3

- Base Metric Group, - Temporal Metric Group, - Environmental Metric Group

- Base Metric Group

- Exploitability Metric Group, - Impact Metric Group

- Attack Vector ( A.V. ), - Attack Complexity ( A.C. ), - Privileges Required ( P.R. ), - User Interaction ( U.I. )

- Confidentiality Impact ( C ), - Integrity Impact ( I ), - Availability Impact ( A )

Attack Vector ( A.V. ) :, - Network ( N ), - Adjacent ( A ), - Local ( L ), - Physical ( P )

Attack Complexity ( A.C. ) :, - Low ( L ) , - High ( H )

Privileges Required ( P.R. ) :, - None ( N ), - Low ( L ) , - High ( H )

User Interaction ( U.I. ) :, - None ( N ), - Required ( R )

Scope ( S ) :, - Unchanged ( U ), - Changed ( C )

Confidentiality Impact ( C ) :, - High ( H ), - Low ( L ), - None ( N )

Integrity Impact ( I ) :, - High ( H ) , - Low ( L ), - None ( N )

Availability Impact ( A ) :, - High ( H ), - Low ( L ) , - None ( N )

Exploit Code Maturity ( E ) :, - Not Defined ( X ), - High ( H ), - Functional ( F ) , - Proof-of-Concept ( P ), - Unproven ( U )

Remediation Level ( R.L. ) :, - Not Defined ( X ), - Unavailable ( U ), - Workaround ( W ) , - Temporary Fix ( T ), - Official Fix ( O )

Report Confidence ( R.C. ) :, - Not Defined ( X ) , - Confirmed ( C ) , - Reasonable ( R ) , - Unknown ( U )

Security Requirements ( C.R. , I.R. , A.R. ) :, - Not Defined ( X ), - High ( H ), - Medium ( M ) , - Low ( L )

Modified Base Metric, - Modified Attack Vector ( M.A.V. ), - Modified Attack Complexity ( M.A.C. ), - Modified Privileges Required ( M.P.R. ), - Modified User Interaction ( M.U.I. ), - Modified Scope ( M.S. ), - Modified Confidentiality ( M.C. ), - Modified Integrity ( M.I. ), - Modified Availability ( M.A. )

0.0

0.1 - 3.9

4.0 - 6.9

7.0 - 8.9

9.0 - 10.0

- A vulnerability with Base metric values of, , - “Attack Vector: Network, , - Attack Complexity: Low,, - Privileges Required: High,, - User Interaction: None, , - Scope: Unchanged, , - Confidentiality: Low, , - Integrity: Low, , - Availability: None” , - and no specified Temporal or Environmental metrics

- Encoded as %20 or +.

- Encoded as %22.

- Encoded as %3C.

- Encoded as %3E.

- Encoded as %3F.

- Encoded as %2F.

- Encoded as %26.

- Encoded as %23.

- Encoded as %5B.

- Encoded as %5D.

- Encoded as %7B.

- Encoded as %7D.

- Encoded as %7C.

- Encoded as %5E.

- Encoded as %7E.

- Encoded as %60.

- Encoded as %21.

- Encoded as %24.

- Encoded as %27.

- Encoded as %28.

- Encoded as %29.

- Encoded as %2A.

- Encoded as %2C.

- Encoded as %3B.

- Encoded as %3D.

- Encoded as %2B.

- Encoded as %3A.

- Nmap is a free network scanning tool used to discover hosts and services on a network by analyzing responses to various packets and requests.

Penetration testers and network administrators will use Nmap to discover machines on a network and their open ports, running services, operating systems, and a wealth of other useful information.

- This depends on your jurisdiction. In many places, the answer is no, not without prior permission from the owner of the site or network.

Nmap is a tool used for scanning and enumeration. Hackers and penetration testers use the information gathered to see what the available attack surface is. However, there are a great number of NSE scripts that can perform such actions as password brute forcing, checking for backup and configuration files, searching for remote file inclusion (RFI) vulnerabilities, and testing default credentials.

- A basic scan of a single IP address is as easy as: nmap <ip> This will return if the host is up and responding to ping, what ports are open, and what services are running on them. More complex commands can be found in the cheat sheet above.

- The long answer is, it depends on your jurisdiction. The short answer is, probably not and you shouldn’t do it. Even if it isn’t illegal where you live, it will most certainly violate Google’s terms of service.

- Firewalls can block access to ports, which would indeed block Nmap. Nmap does have flags to attempt to evade firewalls and intrusion detection systems, which we have listed in the cheat sheet above.

- After you have installed Nmap on your host system, an over-ambitious antivirus program may flag it as malicious. So long as you have downloaded it from the official Nmap website, it is safe to have installed.

- Nmap has several optional services which can attempt to bypass firewalls and spoof its scans.

- Nmap has many NSE scripts designed to brute force different services and logins. Depending on the login portal, there may be a relevant script to do so. More realistically, Nmap would be used to enumerate the network, and one of many free programs better suited to WiFi hacking would be used afterward.

- Nmap has many brute force scripts which will automate password login attempts on various services, such as MySQL, Telenet, and POP3. This may provide a quick win, but password attacks are better handled by tools dedicated to that purpose, such as THC Hydra.

- Fortunately, even the more complex Nmap scans display their results in a clear and easy-to-follow manner. You also have the ability to output the data in various forms, including as an XML or grepable file (see the Output section for details).

- nmap 192.168.1.1

- nmap 192.168.1.1 192.168.2.1

- nmap 192.168.1.1-254

- nmap scanme.nmap.org

- nmap 192.168.1.0/24

- nmap-iL targets.txt, - iL

- nmap -iR 100, - iR

- nmap --exclude 192.168.1.1, --exclude

- nmap 192.168.1.1 -sS, -sS

- nmap 192.168.1.1 -sT, -sT

- nmap 192.168.1.1 -sU, -sU

- nmap 192.168.1.1 -sA, -sA

- nmap 192.168.1.1 -sW, -sW

- nmap 192.168.1.1 -sM, -sM

- nmap 192.168.1.1-3 -sL, -sL

- nmap 192.168.1.1/24 -sn, -sn

- nmap 192.168.1.1-5 -Pn, -Pn

- nmap 192.168.1.1-5 -PS22-25,80, -PS

- nmap 192.168.1.1-5 -PA22-25,80, -PA

- nmap 192.168.1.1-5 -PU53, -PU

- nmap 192.168.1.1-1/24 -PR, -PR

- nmap 192.168.1.1 -n, -n

- nmap 192.168.1.1 -p 21, -p

- nmap 192.168.1.1 -p 21-100, -p

- nmap 192.168.1.1 -p U:53,T:21-25,80, -p