Flashcards - M4: Scanning & Enumeration
Published on January 19, 2025
What are the primary scan types offered by Nmap?
SYN (Half-Open) Scan, Connect Scan, UDP Scan, Stealth Scan, Xmas Scan, Null Scan, FIN Scan.
What does a “stealth scan” aim to achieve?
It avoids detection by not completing the full TCP handshake, creating fewer logs on the target system.
Define “banner grabbing.”
Sending requests to services to extract software version info from banners, helping identify vulnerabilities.
What is a ping sweep?
A technique to discover live hosts by sending ICMP echo requests to multiple IP addresses.
What is SNMP enumeration?
Using SNMP to gather system info (processes, software) via default or poorly secured community strings.
Name one tool for Windows host enumeration.
NetBIOS tools (e.g., nbtstat), Windows “net” commands, or third-party tools like Hyena.
Why is enumeration critical in ethical hacking?
It reveals deeper info about services, user accounts, shares, and system details needed to plan attacks.