Learning network scanning with nmap and netcat in Kali Linux.

Setup VirtualBox

Install VirtualBox v6 or later. Download and install Extension Pack and import it in Tools/Preferences/Extensions

Create a NAT network in Tools/Preferences/Network. For this exercise I named it natscan (rename it if it creates a default name)

Setup Kali Linux

Go to Kali Linux and download the image for VirtualBox. Import the image to VBox.

In the settings (System/Processor):

  • Increase the CPUs and RAM.
  • Set CPUs to 2 and RAM to 4048MB.

In Display:

  • Set Enable 3D Acceleration.

In Network:

  • Adapter 1. Attached to NAT. Change to NAT Network. In Name, select natscan from the dropdown.
  • Adapter type. Select one of the Server options.

Setup shared folder host/guest in Kali VM:

  • Enter the default user/pwd: kali/kali
  • On Kali’s logo menu top left go to Settings/Display, change resolution to 1920x1080
  • On Kali’s Virtualbox menu go to Devices/Shared Folders/Shared Folder Settings. Select Machine Folders and add a folder. Select path on the host computer and/or create a folder (such as Documents/kali/) which will be shared with the Kali guest. Select Auto-mount and Make Permanent then click OK.
  • On Kali’s terminal add Kali’s user to the vboxsf group: sudo usermod -a -G vboxsf kali
  • Create a file in the shared folder in Kali /media/sf_kali/ to see that is shared with the host: touch /media/sf_kali/it_works.txt then navigate to the host Documents/kali and the txt file should appear there.

Setup a vulnerable machine

Here is a list of options provided by Rapid 7 for places where to find vulnerable machines for your lab. More here

Import the VM and change the Network Adapter to the NAT Network created. In this case natscan. Select the same adapter type as the one in Kali VM. Then headless start the VM.

Use nmap to scan the network

More details in man nmap. Nmap (Network Mapper) is a tool for network exploration and security auditing. It can scan large networks to find hosts, services, OS versions, firewalls, etc. The output is a list of scanned targets including port,