How to use Nmap Version Detection Scan

I wrote about the importance of OS fingerprinting using Nmap, xprobe2, or p0f in an earlier post as good methods for OS fingerprinting (See How to Conduct OS Fingerprinting). In addition to OS fingerprinting, it is also important to fingerprint the services that are open on the system (in this example Metasploitable). Because, if an we can identify the versions of the services running on specific target machines, we can then learn which exact vulnerabilities to exploit. Each and every service has unique vulnerabilities. When an exact service is determined, it’s really easy to research what they are.

Below I demonstrate the Nmap Version detection scan (“Service,” n.d.) using a VirtualBox NAT Network: Kali Linux IP address 10.0.2.15 and Metasploitable-2 10.0.2.4. To learn how to setup a VirtualBox NAT Network see my post How to Create a VirtualBox NAT Network for Testing.

Nmap Version Scan

In this example, we run a default Nmap scan with Nmap’s version detection option -sV. Not only does Nmap identify details about the services running but it also provides more information about the OS and identifies it correctly as Metasploitable.

$ sudo nmap -n -T4 10.0.2.4

Compare the above scan to a default Nmap scan below without the version detection option. Nmap’s version detection option (-sV) gives a lot more information and can be added to any scan.

$ sudo nmap -n -T4 -sV 10.0.2.4


About the Author

David Zwickl, MSci., CISSP, CEH, has spent over 20 years in information assurance and cybersecurity for companies such as RSA Security and Cisco Systems in a variety of roles. Dave holds a Master’s degree in Information Assurance with a Cybersecurity Specialization from Regis University in Denver Colorado. Regis University’s School of Computer & Information Sciences, designated as a National Center of Excellence in Information Systems Security Education (CAE/IAE) by the National Security Agency (NSA) and the Department of Homeland Security (DHS). Dave is active in industry associations ISSA, OWASP, CSA, among others.

Resources

Service and version detection.  (n.d.).  Retrieved October 15, 2017 from https://nmap.org/
book/man-version-detection.html

Leave a Reply

Your email address will not be published. Required fields are marked *