A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Nmap is a powerful network scanning tool used by penetration testers to discover open ports, services running on those ports, and potential vulnerabilities in those services. To find potentially vulnerable services on a corporate lab network, the penetration tester should use Nmap's vulnerability scanning capabilities.
The correct answer to the question is option B: nmap 192.168.1.1-5 "PA22-25,80". The "PA" option specifies a port scan and identifies services based on their response to specific probes. This scan will return open ports 22-25 and 80, and attempt to identify potential vulnerabilities in those services.
Option A uses the "PU" option, which scans for UDP ports. This may not be relevant in this scenario if the penetration tester is looking for vulnerable TCP services.
Option C uses the "PS" option, which scans for TCP SYN ports. This will only return open ports and will not attempt to identify potential vulnerabilities.
Option D uses the "Ss" option, which performs a SYN scan on the specified ports. Similar to option C, this will only return open ports and will not attempt to identify potential vulnerabilities.
In summary, the "PA" option is the most appropriate for a vulnerability scan in this scenario, and option B is the correct answer.