Solved

recommendations for external nmap pen test (from a Windows laptop)

Posted on 2016-07-20
5
165 Views
Last Modified: 2016-07-23
https://pentestlab.wordpress.com/2012/03/08/nmap-scripting-engine-basic-usage-2/

I'm required to do a pen test from public Internet of about 30 plus public IP of our company using nmap
before our auditor does it to close up gaps.    Referring to above url,

Q1:
what's the latest version that could run on Windows XP & Windows 7 ?

Q2:
where can I download the scripts or the scripts are bundled?

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Emmanuel Adebayo earned 300 total points
ID: 41720914
Q1:
what's the latest version that could run on Windows XP & Windows 7 ?
7.25

Q2:
where can I download the scripts or the scripts are bundled?
https://nmap.org/download.html (Linux, Windows etc)

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Check https://nmap.org/book/inst-windows.html#inst-win-exec

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Yes, I would suggest that you scan from the same ISP that your company is hosted as the routing will be less and faster. Also, the faster the system the better the performance.

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

There are options that you can use with the command, i.e
-T4,
the -T4 option is recommended if the connection between you and the target networks id reasonably fast and reliable.

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?

Yes.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41721026
Q1 Virtualbox, vmware player
Q3 just stash scripts one after another
Q4 100Mbps ethernet transfers 7000 packets per second each way, it takes 10 seconds to scan all ports, or 5 minutes to scan all ports on all hosts.
Q6 Why? Maybe exclude it from IDS/IPS
0
 

Author Comment

by:sunhux
ID: 41721464
Thanks.

Q3:
 Can I select to run a few types of scripts on one single command, say
 auth, default, discovery, malware & vuln ?  Do provide the exact syntax
  to run these in a single line?

> Check https://nmap.org/book/inst-windows.html#inst-win-exec
> Q3 just stash scripts one after another

Don't see a sample syntax in the nmap.org link above, so do I issue like what
Gheist suggests ie as below?
   nmap --script auth  default discovery malware vuln  target_IP
0
 

Author Comment

by:sunhux
ID: 41721470
Would it be even faster if the laptop is connected to a switch that the internet-facing
router is connected to & scan from there?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41724215
First - security assessment does not need bandwidth
Second - - run nmap --help, it tells you --script scr1:scr2:scr3
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
non-domain members are not prompted for credentials 18 60
Suggestions on remote printing. 3 38
Set linux box as ip router 3 35
Password reset 1 18
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question