nmap commands

Dec 12, 2018
linux security hugo

Netcat

nc -z -v server.domain.com 1-1000

Nmap

Basic scan type -sT (tcp connect) and -sS (syn or stealth). Other type -sF (FIN), -sN (Null) and -sX (Xmas tree), ping scan -sP, udp scan -sU, IP protocol scan -sO, Idle scan -sI, version detection -sV, ACK scan -sA, Window scan -sW, RPC scan -sR and List scan -sL

Timing: Paranoid (-T0), Sneaky (-T1), Polite (-T2), Normal (-T3), Aggressive (-T4) and Insan (-T5)

Turning off ping (-Pn), Turning on ping (-PT) OS Fingerprinting -O -v (verbose)

Outputting Logs: Human readable (-oN), XML log (-oX), Grepable log (-oG). -append-out option will append the scan results.

Resuming: Scans cancelled with Ctrl+C can be resumed with the –resume option. The logfile must be a Normal or Grepable logfile (-oN or -oG).

Reading Targets from a file: -iL . The file should contain a hostlist or list of network expressions separated by spaces, tabs or newlines. Using a hyphen as inputfile makes Nmap read from standard input.

Typical Scanning Session

First, we’ll sweep the network with simple Ping scan to determine which hosts are online.

[chaos]# nmap -sP 10.0.0.0/24

We’ll scan 10.0.0.1 using a SYN scan [-sS] and -A to enable OS fingerprinting and version detection

[chaos]# nmap -sS -A 10.0.0.1

Now we’ll move to 10.0.0.4 and 10.0.0.5, these are likely to be normal computer on the network.

[chaos]# nmap -sS -Pn -A -v 10.0.0.4

NmapFE is a graphical front-end for Nmap.