Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Nmap for Ethical Hackers - The Ultimate Hands-On Course

Name: Nmap for Ethical Hackers - The Ultimate Hands-On Course
Rating: 4.6 (1757 reviews)

Go from "Scanning Zero" to "Scanning Hero" with this interactive Nmap Ethical Hacking course. Master Nmap today!

Bestseller

Created byExperts with David Bombal, Chris Greer

Last updated 4/2023

English

What you'll learn

Learn to scan networks for active devices and how to analyze scan activity with Wireshark
Enumerate endpoints for open ports and services
Master Host and Server Enumeration, Learning to Identify Service Versions, Operating System, and Common Vulnerabilities
Learn how the Nmap Scripting Engine works and how to automate scan activity
Hack common services such as HTTP, FTP and SMB with Nmap

Course content

11 sections • 58 lectures • 3h 28m total length

Introduction0:54
Welcome Nmappers! Let's learn the basics about this tool that should be mastered by all Cybersecurity professionals and Network Engineers. This video shows how in this course, we will be analyzing how Nmap works using Wireshark, the worlds leading protocol analysis tool.
What is Nmap?1:31
What is Nmap? When should we use it?
Who Should Use Nmap?1:00
Who should have Nmap in their toolbox? Only Red Hats?
Lab Setup for this Course2:38
Let's look at how to setup the lab environment for this course. We will try to make this as simple as possible!
Capturing Nmap Scans with Wireshark2:20
We will be capturing these scans with Wireshark, let's make sure that it is installed and ready.
Lab - Installing Nmap and Wireshark2:44
If you have Kali you already have these tools, but in case we are using something else, let's find out how to install or upgrade these tools.
Lab - Your First Nmap Scan!5:36
Enough sitting and watching... let's run a scan! Get Nmap and Wireshark ready. We're going to get hands-on!
Caution! Legal Considerations3:52
Scanning any open system on the internet or within our Enterprise can get us into trouble. Let's look at some legal considerations before we start running any tests.
Introduction to Nmap - Quiz

Nmap Help to the Rescue!2:04
Nmap can be very confusing when we are first getting started. Let's learn to use the help menu which will remind us of the options and descriptions we will most commonly use.
How to Scan a Host, Subnet, or IP Range2:50
Identifying Open Ports an Services on a Host5:08
Now that we have found an active host or group of hosts, let's learn how to scan specific ports.
The Top Five Nmap Commands3:51
Most of the time with nmap you will be using the same five scans. Let's learn what these are and how they work.
1. Ping Scan
2. --top-ports 20
3. -O - OS Fingerprinting
4. -A (Aggressive Scan - OS, Version, Trace)
5. -p 80 (Specify the port number)
Configuring Wireshark for Analyzing Nmap5:34
In this video we will learn how to configure, save, and share Wireshark Profiles.
Lab - Ping and Top Ports Scans5:48
Lab - OS Fingerprinting and Aggressive Scanning9:04
OS Fingerprinting can help to identify the operating system on a device, which will help when trying to find vulnerabilities or to take inventory of what systems need to be updated.
Analyzing The Phases of an Nmap Scan2:17
Scans in Nmap are designed to work in phases. Let's use Wireshark to understand how a scan develops.
Test Your Core Nmap Knowledge!

Mapping a Network with Nmap0:49
Let's learn some tips and tricks when scanning for active devices on a local network as well as a remote one.
The "Ping" Scan - Local Network Discovery5:16
The "Ping" scan will change depending on the network we are enumerating. If it is a local network, we will send ARP traffic, however if it is a network that is at least one router hop away, nmap will use TCP SYNs. If sudo is used, Nmap will send ICMP pings to the subnet under test.
Is it Really a "Ping"3:39
Deep Dive into the Default Scan6:17
Let's dissect how a default scan progresses, learning what protocols are used as the scan progresses. We will deep dive into this scan with Wireshark.
Network and Host Discovery Techniques with Nmap

OS Fingerprinting is Key to Exploiting a System0:36
The Nmap OS Fingerprinting and Version scans are powerful features of this tool. Let's learn how they work and when we should use them.
How OS Fingerprinting Works (And When it Won't)8:10
What is Version Discovery?3:40
Learning about a service version can help us to take inventory of the active services, or can help us to identify a possible vulnerability.
Using Verbosity in Nmap Output1:43
Verbosity will give us more detail in the output of an Nmap scan. This is a great option to know!
Exporting Nmap Results to a File1:27
Discovering OS Fingerprints and Service Versions with Nmap

What is the NSE?2:40
Learning NSE is both fun and awesome! It really helps us to level up our scans. Let's see how.
The Script Database3:35
Let's learn where the Nmap scripts are stored and how to update them.
Lab - NSE: The Default Scripts5:51
Lab - NSE: Banners and HTTP Scripts5:41
NSE: Practice, Practice, Practice1:39
Don't get lost in the weeds! Practice using these scripts and learning how they work. There are thousands of them. Find your favorites and learn them well.
Nmap Scripting Engine - Let's Test Our Knowledge!

Lab Setup - Metasploitable3:49
To go further and learn more NSE scripts, we need to install a vulnerable machine into our lab environment. This video talks about why we need to do this. Please use the link in this module to access a step-by-step walkthrough of how to set this up.
Lab - HTTP Enumeration - Finding Hidden Folders3:15
Let's learn how to use the http-enum script to enumerate a server that has an open http port.
Lab - Hacking FTP Logins6:08
Let's check to see if an FTP server supports anonymous logins, and if not, how to brute-force a username/password.
Lab - SMB Login Enumeration2:51
In this video we will use the SMB scripts to check for common user accounts.
Lab - NSE Vulnerability Scripts3:24
The "Vulners" script enables us to scan for service versions and will list possible CVE's that may work against the system to exploit it.
Lab - Scanning for TLS Certificates and Versions5:50
Scanning for TLS versions and certificates will help blue teams to tighten up older systems, as well as give red teams a possible attack vector.

Why Do This? Be careful!2:35
Let's learn about what Firewalls and IDS systems look for.
IP Fragmentation8:53
The IP Protocol is designed to allow for fragmentation, especially when passing through a network segment with low MTU's (assuming the DF bit is not set). Let's see how this looks in Wireshark
Spoofing IP Addresses6:36
Let's learn how to fake the source address we are originating from. If you cannot run this on your system, follow along with the included pcap file!
Using Decoys to Evade Detection7:05
Decoys will allow us to bury our true address in a sea of other spoofed ones. The good part about using this scan is that we will be able to receive a reply from the target.
Try to Avoid IDS Systems Altogether!1:40
Let's look at some best practices when performing active recon with Nmap.
Firewall/IDS Evasion and Spoofing Quiz

Requirements

No hacking experience needed. Fundamental experience with TCP/IP recommended.

Description

Welcome to this Nmap Ultimate Hands-On Course!

Nmap is a swiss army knife. You cannot go far as a hacker without it.

It belongs in the toolbox of every Cybersecurity professional, network engineer, penetration tester, ethical hacker, or SOC analyst.

The problem is that there are so many OPTIONS and SWITCHES to remember! What do they do? When do I use them? How can I remember them?

If you have ever felt that way when getting started with Nmap, this is the course for you. In this class there are a grand total of two powerpoint slides. Why? Because slides are boring. Instead, we will walk through several hands-on labs that will help you build your Nmap skills as you run each scan along with me.

But there is more.

With each scan, we are going to capture it with Wireshark and learn how it really works. Instead of just waiting for an output and hoping to understand what to do with it, we will be looking at the scan and responses from a target at the packet level. This will help us know and remember what we are putting out on the wire and what to do with the results we receive from the test.

My name is Chris Greer and I am a Wireshark University instructor, as well as a packet analysis consultant for companies all over the globe. Like you, I started out with a deep interest in cybersecurity and ethical hacking. Looking at Nmap scans in Wireshark helped me to understand them, remember them, and utilize them to find vulnerabilities in networks and servers.

Ready to SCAN? Let's get to it!

Who this course is for:

Beginner Ethical Hackers, Penetration Testers, SOC Analysts, Threat Hunters, and Network Engineers will all learn a foundational skill and critical tool for their toolbox!

Nmap for Ethical Hackers - The Ultimate Hands-On Course

What you'll learn

Explore related topics

Course content

Introduction to Nmap8 lectures • 21min

Getting help2 lectures • 5min

Core Nmap Skills - Basic Scans, Top 5 Commands8 lectures • 37min

Network and Host Discovery Techniques4 lectures • 16min

Interpreting Nmap Scan Results7 lectures • 25min

Beyond the Basics - Version and OS Fingerprinting5 lectures • 16min

Scan Timing and Performance3 lectures • 8min

Nmap Scripting Engine for Automating Scans5 lectures • 19min

NSE: Beyond the Basics6 lectures • 25min

Firewall/IDS Evasion and IP Spoofing5 lectures • 27min

Requirements

Description

Who this course is for: