{"id":26417694,"url":"https://github.com/compcode1/nmap-macbook-analysis","last_synced_at":"2025-09-03T03:40:36.294Z","repository":{"id":280068401,"uuid":"940893208","full_name":"Compcode1/nmap-macbook-analysis","owner":"Compcode1","description":"This project was conducted to assess the security posture of a MacBook Air by leveraging Nmap scanning techniques. The goal was to analyze how different security configurations impact network visibility and exposure. By performing multiple scans under varying conditions, we were able to observe the role of macOS firewall settings and services.","archived":false,"fork":false,"pushed_at":"2025-03-01T02:18:18.000Z","size":32,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-18T01:15:48.504Z","etag":null,"topics":["firewall-configuration","nmap"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Compcode1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-01T02:12:25.000Z","updated_at":"2025-03-01T02:22:11.000Z","dependencies_parsed_at":"2025-03-01T03:29:54.052Z","dependency_job_id":null,"html_url":"https://github.com/Compcode1/nmap-macbook-analysis","commit_stats":null,"previous_names":["compcode1/nmap-macbook-analysis"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Compcode1/nmap-macbook-analysis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fnmap-macbook-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fnmap-macbook-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fnmap-macbook-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fnmap-macbook-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Compcode1","download_url":"https://codeload.github.com/Compcode1/nmap-macbook-analysis/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fnmap-macbook-analysis/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273386663,"owners_count":25096247,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-03T02:00:09.631Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall-configuration","nmap"],"created_at":"2025-03-18T01:15:50.532Z","updated_at":"2025-09-03T03:40:36.266Z","avatar_url":"https://github.com/Compcode1.png","language":"Jupyter Notebook","readme":"This project was conducted to assess the security posture of a MacBook Air by leveraging Nmap scanning techniques. The goal was to analyze how different security configurations impact network visibility and exposure. By performing multiple scans under varying conditions, we were able to observe the role of macOS firewall settings, remote services, and stealth scanning techniques in system security.\n\n**Key Phases \u0026 Findings**\n\n1️⃣ Baseline Scan (Firewall Enabled, All Services Enabled)\nObjective: Identify open ports and services while the firewall was enabled.\nFindings:\nFewer ports were detected than expected.\nThe firewall actively blocked Nmap’s ability to see some services.\nOS detection reported macOS 12 Monterey, despite the system running macOS Sonoma 14.6.1, highlighting limitations in network fingerprinting.\n\n2️⃣ Firewall Disabled Scan (All Services Still Enabled)\nObjective: Determine the firewall’s impact by running the scan again with the firewall turned off.\nFindings:\nAdditional ports and services were revealed, confirming the firewall’s role in filtering traffic.\nServices such as SSH (22), AirTunes (5000, 7000), and VNC (5900) became visible.\nSMB and NetAssistant services appeared, further expanding the attack surface.\n\n3️⃣ Re-Enabling Firewall While Keeping Services Active\nObjective: See if the firewall’s protection would once again obscure certain services.\nFindings:\nThe firewall successfully hid many ports again.\nHowever, some services (AirTunes, VNC) remained detectable, likely due to their specific configurations.\n\n4️⃣ Stealth Scan with Nmap SYN Scan (-sS -Pn -T4)\nObjective: Test how stealth scanning techniques impact visibility.\nFindings:\nStealth scanning revealed only two open ports (5000 and 7000) instead of the broader set detected in previous scans.\nThis indicates that macOS firewall settings and TCP handshake behavior limit visibility to more subtle scan types.\nA stealth scan would likely bypass simple intrusion detection systems (IDS) that only log full TCP connections.\nConclusion \u0026 Takeaways\nmacOS Firewall is highly effective at reducing network exposure.\n\nWith the firewall on, many services remained hidden from external scans.\nWhen disabled, additional services were immediately detected.\nNmap OS fingerprinting is not always accurate.\n\nmacOS was misidentified as Monterey 12 instead of Sonoma 14.6.1, due to how Apple implements network stack responses.\nStealth scanning techniques significantly reduce detection.\n\nA SYN scan (-sS) identified only two ports, showing that even when services are open, certain scans might not detect them.\nThe attack surface can be minimized by disabling unnecessary services.\n\nFeatures like AirTunes, VNC, and SSH expose remote access points.\nIf remote access is not needed, these services should be disabled for better security.\nFinal Thoughts\nThis project demonstrated how Nmap can be used to analyze a system’s security posture under different configurations.\nBy systematically modifying security settings and observing the results, we gained insight into:\n\nThe effectiveness of the firewall in blocking connections.\nThe impact of stealth scanning in network reconnaissance.\nHow open services contribute to potential attack surfaces.\nWhile this project focused on local network scanning, similar techniques can be applied to larger-scale cybersecurity assessments, including penetration testing, vulnerability scanning, and enterprise security auditing.\n\nSuggested Next Steps (For Future Exploration): ✅ Investigate Nmap scripting engine (NSE) for vulnerability scanning.\n✅ Experiment with IPv6 scanning techniques (nmap -6).\n✅ Use a packet analyzer (Wireshark) to monitor network traffic while scanning.\n✅ Automate periodic scans with Python for continuous monitoring.\n\n**Project Complete 🎯**\n\nThe experiment successfully mapped the attack surface, tested firewall effectiveness, and analyzed scan evasion techniques.\nBy applying these findings, security posture can be significantly improved through firewall enforcement, service minimization, and stealth detection awareness.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompcode1%2Fnmap-macbook-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcompcode1%2Fnmap-macbook-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompcode1%2Fnmap-macbook-analysis/lists"}