2014-02-02 09:57:44 +00:00
|
|
|
# nmap
|
|
|
|
|
2015-12-29 15:28:01 +00:00
|
|
|
> Network exploration tool and security / port scanner.
|
2022-06-28 22:56:49 +01:00
|
|
|
> Some features only activate when Nmap is run with root privileges.
|
2019-06-03 01:06:36 +01:00
|
|
|
> More information: <https://nmap.org>.
|
2014-02-02 09:57:44 +00:00
|
|
|
|
2020-10-14 14:46:17 +01:00
|
|
|
- Check if an IP address is up, and guess the remote host's operating system:
|
|
|
|
|
|
|
|
`nmap -O {{ip_or_hostname}}`
|
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
- Try to determine whether the specified hosts are up (ping scan) and what their names are:
|
2014-02-02 09:57:44 +00:00
|
|
|
|
2015-12-29 15:28:01 +00:00
|
|
|
`nmap -sn {{ip_or_hostname}} {{optional_another_address}}`
|
2014-02-02 09:57:44 +00:00
|
|
|
|
2016-01-21 12:21:22 +00:00
|
|
|
- Also enable scripts, service detection, OS fingerprinting and traceroute:
|
2015-12-29 00:34:45 +00:00
|
|
|
|
2015-12-29 15:28:01 +00:00
|
|
|
`nmap -A {{address_or_addresses}}`
|
2015-12-29 00:34:45 +00:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
- Scan a specific list of ports (use '-p-' for all ports from 1 to 65535):
|
|
|
|
|
|
|
|
`nmap -p {{port1,port2,...,portN}} {{address_or_addresses}}`
|
|
|
|
|
|
|
|
- Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file:
|
2015-12-29 00:34:45 +00:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
`nmap -sC -sV -oN {{top-1000-ports.txt}} {{address_or_addresses}}`
|
2015-12-29 15:28:01 +00:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
- Scan target(s) carefully using 'default and safe' NSE scripts:
|
2015-12-29 15:28:01 +00:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
`nmap --script "default and safe" {{address_or_addresses}}`
|
2015-12-29 15:28:01 +00:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
- Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts:
|
2015-12-29 15:28:01 +00:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
`nmap --script "http-*" {{address_or_addresses}} -p 80,443`
|
2017-10-23 22:33:57 +01:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
- Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses:
|
2020-10-14 23:29:25 +01:00
|
|
|
|
2022-06-28 22:56:49 +01:00
|
|
|
`nmap -T0 -D {{decoy1_ipaddress,decoy2_ipaddress,...,decoyN_ipaddress}} {{address_or_addresses}}`
|