In a real assessment, an agreement between the person or company that is reviewing the application and the application's owners is established. This is one of the first steps involved in detecting the services.

This task is usually carried out using Nmap (https://nmap.org/), which is a command-line tool that is used to detect ports and services running on a remote host. Using Nmap is not complicated; you can just type nmap on a command line to see all the different options we have, as shown in the following screenshot:

To perform a standard scan to a host, we can use the following command:

nmap -vv -sV -O -Pn -p0-65535 -oA nmap_[IP] [IP]  

This command integrates the next instructions:

• -vv: Execute the scan in verbose mode, showing more details about the execution, possible errors, and explanations about the issues detected
• -sV: The scanning method
• -O: Option to detect the operating system
• -p0-65535: The normal range for Nmap's scans is just the first 1,024 ports, but is important to scan all the range in order to discover possible hidden services
• -oA: Creates files with the scan output

In the following screenshot, we can see the output of the scan. This output will be stored in three files, for it to use with other applications:

Burp Suite cannot launch Nmap's scans, but it has an extension called Nmap parser, which reads the output generated by Nmap to use in our assessment. To install Nmap parser, go to the BApp Store, click on Install, and when the parser is installed, a new tab will appear in the Burp Suite window, as follows:

Click on Open Nmap .xml File and a window to add a file will be launched. Nmap created three files after the scan finished; one of them is an XML file. Just select the file and click on Open, as follows:

If any issue related with the application is detected during parsing, it will be notified to manually exploit it.