WEBVTT

00:00.800 --> 00:03.180
Welcome back, security enthusiasts.

00:03.200 --> 00:09.020
In this lecture, we will explore the power of target specification options provided by Nmap.

00:09.170 --> 00:16.040
Understanding different target formats and scanning techniques will enable you to effectively scan IP

00:16.040 --> 00:18.020
addresses and host ranges.

00:18.020 --> 00:21.290
So let's dive into the world of Nmap target specification.

00:21.290 --> 00:24.980
First thing we're going to learn is multiple host specification.

00:24.980 --> 00:33.110
The simplest way to specify a target is by directly listing the IP addresses or hosts you want to scan.

00:33.110 --> 00:37.520
You can specify multiple hosts by separating them with spaces.

00:37.520 --> 00:43.550
For example nmap nmap let's code silly.com.

00:43.550 --> 00:46.610
And after that you can also enter the local IP address.

00:49.880 --> 00:52.910
Let me actually look at my local IP address.

00:52.940 --> 00:55.580
Ipconfig here ipconfig.

00:57.890 --> 00:58.340
And here.

00:58.340 --> 01:00.350
13.138.

01:00.380 --> 01:02.150
13.138.

01:02.150 --> 01:04.070
And so on.

01:04.190 --> 01:14.030
So here this command will scan the IP addresses of coastal domain here and this local IP address here

01:14.030 --> 01:15.650
and here.

01:15.770 --> 01:19.580
We can also have octet range addressing and wildcards.

01:19.580 --> 01:25.640
So to simplify the specifying a range of hosts, you can use octet range.

01:25.640 --> 01:33.470
Addressing it allows you to specify a range of IP addresses by using a hyphen between the starting and

01:33.470 --> 01:34.940
ending addresses.

01:35.840 --> 01:41.420
For instance, to scan host of, for example, this here.

01:41.420 --> 01:46.430
Let's actually delete the domain for now we will use on the localhost of this here.

01:46.430 --> 01:52.490
So to scan the host of this here, 192.168.

01:52.790 --> 01:57.950
13.1 and 192.168..

01:59.630 --> 02:02.690
13.3 here.

02:02.690 --> 02:04.960
And as you can see, we will scan this, right?

02:04.970 --> 02:11.180
So you instead of this, you can use, for example, this IP address here.

02:11.180 --> 02:13.850
So the only this IP address.

02:13.850 --> 02:18.800
And after that, you will enter the 168.1 13.1 here.

02:18.800 --> 02:20.510
And after that ternary operator here.

02:20.510 --> 02:24.860
So minus operator And here you will enter the IP address you want to range from.

02:24.860 --> 02:32.540
So if you want to scan the IP addresses from 1 to 20, you can use this like this here and now.

02:32.540 --> 02:36.740
In this case, octave range intuition also support wild cards.

02:36.740 --> 02:44.630
Keep in mind enabling you to scan from from 0 to 255 with the expression like this here.

02:46.460 --> 02:54.320
And here this is especially useful when you want to scan a subnet with a large number of hosts and you

02:54.320 --> 02:56.960
can also exclude host from the scan here.

02:56.960 --> 02:58.190
Let's actually clear that.

02:58.190 --> 03:06.290
So sometimes you might need to exclude specific hosts from your scan and Nmap provides the exclude option

03:06.290 --> 03:07.400
for this purpose.

03:07.430 --> 03:12.280
It allows you to exclude one or more hosts from the range being scanned.

03:12.290 --> 03:14.030
So here's an example here.

03:14.510 --> 03:16.280
Nmap 192.

03:17.760 --> 03:20.720
.168.1..

03:21.720 --> 03:34.110
1 to 255 here and we will use the exclude here with two minus operator exclude and 192.168.1. for example,

03:34.140 --> 03:40.680
or actually the IP addresses is 13 and not one and 13.

03:43.640 --> 03:43.940
Here.

03:44.180 --> 03:46.040
13 point example.

03:46.050 --> 03:47.770
Let's exclude 13.3.

03:47.780 --> 03:48.350
Right.

03:49.590 --> 03:58.500
And here with this comment, we are excluding the excluding the 13.3 from the range of this host being

03:58.500 --> 03:59.190
scanned.

03:59.220 --> 04:07.980
Alternatively, alternatively, you can create an exclusion list in a file using the exclude exclude

04:08.490 --> 04:15.060
file option to simply list the IP addresses or host you want to exclude in the file, each separated

04:15.060 --> 04:16.060
by a new line.

04:16.080 --> 04:21.690
For example, let's actually create a new file in graphical user interface here.

04:22.290 --> 04:29.250
Create document and my exclude list dot txt here.

04:29.250 --> 04:31.230
And after that you will open that.

04:31.230 --> 04:31.980
So.

04:33.130 --> 04:34.260
Of course we need to use it.

04:34.270 --> 04:36.010
Some notepad here.

04:44.920 --> 04:46.840
Or mousepad, I think.

04:48.340 --> 04:49.120
Here mousepad.

04:49.470 --> 04:51.760
This is a text programming and Linux.

04:53.310 --> 04:53.880
Here.

04:54.150 --> 04:55.530
So now.

04:57.010 --> 05:01.600
But we are going to do is we will write the IP address if we want to exclude here.

05:23.720 --> 05:24.770
And here.

05:24.770 --> 05:26.660
So we will save this.

05:26.660 --> 05:30.200
And after that, what we are going to do is nmap.

05:31.300 --> 05:32.260
Exclude.

05:33.720 --> 05:35.670
File here.

05:35.850 --> 05:38.220
And after that you will enter the file path.

05:38.430 --> 05:41.870
You can also enter the file path using this home here.

05:41.880 --> 05:42.770
Kali.

05:44.190 --> 05:44.970
And.

05:47.240 --> 05:48.470
Exclude List of text.

05:50.870 --> 05:57.410
And after that you will enter the your IP address range you want to scan, in this case from 1 to 255.

06:01.860 --> 06:02.640
I'm sorry.

06:06.890 --> 06:09.080
Would file unrecognized option.

06:09.110 --> 06:10.700
Exclude file here.

06:15.080 --> 06:18.860
Let's actually try it out this year.

06:20.110 --> 06:22.690
And exclude file again error here.

06:23.950 --> 06:29.620
So if you are getting this error, you're probably using the newer versions of this Nmap here.

06:29.890 --> 06:33.820
So in order to fix that, we will use some grep and here.

06:33.820 --> 06:39.550
So however you can achieve a similar result by using a combination of other tools and commands.

06:39.820 --> 06:45.760
And as I said, one approach is to use grep command to filter out the IP addresses or hosts you want

06:45.760 --> 06:49.150
to exclude and then pass the filtered list to Nmap.

06:49.180 --> 06:50.690
So let's actually clear here.

06:50.710 --> 06:52.120
So we will firstly.

06:53.880 --> 06:54.960
As you remember, we will create.

06:55.080 --> 06:58.980
We have created the file exclude list dot txt.

06:59.220 --> 07:00.810
So let's actually read it.

07:00.840 --> 07:01.650
Cat.

07:02.530 --> 07:04.000
Exclude list dot txt.

07:04.030 --> 07:05.620
And here, this is ours.

07:05.830 --> 07:10.720
This is our excluded, this IP address that we want to exclude from our scan.

07:10.720 --> 07:17.500
And we will using the grep command to exclude the IP addresses or hosts from the list you want to scan.

07:17.500 --> 07:22.390
So you can use the v here, let me actually do it again.

07:22.390 --> 07:27.940
Nmap v option to invert the match and select non-matching lines.

07:27.940 --> 07:32.470
So here nmap f here and here we will exclude.

07:32.470 --> 07:33.370
Exclude.

07:34.360 --> 07:37.160
Exclude list dot txt.

07:37.180 --> 07:46.660
And here we have all hosts dot txt and after that we will enter the filtered filtered dot txt here and

07:46.750 --> 07:47.980
we will use sorry.

07:48.580 --> 07:50.800
Here we will use a pseudo again.

07:52.180 --> 07:56.020
If you are getting this kind of errors, probably the sudo will fix it.

07:56.050 --> 08:01.130
No targets were specified and here failed to resolve exclude list like txt and all.

08:01.150 --> 08:02.230
Host dot txt.

08:02.410 --> 08:02.830
Here.

08:05.380 --> 08:09.190
And here we need to create the URL hosts.txt.

08:09.220 --> 08:09.790
In this case.

08:09.790 --> 08:12.340
And in order to do that, we will use the segue here.

08:12.490 --> 08:15.400
F1192 here with the code here.

08:15.400 --> 08:20.470
192.168.8..

08:21.840 --> 08:26.190
13 point g here and we will encode it.

08:26.280 --> 08:37.950
So one from 1 to 255 here, we will use this pipe key here and here we will print print it one by one

08:37.950 --> 08:38.670
print.

08:40.190 --> 08:41.150
Zero here.

08:42.080 --> 08:48.140
And after that we will encode it and we will write it to all posts.

08:48.140 --> 08:51.080
Dot txt here and now.

08:51.080 --> 08:54.980
Let's cut the text to see what's inside.

08:54.980 --> 09:00.920
And as you can see here, this is all the hosts from 1 to 255.

09:00.950 --> 09:06.230
So what we're going to do is we will run this command again, Nmap command and as you can see, we got

09:06.230 --> 09:07.370
the error again.

09:07.370 --> 09:09.920
Our host text warning no targets were specified.

09:09.920 --> 09:18.080
And here so here we have the two files all host txt and exclude list and we have the filter dot txt

09:18.110 --> 09:19.400
here and here.

09:19.400 --> 09:20.570
This is our output.

09:21.110 --> 09:26.360
So here we also have the exclude list at TXT and all hosts.txt.

09:29.970 --> 09:30.810
And here.

09:30.810 --> 09:32.250
Sorry for the confusion here.

09:32.250 --> 09:35.060
Instead of using nmap, we need to use the grep here.

09:35.070 --> 09:39.480
So what we're going to do is we will change the nmap to grep here.

09:40.540 --> 09:40.990
Rep.

09:42.570 --> 09:43.320
And here.

09:43.320 --> 09:44.130
That's it.

09:44.130 --> 09:49.440
And now let's open the filter that takes actually, we can use the we can open the filter text with

09:49.440 --> 09:50.130
cat here.

09:50.130 --> 09:57.330
And as you can see here, we have excluded the IP address from our list and 20 2120.

09:58.540 --> 10:02.410
22 and 23 doesn't exist because it already existed in filters.

10:02.410 --> 10:07.210
So this is this is a filtered list that all the ports that we want to scan.

10:07.210 --> 10:12.430
So we will we have subtracted exclude list from all hosts here.

10:12.430 --> 10:14.860
So let's actually watch the exclude list here.

10:14.860 --> 10:18.730
And as you can see, we don't have the 23 here, 22 here.

10:18.730 --> 10:23.710
And we will also don't have the 112 here.

10:24.190 --> 10:28.540
And as you can see here, we don't also have the 112 here and so on.

10:28.540 --> 10:34.120
So what we're going to do is here and now we will use the Nmap to scan all of this Nmap.

10:35.160 --> 10:42.180
The lowercase e here and uppercase L here, and we will pass the filtered list to Nmap for scanning

10:42.180 --> 10:49.290
and we will enter the filter dot txt and here Nmap is scans that and keep in mind that this method assumes

10:49.290 --> 10:56.100
you have a list of all the IP addresses or hosts you want to scan initially and a separate list of IP

10:56.100 --> 10:58.320
addresses or hosts you want to exclude.

10:58.350 --> 11:03.150
Adjust the comments accordingly to your to suit your specific requirements.

11:03.150 --> 11:09.870
And please keep in mind that the availability of certain features or options in software tools may be

11:09.870 --> 11:13.290
changed since the 2023.

11:13.290 --> 11:19.110
So this is the last version and updated version of this course and it's always a good idea to.

11:19.350 --> 11:27.150
You can also watch the documentation and the visual sources to make this nmap to more usable and keep

11:27.900 --> 11:36.760
keep keep an eye on the updates and we can also use this seed notation for targets.

11:36.760 --> 11:46.060
So Cidr notation and as actually this Cidr here also pronounced as the Cidr.

11:46.270 --> 11:53.890
So this notation provides a compact method for specifying IP addresses and their routing suffixes.

11:53.920 --> 11:59.860
It also allows for more granular subnet masks compared to classful addressing.

12:01.150 --> 12:07.900
And Cidr notation consists of an IP address followed by a forward slash and a network prefix length.

12:08.770 --> 12:15.430
The network prefix length represents the number of network bits and for example, in Cidr notation.

12:15.670 --> 12:20.710
Actually, let me open the grommet here to write marker here.

12:20.770 --> 12:25.930
So here the Cidr notation.

12:26.080 --> 12:35.650
24 After the IP address, this is the this means the subnet mask of 255 255.

12:38.020 --> 12:39.520
255.

12:40.620 --> 12:49.560
Point zero, indicating that the first 24 bits of the IP address are the network portion and the remaining

12:49.590 --> 12:53.240
eight bits are for are for host addresses.

12:53.250 --> 13:05.400
So to scan the 2256 hosts in this range from, for example, 0 to 255, you can use the Cidr notation

13:05.850 --> 13:08.210
after the IP address 24 here.

13:08.220 --> 13:08.760
Right?

13:08.760 --> 13:10.440
So in order to do that, we will.

13:11.250 --> 13:16.800
So some example here so Nmap 192192.168.

13:17.220 --> 13:18.990
13.0.

13:18.990 --> 13:23.400
And we will use the Cidr notation of 24 and 24.

13:23.400 --> 13:31.050
And as you can see here, we will simplify scanning an entire subnet so we can also work with a target

13:31.080 --> 13:33.090
list in Nmap here.

13:34.070 --> 13:39.290
Uh, for example, uh, let's actually use create a new target list here.

13:39.440 --> 13:49.310
So open the create document here and target my target here, dot txt here and here.

13:49.310 --> 13:52.820
We will open with it with a mousepad here.

13:52.820 --> 13:55.730
And now we will enter some IP addresses in this case.

13:55.730 --> 13:58.220
192192.1681.

13:58.220 --> 14:04.040
13.1382 .168.1 13.2.

14:04.040 --> 14:04.610
And so on.

14:04.610 --> 14:07.730
So in this case we will have two addresses for the scan.

14:07.730 --> 14:11.990
And in order to do that, let's actually use the cut targets here.

14:12.020 --> 14:19.040
My targets dot txt and as you can see, we have two targets and in order to scan the all of the IP IP

14:19.070 --> 14:25.820
addresses in this list, we can use the to and also to load the targets from the to load the targets

14:25.820 --> 14:28.010
from the my targets txt file.

14:28.010 --> 14:33.980
You can use the nmap nmap as we did in previous lecture previous example.

14:33.980 --> 14:39.230
Uh, lowercase e uppercase l here and my target dot txt here.

14:39.230 --> 14:45.710
And this feature greatly simplifies scanning multiple hosts and in the target value you can also mix

14:45.710 --> 14:51.710
different target formats for for instance, you can also add here, let's actually open the file here.

14:51.710 --> 14:54.200
So 192.168.

14:54.680 --> 14:58.850
13.22 50 right.

14:58.850 --> 15:06.530
So with this you can also mix different IP addresses and IP ranges in the same file.

15:06.560 --> 15:15.740
Remember here you can add comments to your target list by starting a new line here with this character

15:15.740 --> 15:16.220
here.

15:16.220 --> 15:27.530
This is really dangerous, dangerous IP here, and this allows you to annotate and organize your target

15:27.530 --> 15:29.510
files for better clarity.

15:29.660 --> 15:34.440
And fantastic, you learned the various target specification techniques in Nmap.

15:34.440 --> 15:41.640
And with our new whether you need to scan specific hosts, define IP ranges, utilize Cidr notation

15:41.640 --> 15:43.080
or work with the target list.

15:43.080 --> 15:49.950
Nmap offers a versatile set of options to meet your scanning requirements, and I'm waiting you in next

15:49.950 --> 15:51.570
lecture and here.