Nmap + Armitage: Fingerprint your victim network

Nmap + Armitage: Fingerprint your victim network

In the previous tutorial, we did set up Metasploitable and performed basic port scanning using Nmap. Here, we are going to use some advanced nmap options to better perform some advanced scanning. I will also introduce you to Armitarge ~ a GUI for the metasploit framework.

Let’s start with getting detection of the OS running on the target machine.

  • We type “nmap –O [ip adress] to see the OS”

As we can it gives the OS detail as Linux. Metasploitable is a linux based OS.

To scan the particular range of port type.

  • Nmap –p start-end [ip address].

It display the open ports within the given range.

If we want to see a particular service we can also do that.

  • Type nmap –p [service name] [IP address].

The results displays mysql service running on port 3306.

By default Nmap displays both open and closed ports. If we only want to see open ports available, we can do so.

  • Type “nmap –open [ip adress]”

As seen, it only displays the open ports.

If we want to save the Nmap results to a text file, we can do so.

  • Type “nmap –oN [filelocation] [ip address]”.

After scanning new file will be successfully created. In this case, it will be saved at the desktop folder.

We can see the results are stored in a plain text document.


Instead of using the terminal we can use the Armitage which is a GUI version of the metasploit framework.

  • Open the terminal and type “start postgresql start”.

Now click on the Armitage icon.

Now click on “connect”.

Click “yes”.

Here we can perform different type of scans. For this example we are going to select the OS detect scan.

Input the IP address and click OK.

The results of the scan is as shown above.

Leave a Reply

Your email address will not be published. Required fields are marked *