Nmap” best cc bins

1. Scan Single Host or IP Address Scan Single IP Address :

$ nmap Scan server by Hostname :

$ nmap server.shellhacks.com Increase the Level of Detailed Scan Results :

$ nmap -v server.shellhacks.com $ nmap -v server.shellhacks.com 2. Scan IP Address Set Scan IP Address Set :

$ nmap $ namp,2,3 Scan Subnet :

$ nmap $ nmap 192.168.1.* Scan IP Address Range ( :

$ nmap 3. Search for Active Computers on the Network Scan the network for Active Hosts :

$ nmap -sn Read : Finding Active Computers on a Local Network

4. Scan Host List from File Scan Host List/Networks from File :

$ nmap -iL input.txt File format :

$ cat input.txt server.shellhacks.com,2,3 5. Exclude IP/Hosts/Nets from Scanning Exclude Targets from Nmap Scanning :

$ nmap exclude $ nmap exclude $ nmap exclude,2,3 Exclude Host List taken from file :

$ nmap excludeefile exclude.txt The format of the excluded hosts file is the same as above.

6. Scanning Specific Ports Scan One Port :

$ nmap -p 80 Scan Multiple Ports :

$ nmap -p 80,443 Scan Port Range :

$ nmap -p 80-1000 Scan All Ports :

$ nmap -p * Scan some of the most common Ports :

$ nmap top-ports 5 $ nmap top-ports 10 7. Define Supported IP Protocols Define which IP Protocols (TCP, UDP, ICMP, etc.) the scanned host supports :

$ nmap -sO 8. Scan TCP/UDP Ports Scan all TCP Ports :

$ nmap -sT Scan specific TCP Ports :

$ nmap -p T:80 Scan all UDP Ports :

$ nmap -sU Scan specific UDP Ports :

$ nmap -p U:53 Combine multiple port scans :

$ nmap -p U:53,79,113,T:21-25,80,443,8080 9. Quick Scan Activate Quick Scan Mode :

$ nmap -F * Scans fewer ports than normal.

10. Show Port Status Reason Show the reason why Nmap thinks the port is in a certain state :

$ nmap reason 11. Show Open Ports Only Show Open Ports Only (or possibly open) :

$ nmap open 12. OS Definition Enable OS Definition :

$ nmap -O * Identifies the remote operating system using a TCP/IP stack fingerprint.

13. Services Version Definition Enable Services Version Definition :

$ nmap -sV * Identifies versions of programs running on the remote server.

14. Firewall detection Find out if your computer is protected by any Packet Filters or Firewall :

$ nmap -sA 15. MAC Address Substitution Substitute MAC Addresses :

$ nmap spoof-mac 00:11:22:33:44:55 Replace MAC Address with Random MAC Address :

$ nmap spoof-mac 0 16. Firewall Scan for Vulnerabilities TCP Null scan :

$ nmap -sN * No bits are set (Flags in TCP header 0).

TCP Fin scan :

$ nmap -sF * Only the TCP FIN bit is set.

TCP Xmas scan :

$ nmap -sX * FIN, PSH and URG flags are set (package glows like a Christmas tree).

17. Hidden Scan TCP SYN scan :

$ nmap -sS * Known as scanning with half-open connections as it does not drop full TCP connections.

Read : Anonymous Port Scanning : Nmap Tor ProxyChains

18. Disable Host Discovery (No Ping) Do not ping hosts before scanning :

$ nmap -Pn 19. Disable DNS Usage Never perform reverse DNS name resolution for every active IP address detected :

$ nmap -n 20. Save Nmap Scan Results to File Save Nmap Scan Results to Text File :

$ nmap output.txt $ nmap -oN output.txt Save Nmap scan result to XML File :

$ nmap -oX output.xml

21. Obtaining remote host information and determining the operating system Nmap is used as follows:

$ sudo nmap -sS -P0 -sV -O target где:

target – IP, host or subnet -sS – TCP SYN scan (semi-open) -P0 – Disable ICMP scan. -sV – define closed and filtered ports -O – define operating system version More options:

-A – enables “fingerprint” and operating system version detection -v|-vv – diagnostic message output level Using additional options, the command looks like this:

$ sudo nmap -sS -P0 -A -v target

22. Defining the list of servers with an open port Nmap is used as follows:

$ sudo nmap -sT -p 22 -oG 192.168.1.* | grep open The port number is specified after the “-p” option. In this example, it searches machines for which ssh login is possible (unless, of course, the default port for ssh is changed).

23. Search for active IP addresses on the network Nmap is used as follows:

$ sudo nmap -sP 192.168.0.* To poll a specific subnet, you can use the following parameters:

$ sudo nmap -sP 24. Query (ping) the address range Nmap is used as follows:

$ sudo nmap -sP Nmap understands many IP address natations.

25. Search for unused IP addresses in a subnet Nmap is used as follows:

$ sudo nmap -T4 -sP egrep 00:00:00:00:00:00″ /proc/net/arp 26. Search for Conficker virus on subnet Nmap is used as follows:

$ sudo nmap -PN -T4 -p139,445 -n -v -script=smb-check-vulns -script-args safe=1 To correct the list of IP addresses, replace “” with your choice.

27. Searching for rogue access points (APs) on the network Nmap is used as follows:

$ sudo nmap -A -p1-85,113,443,8080-8100 -T4 -min-hostgroup 50 -max-rtt-timeout 2000 -initial-rtt-timeout 300 -max-retries 3 -host-timeout 20m -max-scan-delay 1000 -oA wapscan 28. Decoding the true IP address when scanning the network Nmap is used as follows:

$ sudo nmap -sS -D This example searches for open ports on machine, the address is used as the scanning address. Therefore, the log of will not show the true IP address, but the specified one –

29. The list of reverse DNS records for the subnet Nmap is used as follows:

$ sudo nmap -R -sL | awk {if($3==not)print( $2 ) no PTR;else print $3 is $2} | grep ( In this example, nmap searches reverse DNS records for the subnet. The result is a list of IP addresses with matching PTR records for the subnet. To query through a particular DNS server, you need to add “-dns-servers x.x.x.x” after the “-sL” option.

30. Counting Linux/Windows machines on the network Nmap is used as follows:

$ sudo nmap -F -O | grep Running: /tmp/os; echo $(cat /tmp/os | grep Linux | grep Linux | wc -l) Linux device(s); echo $(cat /tmp/os | grep Windows | grep Windows | wc -l) Windows(s) devices =====================

best cc bins

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *