ctome
/
tldr
mirror of https://github.com/CrimsonTome/tldr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nmap: update examples to be more practical and useful (#8099)

pull/1/head
Fazle Arefin 2022-06-29 07:56:49 +10:00 committed by GitHub
parent 61763b2022
commit f5348d25a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pages/common/nmap.md
View File

@ -1,37 +1,37 @@
# nmap
> Network exploration tool and security / port scanner.
> Some features only activate when Nmap is run with privileges.
> Some features only activate when Nmap is run with root privileges.
> More information: <https://nmap.org>.
- Check if an IP address is up, and guess the remote host's operating system:
`nmap -O {{ip_or_hostname}}`
- Try to determine whether the specified hosts are up and what their names are:
- Try to determine whether the specified hosts are up (ping scan) and what their names are:
`nmap -sn {{ip_or_hostname}} {{optional_another_address}}`
- Like above, but also run a default 1000-port TCP scan if host seems up:
`nmap {{ip_or_hostname}} {{optional_another_address}}`
- Also enable scripts, service detection, OS fingerprinting and traceroute:
`nmap -A {{address_or_addresses}}`
- Assume good network connection and speed up execution:
- Scan a specific list of ports (use '-p-' for all ports from 1 to 65535):
`nmap -T4 {{address_or_addresses}}`
`nmap -p {{port1,port2,...,portN}} {{address_or_addresses}}`
- Scan a specific list of ports (use `-p-` for all ports `1-65535`):
- Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file:
`nmap -p {{port1,port2,…,portN}} {{address_or_addresses}}`
`nmap -sC -sV -oN {{top-1000-ports.txt}} {{address_or_addresses}}`
- Perform TCP and UDP scanning (use `-sU` for UDP only, `-sZ` for SCTP, `-sO` for IP):
- Scan target(s) carefully using 'default and safe' NSE scripts:
`nmap -sSU {{address_or_addresses}}`
`nmap --script "default and safe" {{address_or_addresses}}`
- Perform full port, service, version detection scan with all default NSE scripts active against a host to determine weaknesses and info:
- Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts:
`nmap -sC -sV {{address_or_addresses}}`
`nmap --script "http-*" {{address_or_addresses}} -p 80,443`
- Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses:
`nmap -T0 -D {{decoy1_ipaddress,decoy2_ipaddress,...,decoyN_ipaddress}} {{address_or_addresses}}`