Nmap is a commonly used utility in the security world. The default nmap scan is pretty good but there are a number of options to make your scans more informative and or more efficient.

My current set of command line options varies slightly depending on what I am looking for, but it generally starts with something the looks like this:

This scans two networks, 192.168.0.0/24 and 192.168.1.0. In my case I have two subnets at home with routing between them. This would let me see the whole network at a glance.

• The -PN option does not use ping (ICMP) to test to see if a host is alive before scanning it.
• The sU, sS sV option enables UDP service discovery.
• The sS option scans for TCP services using the SYN TCP Connect method. This is pretty reliable as it mimics a legitimate connection attempt.
• The sV option tells nmap to connect to these services and find out what version they are running. This is useful for finding exploitable services.

I am working on a wireless security project, which involves bridging, routing, and packet filtering (but not NAT). As I was looking at my current default iptables rule set, I noticed that it could use some cleaning up.

This firewall script is designed for stand alone hosts that provide some services.

The script takes a single argument for the interface to run on, but will default to eth0 if you do nothing.


#!/bin/sh
# firewall-up.sh
#v3.07

if [ "$#" = "0" ]; then
EXT_INT="eth0"
exit 1
else
EXT_INT=$1
fi

PATH=/bin:/sbin:/usr/local/sbin/:/usr/sbin