Solved

recommendations for external nmap pen test (from a Windows laptop)

Posted on 2016-07-20
5
139 Views
Last Modified: 2016-07-23
https://pentestlab.wordpress.com/2012/03/08/nmap-scripting-engine-basic-usage-2/

I'm required to do a pen test from public Internet of about 30 plus public IP of our company using nmap
before our auditor does it to close up gaps.    Referring to above url,

Q1:
what's the latest version that could run on Windows XP & Windows 7 ?

Q2:
where can I download the scripts or the scripts are bundled?

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Emmanuel Adebayo earned 300 total points
ID: 41720914
Q1:
what's the latest version that could run on Windows XP & Windows 7 ?
7.25

Q2:
where can I download the scripts or the scripts are bundled?
https://nmap.org/download.html (Linux, Windows etc)

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Check https://nmap.org/book/inst-windows.html#inst-win-exec

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Yes, I would suggest that you scan from the same ISP that your company is hosted as the routing will be less and faster. Also, the faster the system the better the performance.

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

There are options that you can use with the command, i.e
-T4,
the -T4 option is recommended if the connection between you and the target networks id reasonably fast and reliable.

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?

Yes.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41721026
Q1 Virtualbox, vmware player
Q3 just stash scripts one after another
Q4 100Mbps ethernet transfers 7000 packets per second each way, it takes 10 seconds to scan all ports, or 5 minutes to scan all ports on all hosts.
Q6 Why? Maybe exclude it from IDS/IPS
0
 

Author Comment

by:sunhux
ID: 41721464
Thanks.

Q3:
 Can I select to run a few types of scripts on one single command, say
 auth, default, discovery, malware & vuln ?  Do provide the exact syntax
  to run these in a single line?

> Check https://nmap.org/book/inst-windows.html#inst-win-exec
> Q3 just stash scripts one after another

Don't see a sample syntax in the nmap.org link above, so do I issue like what
Gheist suggests ie as below?
   nmap --script auth  default discovery malware vuln  target_IP
0
 

Author Comment

by:sunhux
ID: 41721470
Would it be even faster if the laptop is connected to a switch that the internet-facing
router is connected to & scan from there?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41724215
First - security assessment does not need bandwidth
Second - - run nmap --help, it tells you --script scr1:scr2:scr3
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Permission issue? 10 61
Account Lockouts 25 145
IT Security & information risks with using Altova toolkits 11 87
opensource email gateway 9 58
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now