Nmap in a Nutshell?

[Fyodor <fyodor () insecure org>]

Hi Guys,

A few publishers have contacted me about writing an Nmap book.  I
think this would make a valuable addition to the current (relatively
terse and not example-driven) Nmap documentation.  I hope to make much
or all of the book available on the Web too, although that is subject
to negotiation with publishers.

After some brainstorming, I have come up with two possible approaches.
I would certainly appreciate your input as to the type of book you
would buy and read.  Here are my ideas:

1) "Network Reconnaissance with Nmap" - This book describes how to
   conduct network security vulnerability assessments in stages,
   starting from just an organization's name and leading up to
   identifying their IP ranges, finding accessible machines,
   circumventing firewalls, defeating intrusion detection systems,
   enumerating open ports, identifying vulnerabilities, and finally
   exploiting the systems.  In carrying out these tasks, readers will
   learn how and when to use the most popular and effective free
   security tools, including the Nmap Security Scanner.  This book is
   platform-independent, covering Linux/UNIX, Windows, and Mac OS X.

2) "Nmap in a Nutshell" (actual title is publisher-dependent) - This
   book describes the Nmap Security Scanner in depth.  It covers the
   myriad of ping and port scanning methods along with relevant
   examples.  Everything from the pervasive SYN scan to the more
   obscure yet valuable methods such as Idle scan, ACK scan, and
   custom-flag scanning are included.  Hints are provided for
   optimizing Nmap scanning speed, circumventing firewalls, defeating
   IDS systems, remote OS detection, and more.  All the common
   platforms are covered, including the appropriate GUI frontends and
   performance/usage tips.  Particular effort is made to cover options
   and features which are presently undocumented or poorly understood.
   Solutions are provided for common tasks, such as parsing the XML
   (or normal) output, and sweeping a huge address space for a single
   port.

So the choices basically boil down to a book on vulnerability
assessment which happens to focus on Nmap (but uses many other open
source tools where appropriate), or a book on Nmap that provides
examples for using it in vulnerability assessments and other
situations where appropriate.

I would certainly appreciate your thoughts, as I plan to begin writing
this week.

In other news, I made some improvements to Insecure.Org.  The list
archive has been renamed to http://seclists.org .  I got sick of
typing out lists.insecure.org all of the time :).  Given this
depressed economy, I also added the SecurityFocus security-jobs list.
A Google searchbar has been added to the lower-left margin of each
Seclists.Org and Insecure.Org page.  I set it to provide the results
page (but not results themselves) in "h4xX0r sp34k", which will
probably get me a lot of flames :).  If I get too many complaints
about "unprofessionalism", I may just have to turn the search page
black and fill it with rotating skulls and flaming torch images :).

Cheers,
Fyodor



--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List archive: http://seclists.org