Hello, is there an option when you finish with the Linux / Windows system Delete any trace for NMAP use without deleting the feature And if so I delete the software whether it deletes leftovers in the system or need to do further action
@bbgavish said: > Hello, is there an option when you finish with the Linux / Windows system > Delete any trace for NMAP use without deleting the feature > And if so I delete the software whether it deletes leftovers in the system or need to do further action Not really, no. It’s very complex and would vary massively by OS. If you mean from the system you’ve been scanning, then you need to consider quite complex anti-forensics measures and would rely heavily on there being no monitoring/SIEM in place. If you mean from the system you’ve used to run the scan, then still no. But this time you’d need to clean lots of different locations. For example, Windows has several locations where the executable would be recorded and running it is likely to generate an Event ID 4688 in the Security log (which is hard to selectively delete). Even if you uninstall nmap, you aren’t removing evidence that it ran.