mailing list archives
Nmap in a Nutshell?
From: Fyodor <fyodor () insecure org>
Date: Mon, 27 Oct 2003 20:50:02 -0800
A few publishers have contacted me about writing an Nmap book. I
think this would make a valuable addition to the current (relatively
terse and not example-driven) Nmap documentation. I hope to make much
or all of the book available on the Web too, although that is subject
to negotiation with publishers.
After some brainstorming, I have come up with two possible approaches.
I would certainly appreciate your input as to the type of book you
would buy and read. Here are my ideas:
1) "Network Reconnaissance with Nmap" - This book describes how to
conduct network security vulnerability assessments in stages,
starting from just an organization's name and leading up to
identifying their IP ranges, finding accessible machines,
circumventing firewalls, defeating intrusion detection systems,
enumerating open ports, identifying vulnerabilities, and finally
exploiting the systems. In carrying out these tasks, readers will
learn how and when to use the most popular and effective free
security tools, including the Nmap Security Scanner. This book is
platform-independent, covering Linux/UNIX, Windows, and Mac OS X.
2) "Nmap in a Nutshell" (actual title is publisher-dependent) - This
book describes the Nmap Security Scanner in depth. It covers the
myriad of ping and port scanning methods along with relevant
examples. Everything from the pervasive SYN scan to the more
obscure yet valuable methods such as Idle scan, ACK scan, and
custom-flag scanning are included. Hints are provided for
optimizing Nmap scanning speed, circumventing firewalls, defeating
IDS systems, remote OS detection, and more. All the common
platforms are covered, including the appropriate GUI frontends and
performance/usage tips. Particular effort is made to cover options
and features which are presently undocumented or poorly understood.
Solutions are provided for common tasks, such as parsing the XML
(or normal) output, and sweeping a huge address space for a single
So the choices basically boil down to a book on vulnerability
assessment which happens to focus on Nmap (but uses many other open
source tools where appropriate), or a book on Nmap that provides
examples for using it in vulnerability assessments and other
situations where appropriate.
I would certainly appreciate your thoughts, as I plan to begin writing
In other news, I made some improvements to Insecure.Org. The list
archive has been renamed to http://seclists.org . I got sick of
typing out lists.insecure.org all of the time :). Given this
depressed economy, I also added the SecurityFocus security-jobs list.
A Google searchbar has been added to the lower-left margin of each
Seclists.Org and Insecure.Org page. I set it to provide the results
page (but not results themselves) in "h4xX0r sp34k", which will
probably get me a lot of flames :). If I get too many complaints
about "unprofessionalism", I may just have to turn the search page
black and fill it with rotating skulls and flaming torch images :).
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help () insecure org . List archive: http://seclists.org
- Nmap in a Nutshell? Fyodor (Oct 28)