Escaneo avanzado de servicios y OS

Una vez identificado el host con los puertos que contiene, lo que podremos hacer es con un script de nmap identificar la informacion de cada puerto sin ser detectado por las herramientas de IDS.

sudo nmap -sV -n -p21,22,80 192.168.20.128

Info:

Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-04 04:22 EST
Nmap scan report for 192.168.20.128
Host is up (0.00044s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.2
22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    Apache httpd 2.4.7 ((Ubuntu))
MAC Address: 00:0C:29:30:9B:3A (VMware)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.52 seconds

Ahora si queremos realizar un escaneo de forma silenciosa, para detectar que sistema operativo es, podremos hacerlo de la siguiente forma:

sudo nmap -O -n -p22,80 --scan-delay 5 192.168.20.128

Info:

Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-04 04:24 EST
Nmap scan report for 192.168.20.128
Host is up (0.00042s latency).

PORT   STATE SERVICE
21/tcp open  ftp
22/tcp open  ssh
80/tcp open  http
MAC Address: 00:0C:29:30:9B:3A (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds