Nmap Scanning
Stealth Scan (Faster)
sudo nmap -sS 192.168.1.2Nmap Connect Scan
nmap -sT 192.168.1.2UDP Scan
sudo nmap -sU 192.168.1.2Merge TCP + UDP Scan
sudo nmap -sU -sS 192.168.1.2Quickly Generate list of IPs:
for ip in $(seq 1 254); do echo 192.168.1.$ip; done > ipsScan for alive hosts
$ nmap -sn $ip/24
$ nmap -vvv -sn $ip/24If you want little faster
Scan specific IP range
Auto Recon
Initial Scan TCP
Full Scan TCP
Comprehensive nmap scans in the background to make sure we cover all bases.
Full Scan UDP
Normal Scan
Scan specific machine
Scan common port
The command:
Scan 1024 most common ports
Run OS detection
Run default nmap scripts
Save the result into
.nmap,.gnmapand.xmlFaster
Fast scanning
Scan 100 most common ports
Quick TCP Scan
Quick UDP Scan
Full TCP Scan
Port knock
Scan deeply
Scanning more deeply:
This command:
Scan all 65535 ports with full connect scan
Take very long time
Print out straigt away instead of having to wait until end of the scan
Tips:
Scanning this takes a long time, suggest to leave the scan running overnight, when you're sleep or move on to different box in the meantime.
Maximum scan delay
The –max-scan-delay is used to specify the maximum amount of time Nmap should wait between probes.
Maximum Retries
–max-retries specifies the number of times a packet is to be resent on a port to check if it is open or closed. If –max-retries is set to 0, the packets will be sent only once on a port and no retries will be done.
Scan for specific port
Use -T: specifies TCP ports. Use -U: for UDP ports.
Scan for unused IP addresses and store in text file
Other option
UDP scan
Scanning this might slow and unreliadble
Top ports
To save time and network resources, we can also scan multiple IPs, probing for a short list of a an common ports. For example, let’s conduct a TCP connect scan for the top twenty TCP ports with kw Ma the --top-ports option and enable OS version detection, script scanning, and traceroute with -A:
Scan targets from a text file
Create a text file contains of our targets machine (like in method Scan for unused IP addresses and store in text file):
Run this nmap command with -iL
Onetwopunch.sh
Grab the latest bash script
Create a text file contains of our targets machine (like in method Scan for unused IP addresses and store in text file):
Then, run the script and tell it to read our txt file and perform TCP scan against each target.
So, the idea behind the script to generate a scan of 65,535 ports on the targets. The script use unicornscan to scan all ports, and make a list of those ports that are open. The script then take the open ports and pass them to nmap for service detection.
Grepable Nmap output:
Guess OS of machine:
-A is for getting service details:
Get HTTP headers
Nmap Services Mapping
Powershell One-Liner:
One-liner for Powershall scanning of 1024 TCP Ports:
References
Last updated