In today’s digital world, cybersecurity is one of the most in-demand fields. With cyberattacks becoming more sophisticated, organizations are constantly looking for skilled professionals who can protect their systems and data. If you’re aspiring to build a career in cybersecurity, one of the fundamental skills you need to master is port scanning.
Port scanning is a technique used to identify open ports and services on a target system. It’s like knocking on doors to see which ones are open. By understanding port scanning, you can assess the security posture of a system, identify vulnerabilities, and take steps to secure it. In this article, we’ll explore how port scanning can help you achieve a cybersecurity career, and we’ll walk you through a hands-on tutorial using three popular tools: Nmap, RustScan, and Naabu.
Why Port Scanning Matters in Cybersecurity
Before diving into the tools, let’s understand why port scanning is so important in cybersecurity:
- It helps in identifying vulnerabilities. Open ports can be entry points for attackers. By scanning for open ports, you can identify potential vulnerabilities and secure them before they’re exploited.
- It provides network mapping. Port scanning helps you map out a network, understand its structure, and identify devices and services running on it.
- It is considered a pre-requisite of penetration testing. Ethical hackers and penetration testers use port scanning to simulate attacks and test the security of a system.
- It helps in compliance and auditing. Many organizations need to comply with security standards. Port scanning helps auditors ensure that systems are configured securely.
- It can help in forensics. During a security breach, port scanning can help identify how an attacker gained access and what systems were compromised.
By mastering port scanning, you’ll gain a skill that’s essential for roles like Security Analyst, Penetration Tester, Network Administrator, and Ethical Hacker.
Tools for Port Scanning
There are many tools available for port scanning, but we’ll focus on three powerful and widely used ones.
- Nmap: The most popular and versatile port scanning tool.
- RustScan: A fast and modern port scanner written in Rust.
- Naabu: A lightweight and fast port scanner designed for simplicity.
Let’s dive into each tool, learn how to install them, and perform basic port scanning.
Nmap: The Swiss Army Knife of Port Scanning
Introduction to Nmap
Nmap (Network Mapper) is the go-to tool for port scanning. It’s open-source, cross-platform, and packed with features. Nmap can scan for open ports, detect services, identify operating systems, and even perform vulnerability detection.
Installing Nmap on Linux
Most Linux distributions come with Nmap pre-installed. If it’s not installed, you can easily install it using the package manager. We can run below commands for that
| sudo apt updatesudo apt install nmap |
After installation, let us see how this works. For reference, we have opened a few ports on the target server. For example,
Then, enable the firewall so that the rules are applied properly. Make sure to enable necessary ports otherwise access will be blocked.
| sudo ufw enable |
Basic Port Scanning with Nmap
Let’s say you want to scan a target system with the IP address xx.xx.xx.xx. Here’s how you can do it.
Simple Port Scan
Below command scans the 1,000 most common ports on the target system.
Scan All Ports
Below command scans all 65,535 ports on the target.
Service Detection
We can also try detection of running services on these ports
OS Detection
We can attempt to identify the operating system of the target.
Nmap is incredibly versatile, and these are just the basics. As the person progresses in his/her cybersecurity career, he/she learns more advanced Nmap techniques with different use-cases.
RustScan: The Fast and Modern Port Scanner
Introduction to RustScan
RustScan is a relatively new tool that’s gaining popularity for its speed. Written in Rust, it’s designed to scan all 65,535 ports in seconds. RustScan is ideal for quick scans and can be integrated with other tools like Nmap for deeper analysis.
Installing RustScan on Linux
RustScan can be installed using Docker or by downloading the binary. Lets go with the docker approach in this tutorial. First install docker
| apt install docker.io |
Then install RustScan using below command
| docker pull rustscan/rustscan:latest |
To run it against a target, you need to run below command again and again
| docker run -it –rm –name rustscan rustscan/rustscan:latest <rustscan arguments here> <ip address to scan> |
So what we can do is create an alias for it and then modify it according to our requirement. i.e.
| alias rustscan=’docker run -it –rm –name rustscan rustscan/rustscan:latest’ |
To verify, if our alias was set fine. We can check using below command
Now we can run the scan easily. For example, a basic scan can be performed using the below command.
| rustscan –addresses 165.22.0.157 -t 500 -b 500 — -A |
-A enables aggressive mode in Nmap (service/version detection, OS detection, script scanning).
RustScan’s speed makes it a great tool for initial reconnaissance, especially when time is critical. An important point to note here is that RustScan gave us 1 port open while nmap gave us all the open ports. This is why you try different tools in reconnaissance and you spend more time in this phase so that you can collect as much information as you can for later phases. If one will use only one tool and leave the others, one may not get the proper result.
Naabu: The Lightweight Port Scanner
Introduction to Naabu
Naabu is a fast and simple port scanner developed by ProjectDiscovery. It’s designed for ease of use and integrates well with other tools in the ProjectDiscovery ecosystem. Naabu is perfect for quick scans and can handle large networks efficiently.
Installing Naabu on Linux
Naabu can be installed using Go or by downloading the pre-built binary. Let’s install go first using below command
| apt install golang-go |
Then install pre-requisite as mentioned here
| sudo apt install -y libpcap-dev |
Then we can install our tool using below command
| go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest |
Add this in your path.
- Confirm the path
| echo $HOME/go/bin |
- Then add it in your path
Verify installation using below command
Basic Port Scan
We can perform basic scan using below command
| naabu –host 165.22.0.157 |
Similarly,
We can also use -p – in the command to scan all the ports. e.g.
| naabu -p – -host 165.22.0.157 |
Similarly, we can exclude the ports if we want to using below command
| naabu -p – -exclude-ports 80,443 -host <host-here> |
Naabu’s simplicity and speed make it a great choice for quick scans and large-scale reconnaissance.
How Port Scanning Can Help
Here are few points regarding its importance
- Port scanning is a foundational skill in cybersecurity. It’s often one of the first steps in penetration testing and vulnerability assessment.
- Proficiency in tools like Nmap, RustScan, and Naabu will make you confident in the interviews.
- Many cybersecurity certifications, like CEH (Certified Ethical Hacker) and CompTIA Security+, include port scanning as part of their curriculum.
Practicing Ethically
While port scanning is a valuable skill, it’s important to use it ethically. Consider below points
- Always get explicit permission before scanning a system. Unauthorized scanning can be illegal and unethical.
- Set up a lab environment using virtual machines to practice port scanning safely.
Conclusion
Port scanning is a critical skill for anyone pursuing a career in cybersecurity. By mastering tools like Nmap, RustScan, and Naabu, you’ll be well-equipped to identify vulnerabilities, secure systems, and protect organizations from cyber threats. Whether you’re just starting out or looking to advance your career, port scanning is a skill that will serve you well.
So, fire up your Linux terminal, install these tools, and start practicing. The more you experiment and learn, the closer you’ll get to achieving your cybersecurity career goals.
Leave a Reply