WEBVTT 0 00:01.640 --> 00:07.990 Zen map is the official graphical user interface (GUI) for the Nmap Security Scanner. 1 00:08.050 --> 00:15.970 It is a multi-platform free and open source application designed to make nmap easy to use for beginners 2 00:16.060 --> 00:21.190 while providing advanced features for experienced nmap users. 3 00:21.300 --> 00:23.950 Let's install Zenmap on Linux 4 00:24.010 --> 00:31.590 if it's not already there. Many security Linux distributions come with is zenmap already installed 5 00:32.610 --> 00:42.320 so as root I am executing apt install zenmap 6 00:42.330 --> 00:51.220 Note that there are versions available for both Windows and the Mac. Let's start zenmap! We notice 7 00:51.220 --> 00:58.570 that it can be started both as a normal user or as root. Behind the scenes nmap command 8 00:58.630 --> 01:00.070 will be executed 9 01:00.070 --> 01:07.090 and we've seen in the last lectures that there are scans like the syn scans that can be executed only 10 01:07.090 --> 01:10.280 by root. So I'm starting it 11 01:10.300 --> 01:10.860 as root. 12 01:15.100 --> 01:19.130 This is the interface of a zenmap. 13 01:19.200 --> 01:25.250 The purpose of zenmap is not to replace the old and the good nmap command. 14 01:25.290 --> 01:31.260 It's well known that hackers always prefer a command line over a graphical interface. 15 01:31.260 --> 01:36.370 The purpose of a zenmap is to make nmap a more useful . Zenmap 16 01:36.390 --> 01:42.980 keeps track of your scan results until you choose to throw them away and profiles make it easy to run 17 01:43.050 --> 01:46.650 the exact same scan more than once. 18 01:46.650 --> 01:51.430 There is no need to set up a shell script to do a common scan. 19 01:51.480 --> 01:55.640 Zenmap has the ability to show the differences between two scans, 20 01:55.770 --> 02:02.340 you can see what has changed between the same scan run on different days, between scans of two different 21 02:02.340 --> 02:09.620 hosts or between scans of the same hosts with different options or any other combination. 22 02:09.630 --> 02:17.190 This allows administrators to easily track new hosts or services appearing on their network or existing 23 02:17.190 --> 02:26.310 ones going down. Running a scan is as simple as typing the target in the “Target” field selecting the 24 02:26.310 --> 02:30.830 profile and then clicking the scan button. 25 02:30.930 --> 02:32.850 Let's scan this host! 26 02:36.020 --> 02:42.660 I'm writing its IP address in the target box. 27 02:43.030 --> 02:53.330 We also notice the nmap command with all its options that can be run at the console; -a option 28 02:53.420 --> 02:59.400 enables OS and version detection, script scanning and trace route. 29 02:59.420 --> 03:03.470 This is a really useful option but the scan will take a very long time. 30 03:04.830 --> 03:06.220 I'm starting the scan. 31 03:13.080 --> 03:20.270 In the scan's tab we notice that the scan is running; after approximately one minute 32 03:20.300 --> 03:28.740 the scan result will be available. I'll pause the video until it's over! OK! 33 03:28.840 --> 03:30.370 It's over. 34 03:30.370 --> 03:39.290 This is the scan report: we see open ports and the details about the versions of the applications that 35 03:39.320 --> 03:44.580 are running on that host; on the left side 36 03:44.650 --> 03:53.500 we see the services that are running on the host and the ports tab shows what ports are open on that 37 03:53.500 --> 03:53.980 host. 38 03:55.450 --> 04:00.190 These are the ports open, the service name and its version. 39 04:03.960 --> 04:05.510 Let's try another scan! 40 04:05.580 --> 04:11.810 This time I want to scan the entire lan so 0/24 41 04:11.820 --> 04:16.840 You can also write the network address like this, using a * 42 04:16.860 --> 04:18.170 for the last byte. 43 04:20.010 --> 04:30.390 And I'll use another profile "Quick scan pus" and scan. 44 04:30.620 --> 04:32.650 It's scanning the entire network. 45 04:33.540 --> 04:38.790 It will take a while, a minute or two, so I'm gonna pause the video until it's over. 46 04:44.060 --> 04:47.850 Now the scan is running; okay, 47 04:47.860 --> 04:49.360 it's over! 48 04:49.360 --> 04:54.490 This is the output; we see all hosts discovered 49 04:54.550 --> 05:01.600 and the services that are running and the this scan tab lists all the scans 50 05:01.610 --> 05:07.870 you are running or have executed. Most of these will be unsaved scans. 51 05:07.880 --> 05:15.120 We can of course select one of our past scans and rerun it by selecting the scan and the clicking 52 05:15.120 --> 05:20.560 the scan button, like this! I'm rerunning the scan. 53 05:23.750 --> 05:24.850 I have stopped it. 54 05:26.220 --> 05:33.930 The topology tab is of interest for security audits as it shows the actual topology of your network 55 05:34.200 --> 05:43.160 in a graphical form. The host details tab breaks all of the information about a single host into a hierarchical 56 05:43.160 --> 05:44.900 display. 57 05:44.900 --> 05:51.500 For example this is the default gateway and this is the report about the default gateway, about this 58 05:51.540 --> 06:01.960 host and so on. To rescan a host selected the host from the combo box attached to the target and then scan 59 06:02.080 --> 06:02.470 again. 60 06:05.670 --> 06:11.490 To save a scan we select the scan and then go to files and save. 61 06:14.320 --> 06:21.150 It will be saved as an .xml or nmap text format that can be later 62 06:21.220 --> 06:30.720 reopened. As mentioned you can use the default scanning profiles or we can create your own. To do so 63 06:30.990 --> 06:38.000 go to profile and then select either new profile or edit selected profile. 64 06:38.640 --> 06:42.570 We see there are a lot of options to select from, for the new profile. 65 06:46.450 --> 06:52.810 As a conclusion we say that the zenmap is a very powerful tool that enables any network administrator 66 06:52.810 --> 07:00.400 to audit hosts and networks. Make sure to dive deeper into the profile editor and while creating 67 07:00.430 --> 07:05.660 helpful scans for your specific network you'll see just how powerful a zenmap can be.