blob: c3d53168fb7a381e4a5cbb4120916b0816682574 (
plain) (
tree)
|
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>Nmap</title>
</head>
<body>
<a href="index.html">Tools Index</a>
<h1>Nmap</h1>
<p>Nmap is powerful network analysis tool, information described
was mostly taken from hackertarget.com
<a href="https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/">nmap cheatsheet</a>,
they also have <a href="https://hackertarget.com/nmap-tutorial/">nmap tutorial</a>.</p>
<h2>Target selection</h2>
<p>Scan single ip address;</p>
<pre>
# nmap -v 192.168.1.67
</pre>
<p>Or by hostname;</p>
<pre>
# nmap -v c9.root.sx
</pre>
<p>Check OS and version detection;</p>
<pre>
# nmap -A 192.168.1.67
# nmap -v -A 192.168.1.67
</pre>
<p>Discover other hosts on local lan, try -sn and -sP,
not sure if both only disable port scan.</p>
<pre>
# nmap -sn 192.168.1.0/24
</pre>
<p>Scan a range of IPs;</p>
<pre>
# nmap 192.168.1.1-20
</pre>
<p>Scan targets from a text file;</p>
<pre>
# nmap -iL list-of-hosts.txt
</pre>
<h2>Port selection</h2>
<p>Scan single port;</p>
<pre>
# nmap -p 22 192.168.1.1
</pre>
<p>Scan a range of ports;</p>
<pre>
#nmap -p 1-100 192.168.1.1
</pre>
<p>Scan all 65535 ports;</p>
<pre>
# nmap -p- 192.168.1.1
</pre>
<h2>Port scan types</h2>
<p>TCP connect;</p>
<pre>
# nmap -sT 192.168.1.1
</pre>
<p>TCP syn scan;</p>
<pre>
# nmap -sS 192.168.1.1
</pre>
<p>UDP ports;</p>
<pre>
# nmap -sU -p 123,161,162 192.168.1.1
</pre>
<p>Selected ports - ignore discovery;</p>
<pre>
# nmap -Pn -F 192.168.1.1
</pre>
<h2>Service and OS detection</h2>
<p>Detect OS and services;</p>
<pre>
# nmap -A 192.168.1.1
</pre>
<p>Standard service detection</p>
<pre>
# nmap -sV 192.168.1.1
</pre>
<p>Aggressive service detection</p>
<pre>
# nmap -sV --version-intensity 5 192.168.1.1
</pre>
<p>Lighter banner grabbing detection;</p>
<pre>
# nmap -sV --version-intensity 0 192.168.1.1
</pre>
<h2>NSE Scripts</h2>
<p>Check for vulnerabilities on host;</p>
<pre>
# nmap --script=vuln 127.0.1.1
Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-20 22:07 UTC
Nmap scan report for dev.box (127.0.1.1)
Host is up (0.000028s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
25/tcp open smtp
| smtp-vuln-cve2010-4344:
| Exim version: 4.85
| Exim heap overflow vulnerability (CVE-2010-4344):
| Exim (CVE-2010-4344): NOT VULNERABLE
| Exim privileges escalation vulnerability (CVE-2010-4345):
| Exim (CVE-2010-4345): NOT VULNERABLE
|_ To confirm and exploit the vulnerabilities, run with --script-args='smtp-vuln-cve2010-4344.exploit'
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 2.68 seconds
#
</pre>
</body>
</html>
|