Getting Started with PenTesting

One of the first steps in PenTesting is scanning. Today I am going to write a little about nmap for OS X. For those of you who don’t know what a scanner is, it is a program that will scan a range of IP addresses and return the IP addresses that have open ports available on them. Each open port represents a listening program or daemon running on that computer. This is of interest to pentesters because these ports can sometimes be used to gain unauthorized access to your computer via an exploit. So by finding these ports and making sure the processes listening have no vulnerabilities you are able to keep the bad guys out.

One of the greatest tools available for this type of scanning is Nmap which was written by Fyodor. Nmap is a great tool and is originally a command line/terminal utility. It is a very powerful scanner and it can even try and determine the OS of the remote host being scanned if you use the -O option when running the program. For those of you that are not command line savy, there is a GUI available for Nmap named NmapFe or Nmap Frontend.

I highly suggest getting to know the Mac Terminal program, many of the tools used in pentesting do not have the luxury of a GUI frontend.

To install Nmap you have three options. You can download install Nmap via DarwinPorts, or Fink. Both of Darwin Ports and Fink are package managers for Mac OS X. To install either of them please consult the documentation on their respective sites. The third way to install Nmap is via the source code. This is the best but also the hardest way to install Nmap. You will need to follow the directions included in the archive file the Nmap sources come in to properly configure and install Nmap on your Mac.

Once you have got it installed you can now have some fun scanning your own local area network. Nmap will also give you the type of service that is found on known ports. A list of known ports can be found here. Remember to consult the documentation to find out all of the features available from this great program. Keep in mind that some IDS will see your Nmap scans as a threat so remember to only scan network addresses that you have permission to scan before hand.