1
00:00:00,300 --> 00:00:02,190
Hello everybody and welcome back.

2
00:00:02,190 --> 00:00:06,210
No this is the to tutorial on the map program.

3
00:00:06,390 --> 00:00:13,410
In the previous one I basically just show you what you can do with an IP address and what information

4
00:00:13,410 --> 00:00:17,400
you can gather only by knowing someone's IP address.

5
00:00:17,550 --> 00:00:21,180
And we also ran a simple scan on the map.

6
00:00:21,220 --> 00:00:26,280
Scan me dot org Web site which basically allows us to do these can there.

7
00:00:26,280 --> 00:00:33,420
So you should only be scan either that site or any machine you own since and map scans could be illegal

8
00:00:33,450 --> 00:00:35,370
in your country.

9
00:00:35,370 --> 00:00:41,790
Also before we begin I just want to let me just type here once again and map to show all the available

10
00:00:41,790 --> 00:00:42,660
options.

11
00:00:42,780 --> 00:00:47,100
Let me perform the same scan we did before which is just a map.

12
00:00:47,490 --> 00:00:48,150
Scan Me

13
00:00:50,890 --> 00:00:53,640
Not and map that org.

14
00:00:53,640 --> 00:00:59,160
And basically if you wanted to for example write this to a file you just specify two arrows right here

15
00:00:59,760 --> 00:01:04,980
and then we call the final results dot 60 for example.

16
00:01:04,980 --> 00:01:12,030
Now this will take as previous time a few seconds and it won't give us the output right here.

17
00:01:12,030 --> 00:01:16,050
It would basically save all of the output into our results.

18
00:01:16,120 --> 00:01:23,980
Steve well so it is useful if you for example run scan for multiple hours and you don't need to keep

19
00:01:23,980 --> 00:01:26,500
the terminal open in order to see the scan.

20
00:01:26,530 --> 00:01:32,050
You can just basically save it into a file and you can access it anytime and anywhere.

21
00:01:32,590 --> 00:01:39,070
So you don't for example run a scan on multiple hosts and write for five hours and then you accidentally

22
00:01:39,070 --> 00:01:40,210
close a terminal.

23
00:01:40,210 --> 00:01:45,450
And basically the entire scan is lost and you need to redo it once again.

24
00:01:45,790 --> 00:01:49,860
So as you can see right here This scan has finished and it has given us any output.

25
00:01:49,990 --> 00:01:55,480
So you can just click on the screen and type your unless and as you can see right here we have the results

26
00:01:55,510 --> 00:02:02,500
that the file if we check that results the text file we will get the same output that we got in the

27
00:02:02,500 --> 00:02:07,520
previous video with our results printed out into this file.

28
00:02:07,540 --> 00:02:14,800
Now since we know that we can delete this file right now and we can type here and map once again.

29
00:02:14,890 --> 00:02:18,860
Now I won't be scanning this can mean the end that org anymore.

30
00:02:18,880 --> 00:02:25,450
I will be scanning basically my windows machine right now so you can continue scanning this site you

31
00:02:25,450 --> 00:02:33,760
can also scan the methods playable that we installed in the previous lectures and you can also scan

32
00:02:33,850 --> 00:02:35,540
your host machine.

33
00:02:35,560 --> 00:02:37,580
Now let me just show you.

34
00:02:37,690 --> 00:02:42,410
You can also scan yourself if we just check our I.P. address right here.

35
00:02:42,420 --> 00:02:49,170
One ninety two that 116 that on that six and you typed here 192 that once you see that one that's six.

36
00:02:49,270 --> 00:02:53,490
I don't believe any poor yeah all ports or 1000 scan ports are closed.

37
00:02:53,500 --> 00:03:00,980
So on this Carolyn expert to machine I'm not having any port open and that should be on yours as well.

38
00:03:01,090 --> 00:03:09,790
For now on at least and and as I said in the previous video in the end map only scans the top 1000 U.S.

39
00:03:09,790 --> 00:03:10,370
ports.

40
00:03:10,510 --> 00:03:17,830
So if you want to for example specify the number of ports you want to scan or for example you want to

41
00:03:17,830 --> 00:03:19,980
scan all 65000 ports.

42
00:03:19,990 --> 00:03:24,570
Let me just find the option sureties port specification and scan order.

43
00:03:24,580 --> 00:03:27,630
We can do this do that with minus p.

44
00:03:28,030 --> 00:03:29,290
So how we do that.

45
00:03:29,290 --> 00:03:38,440
Well basically we just sit here and map minus B and then we type here one two sixty five thousand and

46
00:03:39,490 --> 00:03:41,200
we can just do sixty five thousand.

47
00:03:41,200 --> 00:03:45,600
Or we can do all sixty five thousand five hundred and thirty five.

48
00:03:45,850 --> 00:03:47,420
I believe that's how many there are.

49
00:03:48,100 --> 00:03:56,440
And then we specify again our our own IP address and this will take longer to finish but instead of

50
00:03:56,530 --> 00:04:03,310
scanning only thousand ports it can all sixty five thousand five hundred thirty five ports and it will

51
00:04:03,310 --> 00:04:08,410
finish relatively fast since we are scanning ourselves and it's only finished in one point five seconds.

52
00:04:09,520 --> 00:04:13,030
So now we won't be scanning ourselves anymore since there is no point.

53
00:04:13,030 --> 00:04:18,810
So let me just find out what the IP address of my windows machine is.

54
00:04:18,970 --> 00:04:25,750
So I will type here in my command prompt I pick up and think and the IP address of my host machine is

55
00:04:25,750 --> 00:04:33,430
one ninety 92 that 168 that one that for so I would just type here and map 192 that 168 that wanted

56
00:04:33,430 --> 00:04:34,080
for.

57
00:04:34,460 --> 00:04:36,310
And let's see how fast this will finish.

58
00:04:36,310 --> 00:04:38,280
It shouldn't take too much of our time.

59
00:04:38,290 --> 00:04:39,580
So let me just check here.

60
00:04:39,580 --> 00:04:45,620
All right we'll finish and we can see there are a few ports open right here.

61
00:04:45,610 --> 00:04:47,500
The net buyer says to send Microsoft.

62
00:04:47,500 --> 00:04:47,810
Yes.

63
00:04:47,830 --> 00:04:51,690
And M.S. RBC which are these three ports.

64
00:04:51,710 --> 00:05:00,670
They're all three open as you can see they're all over DCP now for example let's scan again my machine

65
00:05:01,100 --> 00:05:09,520
at right now let's scan all sixty five thousand ports so sixty 5 3 5 I believe that's the maximum number

66
00:05:09,520 --> 00:05:16,930
of ports and we type here the IP address of our windows machine now.

67
00:05:16,940 --> 00:05:18,320
Let me just.

68
00:05:18,320 --> 00:05:19,320
Oh yes I.

69
00:05:19,520 --> 00:05:26,020
I only specified that this should scan the this port I should specify a range of ports.

70
00:05:26,040 --> 00:05:30,230
So one dash sixty five five hundred thirty five.

71
00:05:31,100 --> 00:05:37,100
And we press here enter and this will take a little bit longer than the thousand port scan.

72
00:05:37,160 --> 00:05:39,810
So let's see where it is right now.

73
00:05:39,830 --> 00:05:40,080
Yeah.

74
00:05:40,100 --> 00:05:42,360
It is only on 4 percent.

75
00:05:44,390 --> 00:05:52,400
You can check out the process of scan it with the upper arrow if you didn't specify right here the minus

76
00:05:52,520 --> 00:05:58,610
V which stands for deliverables which will basically just bring you this right here as it goes with

77
00:05:58,610 --> 00:05:59,550
the scan.

78
00:05:59,630 --> 00:06:06,270
I didn't specify it so it doesn't print anything before the so let me just show you we will finish this

79
00:06:06,270 --> 00:06:10,750
so we don't wait until it's over.

80
00:06:10,770 --> 00:06:12,450
So let me just put here.

81
00:06:12,480 --> 00:06:21,090
Let me just let's just and map once again and we can see right here that the minus command stands for

82
00:06:21,180 --> 00:06:28,390
increased verbosity level use double B which is basically minus V V in order to see more details.

83
00:06:28,460 --> 00:06:32,550
So let's run the same command but with 1000 ports.

84
00:06:32,730 --> 00:06:36,560
So let me just type here and map one end to that one here.

85
00:06:36,570 --> 00:06:40,580
That one that for basically just minus minus will be.

86
00:06:40,600 --> 00:06:48,560
So here you can see that as it goes with the scan it prints out the information and at the end it creates

87
00:06:48,560 --> 00:06:51,840
out the same thing that it printed out before.

88
00:06:51,840 --> 00:06:57,450
So here we can see as it went we need to conclude that there is one host that is up.

89
00:06:58,050 --> 00:07:01,710
And as it discovered the open ports it printed out for us.

90
00:07:03,210 --> 00:07:09,120
Now this can be useful if you want to find out the open ports on a host.

91
00:07:09,120 --> 00:07:13,710
That will take an hour scan or for a range of hosts.

92
00:07:13,740 --> 00:07:15,300
So let me just show you.

93
00:07:15,300 --> 00:07:23,340
Let me just show you how you can scan a range of hosts for example scan your entire local network.

94
00:07:23,340 --> 00:07:30,740
You can see right here that the second command in the examples shows us how to specify the range of

95
00:07:30,740 --> 00:07:31,610
hosts.

96
00:07:31,740 --> 00:07:36,990
So as you can see right here 182 that 168 0 0 0 slash 16.

97
00:07:36,990 --> 00:07:43,890
This will basically scan the first 16 holes in the local network.

98
00:07:43,910 --> 00:07:51,200
Now we know in my local network since my subnet mask is 255 255 255 0.

99
00:07:51,200 --> 00:07:56,950
There are only two hundred and fifty five hosts available so we will just specify all of them.

100
00:07:56,990 --> 00:08:01,030
Let me just type here and map and then we will type here.

101
00:08:01,120 --> 00:08:03,220
182 168.

102
00:08:03,290 --> 00:08:08,250
That one that one slash fifty five.

103
00:08:09,550 --> 00:08:11,480
Can let us just put me up here.

104
00:08:11,520 --> 00:08:18,230
Decaf and decaf to laugh which stands for basically doing this can fester.

105
00:08:18,290 --> 00:08:20,540
So we do not waste a lot of time.

106
00:08:20,570 --> 00:08:28,070
So let me just press enter right here.

107
00:08:28,540 --> 00:08:32,250
No if you just check once again since this didn't work.

108
00:08:32,280 --> 00:08:37,900
Maybe I specified wrong or basically gave me some error.

109
00:08:37,910 --> 00:08:41,480
Let me just redo this comment but not like this.

110
00:08:41,480 --> 00:08:44,310
Let me just type here instead of slash minus.

111
00:08:44,750 --> 00:08:46,570
So right now it should work.

112
00:08:47,540 --> 00:08:57,580
But let's also add the option verbosity so it prints us everything as it goes.

113
00:08:57,890 --> 00:09:03,030
We can see that it found it actually finished relatively fast.

114
00:09:03,050 --> 00:09:08,720
That is probably because we specified right here the minus f option which basically makes it scan finish

115
00:09:08,780 --> 00:09:13,190
faster and we can see that all of these holes are down.

116
00:09:13,560 --> 00:09:17,540
We can see that between these two there was one that is up which is not 15.

117
00:09:17,540 --> 00:09:20,750
That is my laptop that is currently running.

118
00:09:20,750 --> 00:09:23,790
So as we go down here it should find.

119
00:09:24,500 --> 00:09:27,350
We found the our router.

120
00:09:27,350 --> 00:09:28,580
Here it is.

121
00:09:28,580 --> 00:09:31,910
So wanted to do that 168 that one that one.

122
00:09:31,910 --> 00:09:37,720
It also found our windows whose machine which is my current vendor's stand machine on.

123
00:09:37,820 --> 00:09:45,050
As my host operating system as you can remember here are the three open ports on my host machine.

124
00:09:45,050 --> 00:09:53,180
It found my laptop which only has the Apache to running on the DP Port Power DCP and it also found our

125
00:09:53,180 --> 00:09:56,340
virtual machine which is 182 that 168.

126
00:09:56,390 --> 00:10:02,440
That one that 6 which has none of the ports open so the end result.

127
00:10:02,510 --> 00:10:10,000
Finished with 255 IP addresses scanned and for hosts were up scanned in six point six seconds.

128
00:10:12,260 --> 00:10:19,450
Now let's also for example if you want to write that into a file you can do that with the Caballero

129
00:10:19,450 --> 00:10:21,970
comment and also into the results.

130
00:10:22,070 --> 00:10:29,340
Dixie as we saw in the previous video it won't give you any output but it will write your scan into

131
00:10:29,340 --> 00:10:35,840
the results that 60 files so you don't have to redo the scan once again later if you close the terminal.

132
00:10:41,720 --> 00:10:49,010
So it should finish in a few seconds I believe and we will have a file with all 255 machines scanned

133
00:10:49,460 --> 00:10:51,020
as you can see it has finished.

134
00:10:51,080 --> 00:10:57,850
And if we can give results that the next day we will get the same output as in the previous scan now.

135
00:10:58,000 --> 00:10:59,710
This is about it for this lecture.

136
00:10:59,710 --> 00:11:08,410
We will continue with some of the more aggressive scans and more specified and the detailed scans in

137
00:11:08,410 --> 00:11:11,930
the next lecture which will also be a map.

138
00:11:12,000 --> 00:11:16,930
Will cover how to get the version of A C over software running on a specific port.

139
00:11:16,930 --> 00:11:23,700
For example we will find out how to get the version of my Apache to uh on my laptop which is running

140
00:11:23,700 --> 00:11:24,540
away CTP.

141
00:11:24,580 --> 00:11:31,690
As you can see right here we don't get the version specified but it is an important option because it

142
00:11:31,690 --> 00:11:37,500
allows us to find out the version of a software which can be used in order for us to find out any reliability

143
00:11:37,540 --> 00:11:39,670
for that particular software.

144
00:11:39,670 --> 00:11:42,880
So I hope I see you in the next lecture and ticker.