This topic contains 1 reply, has 2 voices, and was last updated by Dump-ster-Fire 2 weeks, 6 days ago.
- April 21, 2021 at 5:23 am #385555
I’ve seen a lot of post about people saying they’ve done their first ever nmap/port scanning session and talked about what they did and found and what not. I understand this is kind of like the first step into hacking so I was wondering if that’s why so many people make a post about it.
I’m new and havent done anything like that yet but have been thinking of doing one soon but I just wanted to ask if it was illegal cuz I’ve seen a few different answers to this question. Thanks!
- April 21, 2021 at 5:23 am #385556
ALMOST no, but slightly more complex as legal things almost always are.
- April 21, 2021 at 5:23 am #385557
### Inappropriate Usage
Because of the slight risk of crashes and because a few black hats like to use Nmap for reconnaissance prior to attacking systems, there are administrators who become upset and may complain when their system is scanned. Thus, it is often advisable to request permission before doing even a light scan of a network.
Nmap should never be installed with special privileges (e.g. suid root). That would open up a major security vulnerability as other users on the system (or attackers) could use it for privilege escalation.
Nmap is not designed, manufactured, or intended for use in hazardous environments requiring fail- safe performance where the failure of the software could lead directly to death, personal injury, or significant physical or environmental damage.
- April 21, 2021 at 5:23 am #385558
As /u/Dump-ster-Fire said. More importantly, don’t do anything without authorization. You can setup your own home lab with VM’s to play with, stand up Amazon EC2 instances, which no longer require pentest authorization forms (do read the ToS regarding denial of service and other things though), or use a site that allows it (some CTF/labs, and http://scanme.nmap.org/)
- April 21, 2021 at 5:23 am #385559
It depends on where you are and where the computers being scanned are.
As a general rule, it’s not illegal but some easily offended system/network administrators can get upset if you do it.
If you want to learn, set up your own lab environment and scan your own machines, so you can see what the scans look like from the perspective of the machine that scans and the machine that’s being scanned.
- April 21, 2021 at 5:23 am #385560
its more of a grey area, because it can be intrusive. granted you probably wont immediately get arrested and hauled off to jail for a scan, but you will probably receive a nasty letter in the mail asking you to stop or legal actions will be taken.
- April 21, 2021 at 5:23 am #385561
You must be logged in to reply to this topic.