Use NMAP as a Information gathering tool

• Share on Facebook
• Share on StumbleUpon
• Share on Delicious
• Share on Digg
• Share This!

Usually we use NMAP as a port scanner to find open port of web-server, But with help of this Tool we can also gather Information about victim using NMAP script. In this tutorial we use NMAP to gather information.

(1) Use NMAP to determine I.P. Address of victim:- NMAP include two scripts in his database.

nmap --script ip-geolocation-* host-name

As we can see that it show co-ordinate & location of our target.

(2)Use NMAP as Whois Tool:- Following Command is used to find whois information about victim

nmap --script whois host-name

(3)Use NMAP for Email Harvesting:- There are two script for email harvesting.

• Http-google-email
• http-email-harvesting

Http-email-harvesting is official repository in nmap . But if you want to use Google webs & Google Group to find Email then you should Download Http-google-email from here.

Use Following command to find email Address

nmap -p80 --script http-email-harvest host-name

(4)Use NMAP as Brute Force DNS:- DNS recor contain useful information about website. There are many tools available for this purpose , But you can also use nmap for simple DNS Brute Force Attack.

Use Following command

nmap -p80 --script dns-brute host-name

(5)Discovering Additional Host-name:- we can find additional host which has same I.p. Address using simple nmap script. It can help us to find web-application which hosted on same I.p. Address.

Download this nse script from here.

You can aslo use following script code

nmap --script http-robtex-reverse-ip --script-args http-robtex-reverse-ip.host='ip'