Port scanning
Get started with port scanning and probe your systems with Nmap – the bread and butter of pentesting.
If you were, hypothetically, going to hack a machine, or indeed if you wanted to check the security of a machine under your control, the first thing you might do is see what services it is running. An internet-facing machine may be running a web server (such as Apache or Nginx), some variant of SSH (Secure Shell, for remote textual logins), a database (such as MariaDB, but it shouldn’t be accessible from the outside world) or any number of other more obscure services. Devices on your (or someone else’s) LAN (which on the whole shouldn’t be accessible from the internet at large) might be running print servers, file sharing (such as a NAS box), Internet of Things (IoT) gateways or anything else you’d care to name or run. These services all work by listening on a particular port and waiting for clients to connect.
A web server is often used to serve public websites, and so doesn’t need any kind of explicit authentication mechanism. But, in general, most other services should be locked down to prevent any kind of unauthorised access. This is often done by limiting access to particular IP addresses, some kind of public key or certificate infrastructure, or good old-fashioned usernames and passwords. But we’re getting ahead of ourselves. If we want to see (without prior knowledge) what services are running on a given machine, we perform what is known as a port scan. That is, we attempt to initiate a connection to some of all of its ports.