Nmap Penetration Testing

					# See the network
#This will show you the Kernel IP routing table
#To find your IP address
					nmap -PR -sn
#PR: Ping all hosts before scanning. This ensures that only hosts that are responding to ping requests are scanned.
#-sn: Scan for live hosts only. This skips the port scan and only performs a ping scan.
#This will scan each IP address in that range.
# And we tell you which Ip address is up. Hosts available.
					# Open Nano and create a file called iplist.txt 
#and add inside all the Ip addresses that we just discover
nano iplist.txt
					#How to scan an external network
sudo nmap -PE -sn scanme.nmap.org
#-PE: This option tells Nmap to use the TCP ping scan method. 
#This method sends a TCP packet to port 80 (HTTP) and 
#waits for a response.
#If a response is received, the host is considered to be alive.

# The output of this command is:
#Nmap scan report for scamme.nmap.org (
Host scamme.nmap.org ( is up (0.0010s latency).

Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds
# This was sent on the layer 3 of the TCP/IP protocol

					# If blocked by the firewall
sudo nmap -PA80 -sn scanme.nmap.org
#-PA80: This option tells Nmap to use the parallel TCP ping scan
# method on port 80 (HTTP). 
# This method sends TCP packets to port 80 of all hosts in the target range 
# and waits for responses. 
# If a response is received, the host is considered to be alive.
# This was sent on the layer 4 of the TCP/IP protocol

					TCP/IP 4 layers

    Application layer: This layer is responsible for providing services to end users, such as web browsing, email, and file transfer.
    Examples of application layer protocols include HTTP (Hypertext Transfer Protocol), SMTP (Simple Mail Transfer Protocol), 
    and FTP (File Transfer Protocol).
    Transport layer: This layer is responsible for providing reliable end-to-end communication between applications. 
    It ensures that data is delivered in the correct order and without errors. Examples of transport layer protocols include TCP
    (Transmission Control Protocol) and UDP (User Datagram Protocol).
    Network layer: This layer is responsible for routing data packets between networks. It determines the best path for packets to take 
    from their source to their destination. 
    Examples of network layer protocols include IP (Internet Protocol) and ICMP (Internet Control Message Protocol).
    Link layer: This layer is responsible for transmitting data packets over a physical network medium, such as Ethernet or Wi-Fi. 
    It formats packets into frames and adds error detection and correction information. 
    Examples of link layer protocols include Ethernet and IEEE 802.11 (Wi-Fi).
    You enter the URL of a website into your web browser.
    The web browser sends an HTTP request to the web server hosting the website.
    The web server receives the HTTP request and sends back an HTTP response containing the website's HTML code.
    The web browser receives the HTTP response and renders the website on your screen.


SCTP stands for Stream Control Transmission Protocol. It is a connection-oriented transport layer protocol that provides reliable, in-sequence transport of data between two endpoints that have established a connection in a computer network.

SCTP is similar to TCP in that it provides reliable, in-sequence delivery of data. However, it has several advantages over TCP, including:

  • Multihoming: SCTP allows both endpoints of a connection to have multiple IP addresses. This makes it more resilient to network failures, as traffic can be routed to the best available IP address.
  • Multistreaming: SCTP allows multiple streams of data to be sent over a single connection. This can improve performance for applications that need to send different types of data, such as voice, video, and text.
  • Partial reliability: SCTP can be configured to deliver data streams with different levels of reliability. This is useful for applications that need to deliver some types of data more reliably than others.

SCTP is used in a variety of applications, including:

  • Voice over IP (VoIP): SCTP is used to provide reliable transport for VoIP calls.
  • Mobile networks: SCTP is used to provide reliable transport for data services in mobile networks.
  • Signaling systems: SCTP is used to carry signaling traffic between different components of signaling systems, such as SS7 and Diameter.
  • Multimedia applications: SCTP can be used to improve the performance of multimedia applications, such as video streaming and online gaming.
					sudo nmap
# To check the most common 1000  ports on this specific machine.
# To find which port is open on the machine.
					# To scan all the IP addresses that we found earlier.
nmap -iL iplist.txt
# -iL iplist.txt: This option tells Nmap to read the list of
# IP addresses to scan from the file iplist.txt.
					sudo nmap -p 22 -iL iplist.txt
# To check in the file all the PCs with the port 22 open.
nmap -sA -iL iplist.txt
# -iL: Read the list of targets from the file
# -sA: Use all scanning methods.
nmap -sU -iL iplist.txt
# command is a useful tool for identifying hosts on a 
# network that are running UDP services.
nmap -sV -iL iplist.txt
# The nmap -sV command is a powerful tool for network 
#reconnaissance and security assessment. It can be used    
# to identify all the services running on a network, 
# and to determine if those 
# services are vulnerable to known attacks.

Some More Cool Projects