sS -oA myfile : Outputs all formats built into NMAP

In conclusion

Using NMAP as a first step to safeguard your website, network, and software services would be a smart place to start. You should do tests to disable superfluous ports and services while making the important ones more secure.