Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Nmap NSE net: firewalk
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Created
Created
Modified
Modified
Summary
Tries to discover firewall rules using an IP TTL expiration technique known as firewalking. The scan requires a firewall (or 'gateway') and a metric (or 'target'). For each filtered port on the target, send a probe with an IP TTL one greater than the number of hops to the gateway. The TTL can be given in two ways: directly with the 'firewalk.ttl' script argument, or indirectly with the 'firewalk.gateway' script argument. For 'firewalk.gateway', Nmap must be run with the '--traceroute' option and the gateway must appear as one of the traceroute hops. If the probe is forwarded by the gateway, then we can expect to receive an ICMP_TIME_EXCEEDED reply from the gateway next hop router, or eventually the target if it is directly connected to the gateway. Otherwise, the probe will timeout. As for UDP scans, this process can be quite slow if lots of ports are blocked by the gateway. From an original idea of M. Schiffman and D. Goldsmith, authors of the firewalk tool. SYNTAX: firewalk.ttl: value of the TTL to use. Should be one greater than the number of hops to the gateway. In case both 'firewalk.ttl' and 'firewalk.gateway' IP address are supplied, 'firewalk.gateway' is ignored. firewalk.gateway: IP address of the tested firewall. Must be present in the traceroute results.