Skip to content

btown91/nmap-labs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

2 Commits
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

nmap-labs

๐Ÿ› ๏ธ Nmap Practice Lab โ€“ Localhost Scans

๐Ÿ–ฅ๏ธ Environment

  • Device: My own laptop
  • Operating System: Ubuntu
  • Network: Guest Wi-Fi (isolated)
  • Target: 127.0.0.1 (localhost)

All scans were performed against 127.0.0.1, the loopback interface of my own machine. This ensures the lab is safe, ethical, and legally compliant.

๐Ÿ” Scans Performed

1. ๐Ÿ”น Basic Port Scan

nmap 127.0.0.1

Purpose: Scans the top 1000 most common TCP ports to find which are open.

Result Summary:

  • Discovered 1 open port (631/tcp โ€” IPP)

2. ๐Ÿ”น Service Version Detection

nmap -sV 127.0.0.1

Purpose: Identifies services running on open ports and attempts to determine their version.

Result Summary:

  • Port 631: CUPS 2.4 printing service detected

3. ๐Ÿ”น Default Scripts + Service Detection

nmap -sV --script=default 127.0.0.1

Purpose: Runs default scripts based on detected ports and services. These scripts gather metadata such as:

  • HTTP titles
  • SSL certificates
  • Robots.txt entries

Result Summary:

  • Port 631: Detected CUPS web interface
  • Retrieved robots.txt and title info
  • Displayed self-signed SSL certificate metadata

4. ๐Ÿ”น Full Port Scan (optional/longer)

nmap -p- 127.0.0.1

Purpose: Scans all 65,535 TCP ports to detect services running on uncommon ports.

Result Summary:

  • No unexpected ports found beyond port 631

5. ๐Ÿ”น OS Detection (Fingerprinting)

sudo nmap -O 127.0.0.1

Purpose: Attempts to identify the operating system of the target by analyzing subtle differences in how it responds to network probes.

Why Use sudo?
The -O (OS detection) feature often needs root privileges to send and analyze low-level TCP/IP packets for accurate fingerprinting.

Result Summary:

  • OS detection was attempted but may have been unreliable due to limited port availability
  • Nmap typically needs at least one open and one closed port to make an accurate OS guess
  • On 127.0.0.1, results may be vague (e.g., "Linux-based OS (general purpose)")

๐Ÿ“ Output Files

All full scan results are saved in:

localhost-scan.txt

Use the -oN flag to generate the file:

nmap -sV --script=default 127.0.0.1 -oN localhost-scan.txt

(Optional: Save other outputs to localhost-os-detect.txt, localhost-p-all.txt, etc.)

๐Ÿง  Reflections

This mini-lab taught me:

  • Nmap can gather detailed service metadata even on local-only services
  • Loopback scans are a safe and useful way to learn about local services
  • The --script=default option dynamically runs scripts based on detected ports and services
  • OS detection with -O can provide high-level system info, but needs more open/closed ports to be accurate

โš ๏ธ Safety Note

This lab was conducted entirely on my own machine using the loopback IP (127.0.0.1).
No unauthorized devices or public IPs were scanned.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published