nmap commands
linux security hugo
Netcat
nc -z -v server.domain.com 1-1000
Nmap
Basic scan type -sT (tcp connect) and -sS (syn or stealth). Other type -sF (FIN), -sN (Null) and -sX (Xmas tree), ping scan -sP, udp scan -sU, IP protocol scan -sO, Idle scan -sI, version detection -sV, ACK scan -sA, Window scan -sW, RPC scan -sR and List scan -sL
Timing: Paranoid (-T0), Sneaky (-T1), Polite (-T2), Normal (-T3), Aggressive (-T4) and Insan (-T5)
Turning off ping (-Pn), Turning on ping (-PT) OS Fingerprinting -O -v (verbose)
Outputting Logs: Human readable (-oN), XML log (-oX), Grepable log (-oG). -append-out option will append the scan results.
Resuming: Scans cancelled with Ctrl+C can be resumed with the –resume
Reading Targets from a file: -iL
Typical Scanning Session
First, we’ll sweep the network with simple Ping scan to determine which hosts are online.
[chaos]# nmap -sP 10.0.0.0/24
We’ll scan 10.0.0.1 using a SYN scan [-sS] and -A to enable OS fingerprinting and version detection
[chaos]# nmap -sS -A 10.0.0.1
Now we’ll move to 10.0.0.4 and 10.0.0.5, these are likely to be normal computer on the network.
[chaos]# nmap -sS -Pn -A -v 10.0.0.4
NmapFE is a graphical front-end for Nmap.