student@hack3rs:~$ cat exposure-audit-lab-nmap-ndiff.md
Exposure Audit Lab with Nmap and Ndiff (Defensive Validation)
Practice safe defensive scanning and drift comparison using Nmap and Ndiff to validate what a lab system is exposing and what changed over time.
prerequisites
- $Use only systems and networks you own or are explicitly authorized to test.
- $Basic familiarity with networking and logs.
- $Willingness to document evidence and assumptions.
1. Lab Goal and Ethics
This lab teaches defensive exposure validation only on systems you own or are explicitly authorized to scan. The goal is to build a repeatable audit workflow, not to probe random internet hosts.
Begin with a clearly scoped target (one VM or one small lab subnet) and a purpose: inventory validation, firewall check, or service-change comparison.
Document the exact command and timing so you can compare results later and explain expected scanner traffic to anyone reviewing logs.
2. Baseline, Change, Compare
Run a baseline Nmap scan and save the output. Then change one thing in the lab (start/stop a service, change a firewall rule, or alter reachability). Run the same scan again and compare with Ndiff.
The key learning outcome is not the raw scan output. It is learning to explain what changed, why it changed, and whether the result matches intended configuration or drift.
Validate one result manually (curl, nc/ncat, service log review) so you practice treating scan output as evidence to confirm, not absolute truth.
3. Operational Habits to Practice
Create a simple scan log with date, operator, target, purpose, command, and findings. This habit scales into real environments and improves communication with operations teams.
Learn to choose the least intrusive scan that answers your question. A targeted port check often teaches more than a heavy scan when you are practicing basics.
Link this lab to threat pages on exposed services and vulnerability exploitation so scanning is learned as part of risk reduction, not as a standalone activity.
exposure-audit-lab-checklist
- $Define target, scope, and purpose before scanning.
- $Save baseline scan output in a reusable format.
- $Make one controlled change and rescan with the same command.
- $Use Ndiff to explain the delta clearly.
- $Validate one key finding manually and document it.
how-to-workflow
- Define the authorized target, purpose, and scope of the exposure audit.
- Run and save a baseline Nmap scan using a repeatable command.
- Make one controlled lab change (service or firewall behavior).
- Run the same scan again and compare with Ndiff.
- Validate one changed result manually (for example with curl or nc/ncat).
- Document the delta, explanation, and defensive next action.