• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

recommendations for external nmap pen test (from a Windows laptop)

https://pentestlab.wordpress.com/2012/03/08/nmap-scripting-engine-basic-usage-2/

I'm required to do a pen test from public Internet of about 30 plus public IP of our company using nmap
before our auditor does it to close up gaps.    Referring to above url,

Q1:
what's the latest version that could run on Windows XP & Windows 7 ?

Q2:
where can I download the scripts or the scripts are bundled?

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?
0
sunhux
Asked:
sunhux
  • 2
  • 2
3 Solutions
 
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
Q1:
what's the latest version that could run on Windows XP & Windows 7 ?
7.25

Q2:
where can I download the scripts or the scripts are bundled?
https://nmap.org/download.html (Linux, Windows etc)

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Check https://nmap.org/book/inst-windows.html#inst-win-exec

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Yes, I would suggest that you scan from the same ISP that your company is hosted as the routing will be less and faster. Also, the faster the system the better the performance.

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

There are options that you can use with the command, i.e
-T4,
the -T4 option is recommended if the connection between you and the target networks id reasonably fast and reliable.

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?

Yes.
0
 
gheistCommented:
Q1 Virtualbox, vmware player
Q3 just stash scripts one after another
Q4 100Mbps ethernet transfers 7000 packets per second each way, it takes 10 seconds to scan all ports, or 5 minutes to scan all ports on all hosts.
Q6 Why? Maybe exclude it from IDS/IPS
0
 
sunhuxAuthor Commented:
Thanks.

Q3:
 Can I select to run a few types of scripts on one single command, say
 auth, default, discovery, malware & vuln ?  Do provide the exact syntax
  to run these in a single line?

> Check https://nmap.org/book/inst-windows.html#inst-win-exec
> Q3 just stash scripts one after another

Don't see a sample syntax in the nmap.org link above, so do I issue like what
Gheist suggests ie as below?
   nmap --script auth  default discovery malware vuln  target_IP
0
 
sunhuxAuthor Commented:
Would it be even faster if the laptop is connected to a switch that the internet-facing
router is connected to & scan from there?
0
 
gheistCommented:
First - security assessment does not need bandwidth
Second - - run nmap --help, it tells you --script scr1:scr2:scr3
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now