NMAP

Basic cmd :

a)nmap -sSVC -p- -Pn -vv IP

b)nmap -p- -sC -sV -O -A -T4 -oA nmapOutputfile 10.10.X.X

Scan techniques:

  1. TCP Scan : nmap IP -sT

  2. UDP Scan : nmap IP -sU

  3. Window Port Scan : nmap IP -sW

  4. Aggressive Scan : nmap -A -T4 IP

Port Specification :

1)nmap IP -p 21

2)nmap IP -p U:53,T:21-25,80 (U : UDP Port , T : TCP Port)

3)nmap IP -p http,https (Service specification)

Service & Version Detection

1)nmap IP -sV

2)nmap IP -A (Enables OS detection, version detection, script scanning, and traceroute)

OS Detection :

1)nmap IP -O

2)nmap IP -O –osscan-limit (If at least one open and one closed TCP port are not found it will not try OS detection against host)

3)nmap IP -O –osscan-guess (Makes Nmap guess more aggressively)

NSE Scripts :

1)nmap IP -sC

2)nmap IP –script default (Scan with default NSE scripts. Considered useful for discovery and safe)

3)nmap IP –script=banner (Scan with a single script. Example banner)

4)nmap IP –script=http* (Scan with a wildcard. Example http)

5)nmap 192.168.1.1 –script=http,banner (Scan with two scripts. Example http and banner)

6)nmap -n -Pn -p 80 –open -sV -vvv –script banner,http-title -iR 1000 (Fast search for random web servers)

7)nmap -Pn –script=dns-brute domain.com (Brute forces DNS hostnames guessing subdomains)

8)nmap -n -Pn -vv -O -sV –script smb-enum*,smb-ls,smb-mbenum,smb-os-discovery,smb-s*,smb-vuln*,smbv2* -vv IP (Safe SMB scripts to run)

9)nmap -p80 –script http-sql-injection scanme.nmap.org (Check for SQL Injection)

10)nmap --script http-robots.txt IP

PreviousDiscover the IPsNextHydra & Nikto

Last updated