Tools Index

Nmap

Nmap is powerful network analysis tool, information described was mostly taken from hackertarget.com nmap cheatsheet, they also have nmap tutorial.

Target selection

Scan single ip address;

        # nmap -v 192.168.1.67
        

Or by hostname;

        # nmap -v c9.root.sx
        

Check OS and version detection;

        # nmap -A 192.168.1.67
        # nmap -v -A 192.168.1.67
        

Discover other hosts on local lan, try -sn and -sP, not sure if both only disable port scan.

        # nmap -sn 192.168.1.0/24
        

Scan a range of IPs;

        # nmap 192.168.1.1-20
        

Scan targets from a text file;

        # nmap -iL list-of-hosts.txt
        

Port selection

Scan single port;

        # nmap -p 22 192.168.1.1
        

Scan a range of ports;

        #nmap -p 1-100 192.168.1.1
        

Scan all 65535 ports;

        # nmap -p- 192.168.1.1
        

Port scan types

TCP connect;

 
        # nmap -sT 192.168.1.1
        

TCP syn scan;

        # nmap -sS 192.168.1.1
        

UDP ports;

        # nmap -sU -p 123,161,162 192.168.1.1
        

Selected ports - ignore discovery;

        # nmap -Pn -F 192.168.1.1
        

Service and OS detection

Detect OS and services;

        # nmap -A 192.168.1.1
        

Standard service detection

        # nmap -sV 192.168.1.1
        

Aggressive service detection

        # nmap -sV --version-intensity 5 192.168.1.1
        

Lighter banner grabbing detection;

        # nmap -sV --version-intensity 0 192.168.1.1
        

NSE Scripts

Check for vulnerabilities on host;

        # nmap --script=vuln 127.0.1.1

        Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-20 22:07 UTC
        Nmap scan report for dev.box (127.0.1.1)
        Host is up (0.000028s latency).
        Not shown: 998 closed ports
        PORT   STATE SERVICE
        25/tcp open  smtp
        | smtp-vuln-cve2010-4344:
        |   Exim version: 4.85
        |   Exim heap overflow vulnerability (CVE-2010-4344):
        |     Exim (CVE-2010-4344): NOT VULNERABLE
        |   Exim privileges escalation vulnerability (CVE-2010-4345):
        |     Exim (CVE-2010-4345): NOT VULNERABLE
        |_  To confirm and exploit the vulnerabilities, run with --script-args='smtp-vuln-cve2010-4344.exploit'
        53/tcp open  domain

        Nmap done: 1 IP address (1 host up) scanned in 2.68 seconds
        #