Authorized Enumeration Lab

Basic Nmap Practice

A beginner-friendly guide for observing web ports, service behavior, HTTP headers, and evidence collection against the BlackStride Cyber Lab only.

Start Lab Steps Read Scope

Scope

Stay controlled, focused, and ethical.

This lab is for authorized learning only. The goal is to understand how basic enumeration works, how defenders document what is exposed, and how to write clear observations without exaggerating risk.

Not allowed: brute force, credential testing, exploit payloads, full-port scans, vulnerability scripts, aggressive scanning, hidden endpoint guessing, or scanning third-party systems.

Lab Guide

Basic Nmap scan workflow

Use these steps to observe safely and collect evidence for a beginner-friendly finding.

Step 1

Set the target

Use a variable so your commands are clear and consistent.

export TARGET=blackstridecyberlab.online

Step 2

Resolve the domain

Identify the public IP address behind the hostname.

nslookup $TARGET

Step 3

Inspect HTTPS headers

Review browser-facing headers before scanning ports.

curl -I https://$TARGET

Step 4

Scan web ports only

Check common web-facing ports. Keep the scan limited.

nmap -Pn -p 80,443 $TARGET

Step 5

Show scan reasoning

Use reason output to understand how Nmap reached its result.

nmap -Pn --reason -p 80,443 $TARGET

Step 6

Light service detection

Use light version detection for class demos to reduce scan time.

nmap -sV --version-light -p 80,443 $TARGET

Step 7

Save evidence

Create an evidence folder and save your scan output.

mkdir -p evidence

Step 8

Export scan results

Save Nmap output for your lab report.

nmap -Pn -p 80,443 -oN evidence/nmap-web-ports.txt $TARGET

Step 9

Write one finding

Document what you observed, why it matters, and how to improve it.

Finding = Evidence + Risk + Fix

Submission Format

Write one clean enumeration finding

Good documentation is more important than running many commands.

Finding Title

Name the observation clearly.

Example: Only Web Ports 80 and 443 Are Exposed

Evidence

Paste the exact command and relevant output.

nmap -Pn -p 80,443 blackstridecyberlab.online

Why It Matters

Explain what the result means in simple language.

The public lab exposes web services only, which is expected for this target.

Recommended Fix

Recommend a practical defensive action.

Continue limiting public exposure and monitor logs for repeated probing.