Wednesday, 1 November 2017

nmap & Port Scanning

# ICMP / ping sweep
nmap -sn a.a.a.a-b

# Output to a grepable file
nmap -sn a.a.a.a-b -oG nmap-ping-sweep.txt
grep Up nmap-ping-sweep.txt

# Specific port scan
nmap -p 22 a.a.a.a-b -oG nmap-ssh-scan.txt


Port Scanning
# Connect scan
nmap -sT a.a.a.a-b

# Syn / half open scan
nmap -sS a.a.a.a-b

# Syn scan on the top 100 ports
nmap -sS --top-ports 100 a.a.a.a-b

# ACK scan
nmap -sA --top-ports 100 a.a.a.a-b

# SNMP scan for open 161 ports
nmap -sU -p 161 --open a.a.a.a-b

# Banner grabbing
nmap -sV a.a.a.a-b

# Operating system fingerprinting
nmap -O a.a.a.a-b

# Comprehensive scan
nmap -A a.a.a.a-b

nse = nmap scripting engine

where a.a.a.a-b is an ip range such as 192.168.1.100-150


No comments:

Post a comment