Solved

recommendations for external nmap pen test (from a Windows laptop)

Posted on 2016-07-20
5
173 Views
Last Modified: 2016-07-23
https://pentestlab.wordpress.com/2012/03/08/nmap-scripting-engine-basic-usage-2/

I'm required to do a pen test from public Internet of about 30 plus public IP of our company using nmap
before our auditor does it to close up gaps.    Referring to above url,

Q1:
what's the latest version that could run on Windows XP & Windows 7 ?

Q2:
where can I download the scripts or the scripts are bundled?

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Emmanuel Adebayo earned 300 total points
ID: 41720914
Q1:
what's the latest version that could run on Windows XP & Windows 7 ?
7.25

Q2:
where can I download the scripts or the scripts are bundled?
https://nmap.org/download.html (Linux, Windows etc)

Q3:
Can I select to run a few types of scripts on one single command, say
auth, default, discovery, malware & vuln ?  Do provide the exact syntax
 to run these in a single line?

Check https://nmap.org/book/inst-windows.html#inst-win-exec

Q4:
I have 6 hours per day (in the middle of the night) over 3 days to run,
so what should I do to get the scan completed in fastest possible time?
Will it be faster to scan from 1Gbps home fibre broadband of the same
ISP as what my company is hosted on or run multiple commands from
several command prompts at the same time or run from a 64bit PC
with as much RAM as possible (I have only 4GB of RAM on my X201)?
Will running it from a Linux laptop make it run faster?

Yes, I would suggest that you scan from the same ISP that your company is hosted as the routing will be less and faster. Also, the faster the system the better the performance.

Q5:
Any way to limit the scan rate so that it the scans don't cause disruption?

There are options that you can use with the command, i.e
-T4,
the -T4 option is recommended if the connection between you and the target networks id reasonably fast and reliable.

Q6:
Presumably I have to permit my scanning PC/laptop's IP from the perimeter
firewall prior to scanning?  Need to permit anything from bluecoat proxy ?

Yes.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41721026
Q1 Virtualbox, vmware player
Q3 just stash scripts one after another
Q4 100Mbps ethernet transfers 7000 packets per second each way, it takes 10 seconds to scan all ports, or 5 minutes to scan all ports on all hosts.
Q6 Why? Maybe exclude it from IDS/IPS
0
 

Author Comment

by:sunhux
ID: 41721464
Thanks.

Q3:
 Can I select to run a few types of scripts on one single command, say
 auth, default, discovery, malware & vuln ?  Do provide the exact syntax
  to run these in a single line?

> Check https://nmap.org/book/inst-windows.html#inst-win-exec
> Q3 just stash scripts one after another

Don't see a sample syntax in the nmap.org link above, so do I issue like what
Gheist suggests ie as below?
   nmap --script auth  default discovery malware vuln  target_IP
0
 

Author Comment

by:sunhux
ID: 41721470
Would it be even faster if the laptop is connected to a switch that the internet-facing
router is connected to & scan from there?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 41724215
First - security assessment does not need bandwidth
Second - - run nmap --help, it tells you --script scr1:scr2:scr3
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question