From f5348d25a4b8822b62b048d424fc3dfd8c44c1f3 Mon Sep 17 00:00:00 2001 From: Fazle Arefin Date: Wed, 29 Jun 2022 07:56:49 +1000 Subject: [PATCH] nmap: update examples to be more practical and useful (#8099) --- pages/common/nmap.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/pages/common/nmap.md b/pages/common/nmap.md index 8860843cb..30346144b 100644 --- a/pages/common/nmap.md +++ b/pages/common/nmap.md @@ -1,37 +1,37 @@ # nmap > Network exploration tool and security / port scanner. -> Some features only activate when Nmap is run with privileges. +> Some features only activate when Nmap is run with root privileges. > More information: . - Check if an IP address is up, and guess the remote host's operating system: `nmap -O {{ip_or_hostname}}` -- Try to determine whether the specified hosts are up and what their names are: +- Try to determine whether the specified hosts are up (ping scan) and what their names are: `nmap -sn {{ip_or_hostname}} {{optional_another_address}}` -- Like above, but also run a default 1000-port TCP scan if host seems up: - -`nmap {{ip_or_hostname}} {{optional_another_address}}` - - Also enable scripts, service detection, OS fingerprinting and traceroute: `nmap -A {{address_or_addresses}}` -- Assume good network connection and speed up execution: +- Scan a specific list of ports (use '-p-' for all ports from 1 to 65535): -`nmap -T4 {{address_or_addresses}}` +`nmap -p {{port1,port2,...,portN}} {{address_or_addresses}}` -- Scan a specific list of ports (use `-p-` for all ports `1-65535`): +- Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file: -`nmap -p {{port1,port2,…,portN}} {{address_or_addresses}}` +`nmap -sC -sV -oN {{top-1000-ports.txt}} {{address_or_addresses}}` -- Perform TCP and UDP scanning (use `-sU` for UDP only, `-sZ` for SCTP, `-sO` for IP): +- Scan target(s) carefully using 'default and safe' NSE scripts: -`nmap -sSU {{address_or_addresses}}` +`nmap --script "default and safe" {{address_or_addresses}}` -- Perform full port, service, version detection scan with all default NSE scripts active against a host to determine weaknesses and info: +- Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts: -`nmap -sC -sV {{address_or_addresses}}` +`nmap --script "http-*" {{address_or_addresses}} -p 80,443` + +- Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses: + +`nmap -T0 -D {{decoy1_ipaddress,decoy2_ipaddress,...,decoyN_ipaddress}} {{address_or_addresses}}`