Here are few points to remember before conducting a scan:
For Professional ethical hackers
- To avoid legal disputes, it is better to get written permission form target company before initiating the scan.Always have a legitimate reason for performing the scan.
- Make sure this activity falls within your job description.
- Target your scan as tightly as possible DO NOT SCAN a CIDR.
Even if you are scanning a website for learning purpose it might be difficult to justify your intention to court. To avoid such situations, you have a permission to scan websites like www.nmap.scanme.org only for testing purpose and not for not testing exploits or DOS attacks.
It is advised not to perform dozen of scan on the website to conserve bandwidth.
A website called “ScanPlanner” (http://scanplanner.com/) also allows anyone to run nmap scans on any website for free. Many hackers have been abusing this site for initial recon phase.