Am!NeS0Ft's blog » linux security

Metasploit Framework 3.3 Released!

abdessmed mohamed amine — Thu, 19 Nov 2009 17:39:14 +0000

We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs were fixed since last year’s release of version 3.2, making this one of the more well-tested releases yet.

FOR DOWNLOAD

framework-3.3-linux-i686.run 35,434,869 bytes (34M)	Linux 32-bit installer including all dependencies.
framework-3.3-linux-x86_64.run 36,635,297 bytes (35M)	Linux 64-bit installer including all dependencies.
framework-3.3.tar.bz2 22,614,595 bytes (22M)	Unix tar format for installing on all other operating systems.

Posted in Linux, linux security Tagged: Metasploit Framework 3.3 Released!

Dr.Web® anti-virus for Linux (GUI based)

abdessmed mohamed amine — Mon, 28 Sep 2009 12:30:47 +0000

Dr.Web Security Suite for Unix Appliance and Dr.Web® anti-virus for Linux (GUI based) is a group of modular solutions that can be installed on appliances running Unix-family (Linux/FreeBSD/Solaris(x86) operating systems. The solutions work as a corporate Internet-gateway – a proxy-server used to provide access to the Internet to intranet users.

Depending on your licensing scheme and the set of selected plugins solutions of Dr.Web Security Suite for Unix Appliance can perform the following tasks:
process incoming and outdoing mail and filter out viruses and spam;
scan http and ftp traffic for viruses;
detect and remove any malicious objects;
parse e-mails and analyze each component of a message;
filter e-mail according to white and black lists;
process correctly archived files of most known formats including multi-volume and self-extracting (SFX) archives;
notify recipients or other selected users on results of scanning using templates ensuring that provided information is easy to read
collect statistics regarding all activities of the system;
protect its own plug-ins against failures.
Benefits
Dr.Web means its own technologies and anti-virus laboratory
Dr.Web anti-virus technology has been developed since 1992 and is owned by Doctor Web.
here are few anti-virus vendors in the world with their own technologies for detecting and curing malware, a virus monitoring service and an analytical laboratory. It provides a rapid response to latest threats and allows solving any problems of customers in a few hours.

Large enterprise network experience
Dr.Web solutions for small and medium-sized companies and large corporate networks with dozens of thousands of computers have been developed and improved since 1992. The State Duma of Russia, its Defense and Foreign ministries FSB (Federal Security Service) and many other enterprises, educational institutions and research departments trust anti-virus solutions from Doctor Web.

Openness of the solutions
As usual, Doctor Web makes its contribution to development of open source anti-virus products. Solutions included in Dr.Web Security Suite for Unix Appliance have an unlimited potential for expanding their functionality. Virtually any user with a sufficient skill can implement a desired feature using the source code and the SDK supplied with the software.

Exceptional scalability
Dr.Web Security Suite for Unix Appliance can perfectly suite needs of a small company with just one e-mail server and meet the unlimited e-mail filtering requirements of transnational telecoms or Internet service providers, Its efficiency, flexibility of settings and capability of filtering huge volumes of e-mail traffic “on-the-fly” can comply even with highest demands.

Optimal configuration
Configuration of servers with preinstalled Dr.Web Security Suite for Unix Appliance is the result of thorough optimization. Solutions match requirements of a customer perfectly. Flexible licensing system allows a company to pay only for functionality it is going to use. A server based on Dr.Web Security Suite for Unix Appliance is a high-performance solution at a best price.

Reliable protection
State-of-the art technologies ensure high-speed scan of traffic that doesn’t after Internet access speed and runs unnoticed by users. The solutions feature latest Dr.Web technologies that sheilf user machines from malware and spam. Automatic updating system allows maintaining a high level of security.

High productivity and stable operation
Multi-thread scan feature enables Dr.Web Security Suite for Unix Appliance processing simultaneously large amounts of data. Well-designed modular structure makes it impossible for an attacker to disable a solution. Well-known low system requirements of Dr.Web products allow running them on any server hardware.

Easy installation
Dr.Web Security Suite for Unix Appliance fully complies with the “plug and play” principle making installation and maintenance extremely easy even for an inexperienced user. The installation procedure was designed to exclude any possible configuration errors by staff and reduces time of deployment to several minutes. Installation of an appliance doesn’t affect configuration of computers in a corporate network.

Flexible configuration and easy administration
Dr.Web Security Suite for Unix Appliance allows implementing any protection scheme tailored to the security policy of your company. The solutions have flexible configuration system so virtually any required set of rules can be created by a system administrator. All actions related to the network security are logged. The logged data can be used to analyze network health and pinpoint vulnerabilities. The convenient user alert system that issues virus warnings and notifies a user upon loading of a web-page containing malicious code will assist you in conforming to the security policy of your company.

Frequent updating
An add-on to the Dr.Web virus database is released when new entries are added as often as several times per hour. Hot add-ons are released immediately after a new threat has been analyzed. The global virus monitoring network delivers latest samples of viruses from all over the world. Users retrieve updates from several servers located on different parts of the globe.

for downloads Dr.Web in linux , unix and mac OSx

1) linux

The product protects workstations running Linux.

Supported OSs
All Linux distributions with glibc-2.2 to 2.7 (32-bit only).

Licensed components
Console scanner for Unix.
GUI module for Linux.
Automatic updating utility.

Dr.Web Daemon (drwebd) is not included.

to download click here

2) unix

Dr.Web Mail Gateway (Unix)

The product protects mail-traffic directed through a proxy-server under Unix.

Supported OSs
Linux ( glibc 2.2 and higher).
FreeBSD 5.x, 6.x.
Solaris 10 (Intel only).

Licensed components
Dr.Web Daemon – anti-virus daemon that processes scan and curing requests.
Dr.Web Smtp-proxy module.
The basic part of the program, monitoring and external interaction utilities.
Automatic updating utility.
Console scanner Dr.Web for Unix.
SDK for development of extra plugins.

to download click here

Dr.Web for Unix mail servers (MailD-based)

The product protects traffic of mail servers under Unix.

Supported OS and mail systems
Linux (glibc 2.2 and higher), FreeBSD 5.x, 6.x, Solaris 10 (Intel only).
CommuniGate Pro, Courier MTA, Exim, Postfix, QMail, Sendmail, ZMailer.

Licensed components
Dr.Web Daemon – processes scanning and curing requests.
A set of anti-virus filters for Sendmail, Qmail, Postfix, Communigate Pro, Exim, Courier MTA, ZMailer.
The basic part of the product, the monitoring and external interaction utilities.
Automatic updating utility.
Console scanner Dr.Web for Unix.
SDK for development of extra plugins.

to download click here

to get more info and downloads please visite www.download.drweb.com

have fun

Posted in BSD, Linux, linux security, linux server, mac OS, ubuntu, unix Tagged: Dr.Web® anti-virus for Linux (GUI based)

Dr.Web LiveCD !

abdessmed mohamed amine — Mon, 28 Sep 2009 11:54:19 +0000

Dr.Web LiveCD is a software product that features a standard Dr.Web scanner.

Dr.Web LiveCD is an anti-virus emergency aid disk that would restore a system that became non-operational due to activities of malware and help copy important information to a removable data-storage device or to another computer. If a workstation or a server running Windows\Unix won’t boot from a hard drive, Dr.Web LiveCD will clean a system of suspicious and malicious files and will also try to cure infected objects

How does it work?

Download the image of Dr.Web LiveCD.
Wirte the image to a CD or DVD. If you use Nero Burning ROM you need to do the following:
- Insert a blank CD/DVD into your CD/DVD drive
- Click on the “File” menu and select “Open”
- Browse through the folders to the location of the image file and select it.
- Press the “Burn” button and wait while the file is being written to the disk
Make sure that the CD/DVD drive or any other device with Dr.Web LiveCD is set as the first boot device.
As loading starts a dialogue window will prompt you to choose between the standard and safe mode.
Use arrow keys to select a desired mode and press [Enter]:
- In order to use the scanner with the GUI choose Dr.Web LiveCD (Default)
- If you’d like to start the scanner using the command line (console) select Dr.Web LiveCD (Safe Mode)
- Choose Start Local HDD, if you want to boot from the hard drive instead of Dr.Web LiveCD
- Select Testing Memory to launch the Memtest86+ utility
If Dr.Web LiveCD (Default) is selected, all available disk drives will be detected automatically. The operating system will also try to connect to the local network if available.
When the system is loaded, check disks or folders you want to scan and press Start
You can also contact the support service of Doctor Web if you need extra help. Fill out a support-request form on the web site of the company
The Midnight Commander file manager is used to work with files you need to copy to a safe location
If the operating system failed to configure access to your network, you can do it manually using Networks Configure Manager. Start->Settings->Networks Configure manager

For more information about Dr.Web LiveCD read the Dr.Web LiveCD user manual

Download Dr.Web LiveCD

Posted in Linux, linux security Tagged: Dr.Web LiveCD

Install Guest Additions for a better VirtualBox experience

abdessmed mohamed amine — Sun, 20 Sep 2009 03:37:11 +0000

In my default setup of Windows XP, on my particular Ubuntu 9.04 box, the installation of Windows XP rendered a perfectly usable desktop with 32 bit colors in 800×600 resolution. This resolution, of course, is not ideal for some situations (such as Full Screen mode). In order to get a higher resolution, along with other features, you have to install Guest Additions. This is a simple process that can be done quickly and yields a much better user experience than the default. So…let’s get to the installation.

Figure 1

Before you attempt to do the installation of the guest additions you have to have your virtual machine up and running. Once that VM is running you will see three menu entries at the top of the window: Machine, Devices, and Help. You want to click on the Devices entry and then click the Install Guest Additions entry (see Figure 1).

What you will see is a warning message instructing you that the Guest Additions CD image could not be found. Fear not, this is normal. Click Yes in order to download the image and then Download to confirm. You will see a progress bar at the bottom left of your VM window.

When that download has finished you will be asked if you want to Mount the image. Click the Mount button to reveal the Sun xVM setup wizard. Click Next in the welcome screen which will take you to the license agreement window. Click the I Agree button (and read the license if you feel so inclined.)

Figure 2

What you are now doing is a fairly straightforward Windows application-like installation. The only “gotcha” during installation will be a warning that the software did not pass the Windows Logo testing. Ignore this warning and click Continue Anyway. Your screen will flicker for a second – don’t worry.

You will see this warning another time when it attempts to install software for the pointing devices.

After that warning the installation will complete and, in typical Windows fashion, you will be required to reboot your virtual machine. Do this. When the reboot completes you will find your virtual machine much easier to work with. Now:

You no longer have to capture the mouse pointer.
You can set your resolution to a much higher level.
You can now copy and paste between guest and host operating systems.
You can run Windows in seamless mode.

Seamless mode

Figure 3

Seamless mode is a very interesting trick. What this does is take the elements of Windows out of the VM window and layer them on top of your Linux desktop.

As you can see, in Figure 3, with seamless mode activated all Windows applications have their own window. So in this instance Internet Explorer appears to be running on Linux by itself. And the Windows task bar is resting nicely on top of the GNOME panel.

You toggle between seamless and non-seamless mode by pressing the Hot Key and the “L” key. The default Hot Key is the right Ctrl key.

Final thoughts

This is truly some exciting work. With the help of VirtualBox you can, effectively, have your cake and eat it too (as the saying goes.) Work with Windows applications inside of Linux without needing the help of Wine.

Posted in BSD, Linux, linux security, linux server, mac OS, unix Tagged: Install Guest Additions for a better VirtualBox experience

Install And Use Metasploit Framework 3.2 on Linux {Exclusive}

abdessmed mohamed amine — Sun, 20 Sep 2009 03:12:00 +0000

Metasploit is an application that is used to research the security in your network. The Administrators can test their networks that is made by them. What Their network is found the weakness or not. Many exploit type and payload Who can be used on Metasploit. You are able to use Metasploit on Linux operating system

Download metasploit here
copy metasploit file to root or home directory
open the terminal
$ cd / $ sudo su # tar xzfv framework-3.2 # cd framework-3.2
in directory framework-3.2, there is 2 selection using metasploit
- ./msfconsole using metasploit console mode
  # cd / # cd framework-3.2 # ./msfconsole
- ./msfweb using metasploit web mode
  # cd / # cd framework-3.2 # ./msfwebUsing metasploit on web mode, you have to open your mozilla and go to url http://127.0.0.1:55555/, if your status is offline, please select file | select Work Offline on your Mozilla Firefox.
- have fun

Posted in Linux, linux security, linux server Tagged: Install And Use Metasploit Framework on Linux

10 More Hacking and Security Software Tools for Linux

abdessmed mohamed amine — Sun, 20 Sep 2009 02:45:58 +0000

I noticed that our list of hacking and security software tools for Linux was not enough so I figured out that I should add some more. But before anything else, thank you to those who commented the last time and shared their favorite hacking programs. –I’ve included some of those that you’ve mentioned on this new list for others to know about.

Now without any more delay, here’s our latest compilation of hacking and security tools for Linux:

* Ettercap

Ettercap is a console-based network sniffer/interceptor/logger that is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Ettercap also has the ability to actively or passively find other poisoners on the LAN.

* Nikto

Nikto is a web server scanner that is known to perform comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. It performs generic and server type specific checks. It also captures and prints any cookies received.

* OpenSSH

OpenSSH is a Free and Open Source version of the SSH connectivity tools providing encrypted communication sessions over a computer network. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

* Aircrack-ng

Aircrack-ng is a wireless tool and password cracker. It is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs.

* Tripwire

Tripwire is a security and data integrity tool that is useful for monitoring and alerting on specific file change(s) on a range of systems. Used with system files on a regular basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.

* Metasploit Framework

Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit-building demo.

* THC Hydra

THC (The Hacker’s Choice) Hydra uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more.

* Dsniff

Dsniff is suite of powerful network auditing and penetration-testing tools and utilities that includes code to parse many different application protocols and extract interesting information. The information that can be obtained from this sniff application are: usernames and passwords, web pages being visited, contents of email, etc.

* RainbowCrack

RainbowCrack is a password hash cracker that makes use of a large-scale time-memory trade-off. It differs from “conventional” brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.

* rkhunter

rkhunter scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Posted in BSD, Linux, linux security, linux server, unix Tagged: 10 More Hacking and Security Software Tools for Linux

Set your hostname in Linux

abdessmed mohamed amine — Mon, 14 Sep 2009 18:55:02 +0000

If you are an administrator then you know what a hostname is. If you are not an administrator then you should know the hostname of a computer is the name which a network attached device is known. Unless you have manually changed your hostname, or set it up during installation, your hostname will most likely be “localhost.localdomain”.

Hostnames are most often used for administrative habits. In other words hostnames will show up in some scanning applications, can be used for name to IP address resolution, and much more. But to make this useful you will have to manually set your hostname on your Linux machine. This article will show you just how to do that.

Find your hostname

The most common means to find your host name is to open up a terminal window and enter the command:

hostname

If you have not set your hostname, more than likely you will see returned:

localhost.localdomain

A quick and easy way to spot if you have not changed your hostname is to check when you open up your terminal window. At your bash prompt you will see something like:

[jlwallen@localhost ~]$

As you can see a portion of the hostname (everything preceding the first “.”) will be used in your prompt. In the example you see above you see “localhost” which should tell you the hostname has not been changed.

Temporarily changing your hostname

You can temporarily change your hostname by issuing a single command. You have to issue this command either using sudo or as the root user. To make this change you will use the same command you used to find out your hostname, only you will include the new hostname to the command. Say you want to change your hostname to “willow”. To make this change temporarily issue the command:

hostname willow

Now issue the command hostname which should report back:

willow

This change will last until you reboot your machine.

Permanently changing your hostname

How you permanently change your hostname will depending upon which distribution you use. We’ll examine making this change on both a Ubuntu system and a Fedora system. First Ubuntu.

On a Ubuntu system there is a file called /etc/hostname. The contents of this file will have a single line containing the hostname of your machine. Open up this file in your favorite editor, delete the default hostname, add your desired hostname, and save the file. To make this chang take effect issue the command:

/etc/init.d/hostname.sh start

This hostname will remain intact upon reboot.

Now to change your hostname in Fedora. This is taken care of in the /etc/sysconfig/network file. The default contents of this file will look like:

NETWORKING=yes
HOSTNAME=localhost.localdomain

Erase the “localhost.localdomain” portion and change that to reflect the hostname you want. Once you have made this change save the file. Once you have made this change issue the following command (as the root user):

/etc/rc.d/rc.sysinit

For the change to take effect.

Final thoughts

With your hostname changed applications like Lanmap will now be easier to use because machines will have unique names. This change will also make administering your systems easier because you will have set machine hostnames to reflect either the user of the machine or the machines’ job.

Posted in Linux, linux security, linux server Tagged: Set your hostname in Linux

Map your network with Lanmap

abdessmed mohamed amine — Mon, 14 Sep 2009 18:48:24 +0000

This morning I needed a visual representation of my local Lan in order to find out what machines were associated with what IP addresses. For this task I used a tool that has come in handy on a number of occasions. That tool? Lanmap. Lanmap is a command-line only tool available for Ubuntu that will monitor your network and compose a 2D image of your network. This image will include information about your machines as well as packets sent and MAC addresses. The tool is incredibly handy to have around.

I will warn you: The creator of Lanmap has dropped this application in leiu of creating a much more robust Lanmap-2. Unfortunately Lanmap-2 is not complete so Lanmap one will have to be used until 2 is complete. Fortunately Lanmap is still in the Ubuntu repositories so installation is a snap. And once installed, Lanmap is equally as easy to use.

Installing Lanmap

As stated earlier, Lanmap is only available for Ubuntu (and Debian-based) systems. Most likely, if you use apt-get, you can install Lanmap. Of course you don’t have to install via command line, but if you want to just issue the command:

sudo apt-get install lanmap

This command will prompt you for a Y or N to install the requirements. Click “y” (no quotes) and hit enter. Lanmap will install quickly and you’ll be ready to map.

If you want to install via GUI tool open up your Add/Remove Software utility (found in the Applications menu in GNOME), do a search for “lanmap” (no quotes), select the resulting lanmap entry, and click Apply. Once you “okay” the dependencies the installation will be off and running.

Using Lanmap

Lanmap is a command line tool that generates an image. The structure of the command is:

lanmap -i INTERFACE -r INTERVAL -T IMAGE_TYPE DIRECTORY_TO_STORE_IMAGE

Here are the specifics:

INTERFACE: The interface you want to use to listen to your network. Typically this will be in the form of eth0. You can use all without using the -i switch to listen on all interfaces.
INTERVAL: This sets the interval (in seconds) between two consecutive graph generations (default being 60).
IMAGE_TYPE: The type of image file you want to generate. The only supported types are: png, svg, and gif.
DIRECTORY_TO_STORE_IMAGE: Where you want to store the image file.

So if I want to scan my network with all interfaces and create a png image I would issue the command:

lanmap all -r 30 -T png ~/

Figure 1

The resulting map (I am currently writing on a far smaller network with machines that are not broadcasting their hostnames. You can see the IP addresses and MAC addresses of course (see Figure 1).

You can see one machine (at IP address 192.168.1.10) is broadcasting as “UBUNTU SERVER”, but outside of that, no hostnames are showing up. This is not really a problem at this size of a network. On a larger network I would hope more machines will show up with their hostnames. This, of course, will depend upon your network setup.

Final thoughts

I have used plenty of applications to create network maps that range from too many bells and whistles to too few features. Lanmap ventures close to the latter, but offers just enough features to make it not only useable but useful. Give Lanmap a try, I think you’ll find it as helpful a tool for your networking toolkit as I do.

Posted in BSD, Linux, linux security, linux server, unix Tagged: Map your network with Lanmap

Firewall with iptables using mac address filtering in linux !

abdessmed mohamed amine — Sat, 29 Aug 2009 10:41:20 +0000

There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables has the option to do it.

From the man page of iptables:

Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

You may want to insert this line in you firewall script.

iptables -A INPUT -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

This way the packets comming from the network element with the MAC address 00:11:2f:8f:f8:f8 will be denied.

That is if you want to block the incoming packets to the firewall, but the blocked machine may still be able to send packets across the firewall, so to block those packets, you may want to add also this line.

iptables -A FORWARD -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

Posted in linux security, linux server Tagged: Firewall with iptables using mac address filtering in linux

Nmap – How To : Scan Hosts Of Networks For Open Ports !

abdessmed mohamed amine — Sat, 29 Aug 2009 10:29:20 +0000

Nmap is a wonderful tool specially for debugging, there are lots of times when you need to know if a port is open in a server, or maybe blocked by a firewall, or just to test your iptables rules.

Here we will learn how to use it at the command line, and using its GUI front end, nmapFE and Knmap.

Introduction

Well, so what does nmap does?

From the man page:

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

As you can see it is a really useful Linux tool.

Command Line

How to use it

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS: TCP SYN scan
-O: Enable Operating System detection

sudo nmap -sU 127.0.0.1

-sU: UDP ports scan

sudo nmap -sS -O -p 20-25 127.0.0.1

-sS: TCP SYN scan
-p 20-25: Scan on ports 20 to 25

sudo nmap -sS -F 127.0.0.1

-sS: TCP SYN scan
-F: Fast (limited port) scan

you can check the long nmap man page

man nmap

Graphical interfaces

nmap Front End (nmapFE)

This is one of its front ends to install it run:

For Fedora / Centos

sudo yum install nmap nmap-frontend

For Debian / Ubuntu

sudo aptitude install nmapfe

On target you put the IP or IPs you want to scan, select the scan type, if you want TCP SYN, UDP, Connect scan, or other, the most used are SYN and UDP if you want to scan for UDP ports. Also select the scanned ports, you can scan the default ones, All, fast (only the ports in nmap-services file).

Select if you want to use the discovery option, if you want to ping and which type of ping you want to use to discover network nodes if you have specified an IP range to scan.

Useful if you want to send the output to a file.

Lots of other tools, if you want you can enable verbosity of debugging, and if you want IPv6 support.

KDE Nmap (knmap)

To install it

For Fedora download the rpm here

then run:

sudo rpm -ivh [downloaded package]

For Debian / Ubuntu

sudo aptitude install knmap

Its interface has divided the options in a very convenient way, in the common options you will see the target IPs, the port range and if you want it to resolve names.

Here you select if you want to scan all ports, perform a fast scan, IPv6 support, Operating System detection, verbose, and other options.

In compound options, you will find a lot more options to play with, you can select which interface to use, which IP, and even if you want to spoof your Mac address!

Ping and scan options is like the discover and the scan tabs of nmapFE together.

Conclusion

Nmap is a must have tool for network and security administrators, also the GUI front ends are good and easy ways to use them, and also to learn how to use them, because you can discover new applications, and with nmapFE you can see the command that is going to be executed, another good point for knmap is that it has the possibility to save profiles, with all the options you have enabled, so your next scan is easier.

Posted in BSD, Linux, linux security, linux server, unix Tagged: nmap - how to scan hosts of networks for open ports, nmap-command-graph-front-end-port-scan