TUTORIAL: nmap (The Network Mapper)

Discussion in 'iOS Jailbreak & Cydia' started by mast3rpyr0, Jan 3, 2008.

  1. mast3rpyr0

    mast3rpyr0 New Member

    Joined:
    Dec 26, 2007
    Messages:
    104
    Likes Received:
    0
    Ive seen a couple threads of people asking about nmap for the ipod touch and after doing a bit of messing with source i finally found it. Heres how to get it.

    Installing nmap

    1) make sure you have a a jailbroken ipod/iphone. THIS IS THE MOST IMPORTANT STEP

    2) get the Term-vt100 package. This is a terminal like in most every OS.

    3) install the BigBoss Repository in your installer app(http://sleepers.net/iphonerepo)
    and wait for it to refresh

    4) go into the source folder in the install section and install the BigBoss community sources source package and wait for the refresh.

    5) go back into the source folder and install the All Source package and wait for the refresh.

    6) go into the network folder and scroll to the 'N's and select nmap <- SECOND MOST IMPORTANT STEP

    7) Not required but strongly recommended: Your installer app will now take a very long time to refresh source and its very cluttered. If you dont think you need anything else here are the source to delete:

    -iHebrew
    -Brasal(or something like this)
    -All under ModMyiFone.com, MobileStack Internal..., Meachware, Limited EditioniPhone,
    iPhones.RU, Imagine09, iBooks, German Source, Experimental Sources, Chris Miles Repository, CedSoft (beta), Business Software, BigBoss's Repository, Audio, AtestFrenchiPhone.com, Apogee LTD, Other Sources, (Aloha..Something) Uncategorized, and Weiphone.

    PLEASE LET ME KNOW IF I MISSED ANY SOURCE TO REMOVE OR IF THERE ARE SOME THAT SHOULD NOT HAVE BEEN REMOVED(I CANNOT BE HELD RESPONSIBLE FOR ANYTHING THAT MAY HAPPEN WHEN REMOVING THESE SOURCES.)

    Using nmap

    nmap is run via the terminal app (Term-vt100) on th iTouch.

    Showing all the command options

    Code:
    [I]nmap[/I]
    
    Nmap 4.52 ( http://insecure.org )
    Usage: nmap [Scan Type(s)] [Options] {target specification}
    TARGET SPECIFICATION:
      Can pass hostnames, IP addresses, networks, etc.
      Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
      -iL <inputfilename>: Input from list of hosts/networks
      -iR <num hosts>: Choose random targets
      --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
      --excludefile <exclude_file>: Exclude list from file
    HOST DISCOVERY:
      -sL: List Scan - simply list targets to scan
      -sP: Ping Scan - go no further than determining if host is online
      -PN: Treat all hosts as online -- skip host discovery
      -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
      -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
      -PO [protocol list]: IP Protocol Ping
      -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
      --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
      --system-dns: Use OS's DNS resolver
    SCAN TECHNIQUES:
      -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
      -sU: UDP Scan
      -sN/sF/sX: TCP Null, FIN, and Xmas scans
      --scanflags <flags>: Customize TCP scan flags
      -sI <zombie host[:probeport]>: Idle scan
      -sO: IP protocol scan
      -b <FTP relay host>: FTP bounce scan
      --traceroute: Trace hop path to each host
      --reason: Display the reason a port is in a particular state
    PORT SPECIFICATION AND SCAN ORDER:
      -p <port ranges>: Only scan specified ports
        Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
      -F: Fast mode - Scan fewer ports than the default scan
      -r: Scan ports consecutively - don't randomize
      --top-ports <number>: Scan <number> most common ports
      --port-ratio <ratio>: Scan ports more common than <ratio>
    SERVICE/VERSION DETECTION:
      -sV: Probe open ports to determine service/version info
      --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
      --version-light: Limit to most likely probes (intensity 2)
      --version-all: Try every single probe (intensity 9)
      --version-trace: Show detailed version scan activity (for debugging)
    SCRIPT SCAN:
      -sC: equivalent to --script=safe,intrusive
      --script=<Lua scripts>: <Lua scripts> is a comma separated list of 
               directories, script-files or script-categories
      --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
      --script-trace: Show all data sent and received
      --script-updatedb: Update the script database.
    OS DETECTION:
      -O: Enable OS detection
      --osscan-limit: Limit OS detection to promising targets
      --osscan-guess: Guess OS more aggressively
    TIMING AND PERFORMANCE:
      Options which take <time> are in milliseconds, unless you append 's'
      (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
      -T[0-5]: Set timing template (higher is faster)
      --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
      --min-parallelism/max-parallelism <time>: Probe parallelization
      --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
          probe round trip time.
      --max-retries <tries>: Caps number of port scan probe retransmissions.
      --host-timeout <time>: Give up on target after this long
      --scan-delay/--max-scan-delay <time>: Adjust delay between probes
    FIREWALL/IDS EVASION AND SPOOFING:
      -f; --mtu <val>: fragment packets (optionally w/given MTU)
      -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
      -S <IP_Address>: Spoof source address
      -e <iface>: Use specified interface
      -g/--source-port <portnum>: Use given port number
      --data-length <num>: Append random data to sent packets
      --ip-options <options>: Send packets with specified ip options
      --ttl <val>: Set IP time-to-live field
      --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
      --badsum: Send packets with a bogus TCP/UDP checksum
    OUTPUT:
      -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
         and Grepable format, respectively, to the given filename.
      -oA <basename>: Output in the three major formats at once
      -v: Increase verbosity level (use twice for more effect)
      -d[level]: Set or increase debugging level (Up to 9 is meaningful)
      --open: Only show open (or possibly open) ports
      --packet-trace: Show all packets sent and received
      --iflist: Print host interfaces and routes (for debugging)
      --log-errors: Log errors/warnings to the normal-format output file
      --append-output: Append to rather than clobber specified output files
      --resume <filename>: Resume an aborted scan
      --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
      --webxml: Reference stylesheet from Insecure.Org for more portable XML
      --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
    MISC:
      -6: Enable IPv6 scanning
      -A: Enables OS detection and Version detection, Script scanning and Traceroute
      --datadir <dirname>: Specify custom Nmap data file location
      --send-eth/--send-ip: Send using raw ethernet frames or IP packets
      --privileged: Assume that the user is fully privileged
      --unprivileged: Assume the user lacks raw socket privileges
      -V: Print version number
      -h: Print this help summary page.
    EXAMPLES:
      nmap -v -A scanme.nmap.org
      nmap -v -sP 192.168.0.0/16 10.0.0.0/8
      nmap -v -iR 10000 -PN -p 80
    SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
    
    A basic scan returning basic information on open ports and the services running on them

    Code:
    [I]nmap <target_ip>(e.g. nmap 127.0.0.1)[/I]
    
    Starting Nmap 4.52 ( http://insecure.org ) at 2008-01-03 04:53 Eastern Standard Time
    
    Interesting Ports on localhost (127.0.0.1):
    Not Shown 1709 close ports
    PORT    STATE  SERVICE
    22/tcp   open     ssh
    80/tcp   open     http
    
    Nmap done: 1 IP address (1 host up) scanned in 18.881 seconds
    
    If it says your host is offline

    Code:
    [I]nmap -P0 <target_ip>[/I]
    
    Same output as above
    
    Show OS information (success rate is low)

    Code:
    [I]nmap -A <target_ip>[/I]
    
    displays a bit more information about the services running on open ports and a really long TCP/IP fingerprint.
    
    Combine as many options as you want.

    Hope this helps.
  2. tag009

    tag009 Member

    Joined:
    Sep 27, 2007
    Messages:
    797
    Likes Received:
    7
    Device:
    iPhone 4 (Black)
    I have the app, I just don't know how to use it. Maybe u could give a small tutorial on how to run it please?because, unless I'm missing something its not showing up anywhere so I guess we run it with terminal.
  3. Theliel

    Theliel New Member

    Joined:
    Sep 17, 2007
    Messages:
    107
    Likes Received:
    1
    if you dont know that is nmap, then you dont need nmap.
  4. mast3rpyr0

    mast3rpyr0 New Member

    Joined:
    Dec 26, 2007
    Messages:
    104
    Likes Received:
    0
    does that help any tag?
  5. Angelic

    Angelic New Member

    Joined:
    Dec 31, 2007
    Messages:
    40
    Likes Received:
    7
    Is the nmap installer gone?
  6. dragonology7

    dragonology7 New Member

    Joined:
    Dec 22, 2007
    Messages:
    51
    Likes Received:
    0
    Im not sure my prob related to this or not.but, if it does, can u help me pls..
    my school's wifi is open but it needs me to login first using putty (when i'm using laptop).and, the prob is, how can i connect to Host Ip using vt100? teach me if u know how...

    p/s: sorry for my bad english
  7. mast3rpyr0

    mast3rpyr0 New Member

    Joined:
    Dec 26, 2007
    Messages:
    104
    Likes Received:
    0
    what is the command you use to login? is it using ssh?

    It shouldn't be. Did you follow the tutorial exactly? After getting the BigBoss repo did you continue to get the other 2 you need? go through "All apps" folder in the installer and see if you can find it there
  8. Virtualball

    Virtualball Well-Known Member

    Joined:
    Nov 23, 2007
    Messages:
    1,118
    Likes Received:
    63
    Ugh. ENOUGH WITH THE USELESS TUTORIALS! People who need to use UNIX commands already know about them. People who have only used jailbreakme.com to get NES on their phones will not need to know this. Why should there be a topic on this? What's next, the cd command, or how about the daring man command? Oh, I know! otool!

    Please Register or Log in to view images

  9. mast3rpyr0

    mast3rpyr0 New Member

    Joined:
    Dec 26, 2007
    Messages:
    104
    Likes Received:
    0
    this tutorial was created to show how to install it, As the first sentence says many people were asking about it. Some one asked how to use it so i added some howto onto it as well. There are some people that want to learn things you know...
  10. dragonology7

    dragonology7 New Member

    Joined:
    Dec 22, 2007
    Messages:
    51
    Likes Received:
    0
    nevermind.. someone teach me already how to connect using term-vt100.anyway, thanks

Share This Page