Solved

recommendations for external nmap pen test (from a Windows laptop)

Posted on 2016-07-20
5
126 Views
Last Modified: 2016-07-23
https://pentestlab.wordpress.com/2012/03/08/nmap-scripting-engine-basic-usage-2/

I'm required to do a pen test from public Internet of about 30 plus public IP of our company using nmap
before our auditor does it to close up gaps.    Referring to above url,

Q1:
what's the latest version that could run on Windows XP & Windows 7 ?

Q2:
where can I download the scripts or the scripts are bundled?

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Emmanuel Adebayo earned 300 total points
ID: 41720914
Q1:
what's the latest version that could run on Windows XP & Windows 7 ?
7.25

Q2:
where can I download the scripts or the scripts are bundled?
https://nmap.org/download.html (Linux, Windows etc)

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Check https://nmap.org/book/inst-windows.html#inst-win-exec

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Yes, I would suggest that you scan from the same ISP that your company is hosted as the routing will be less and faster. Also, the faster the system the better the performance.

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

There are options that you can use with the command, i.e
-T4,
the -T4 option is recommended if the connection between you and the target networks id reasonably fast and reliable.

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?

Yes.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41721026
Q1 Virtualbox, vmware player
Q3 just stash scripts one after another
Q4 100Mbps ethernet transfers 7000 packets per second each way, it takes 10 seconds to scan all ports, or 5 minutes to scan all ports on all hosts.
Q6 Why? Maybe exclude it from IDS/IPS
0
 

Author Comment

by:sunhux
ID: 41721464
Thanks.

Q3:
 Can I select to run a few types of scripts on one single command, say
 auth, default, discovery, malware & vuln ?  Do provide the exact syntax
  to run these in a single line?

> Check https://nmap.org/book/inst-windows.html#inst-win-exec
> Q3 just stash scripts one after another

Don't see a sample syntax in the nmap.org link above, so do I issue like what
Gheist suggests ie as below?
   nmap --script auth  default discovery malware vuln  target_IP
0
 

Author Comment

by:sunhux
ID: 41721470
Would it be even faster if the laptop is connected to a switch that the internet-facing
router is connected to & scan from there?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41724215
First - security assessment does not need bandwidth
Second - - run nmap --help, it tells you --script scr1:scr2:scr3
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now