Nmap” best cc bins

1. Scan Single Host or IP Address Scan Single IP Address :

$ nmap 192.168.1.1 Scan server by Hostname :

$ nmap server.shellhacks.com Increase the Level of Detailed Scan Results :

$ nmap -v server.shellhacks.com $ nmap -v server.shellhacks.com 2. Scan IP Address Set Scan IP Address Set :

$ nmap 192.168.1.1.1 192.168.1.2 192.168.1.3 $ namp 192.168.1.1,2,3 Scan Subnet :

$ nmap 192.168.1.0/24 $ nmap 192.168.1.* Scan IP Address Range (192.168.1.0 192.168.1.200) :

$ nmap 192.168.1.0-200 3. Search for Active Computers on the Network Scan the network for Active Hosts :

$ nmap -sn 192.168.1.0/24 Read : Finding Active Computers on a Local Network

4. Scan Host List from File Scan Host List/Networks from File :

$ nmap -iL input.txt File format :

$ cat input.txt server.shellhacks.com 192.168.1.0/24 192.168.2.1,2,3 192.168.3.0-200 5. Exclude IP/Hosts/Nets from Scanning Exclude Targets from Nmap Scanning :

$ nmap 192.168.1.0/24 exclude 192.168.1.1 $ nmap 192.168.1.0/24 exclude 192.168.1.1 192.168.1.5 $ nmap 192.168.1.0/24 exclude 192.168.1.1,2,3 Exclude Host List taken from file :

$ nmap 192.168.1.0/24 excludeefile exclude.txt The format of the excluded hosts file is the same as above.

6. Scanning Specific Ports Scan One Port :

$ nmap -p 80 192.168.1.1 Scan Multiple Ports :

$ nmap -p 80,443 192.168.1.1 Scan Port Range :

$ nmap -p 80-1000 192.168.1.1 Scan All Ports :

$ nmap -p * 192.168.1.1 Scan some of the most common Ports :

$ nmap top-ports 5 192.168.1.1 $ nmap top-ports 10 192.168.1.1 7. Define Supported IP Protocols Define which IP Protocols (TCP, UDP, ICMP, etc.) the scanned host supports :

$ nmap -sO 192.168.1.1 8. Scan TCP/UDP Ports Scan all TCP Ports :

$ nmap -sT 192.168.1.1 Scan specific TCP Ports :

$ nmap -p T:80 192.168.1.1 Scan all UDP Ports :

$ nmap -sU 192.168.1.1 Scan specific UDP Ports :

$ nmap -p U:53 192.168.1.1 Combine multiple port scans :

$ nmap -p U:53,79,113,T:21-25,80,443,8080 192.168.1.1 9. Quick Scan Activate Quick Scan Mode :

$ nmap -F 192.168.1.1 * Scans fewer ports than normal.

10. Show Port Status Reason Show the reason why Nmap thinks the port is in a certain state :

$ nmap reason 192.168.1.1 11. Show Open Ports Only Show Open Ports Only (or possibly open) :

$ nmap open 192.168.1.1 12. OS Definition Enable OS Definition :

$ nmap -O 192.168.1.1 * Identifies the remote operating system using a TCP/IP stack fingerprint.

13. Services Version Definition Enable Services Version Definition :

$ nmap -sV 192.168.1.1 * Identifies versions of programs running on the remote server.

14. Firewall detection Find out if your computer is protected by any Packet Filters or Firewall :

$ nmap -sA 192.168.1.1 15. MAC Address Substitution Substitute MAC Addresses :

$ nmap spoof-mac 00:11:22:33:44:55 192.168.1.1 Replace MAC Address with Random MAC Address :

$ nmap spoof-mac 0 192.168.1.1 16. Firewall Scan for Vulnerabilities TCP Null scan :

$ nmap -sN 192.168.1.1 * No bits are set (Flags in TCP header 0).

TCP Fin scan :

$ nmap -sF 192.168.1.1 * Only the TCP FIN bit is set.

TCP Xmas scan :

$ nmap -sX 192.168.1.1 * FIN, PSH and URG flags are set (package glows like a Christmas tree).

17. Hidden Scan TCP SYN scan :

$ nmap -sS 192.168.0.1 * Known as scanning with half-open connections as it does not drop full TCP connections.

Read : Anonymous Port Scanning : Nmap Tor ProxyChains

18. Disable Host Discovery (No Ping) Do not ping hosts before scanning :

$ nmap -Pn 192.168.1.1 19. Disable DNS Usage Never perform reverse DNS name resolution for every active IP address detected :

$ nmap -n 192.168.1.1 20. Save Nmap Scan Results to File Save Nmap Scan Results to Text File :

$ nmap 192.168.1.1 output.txt $ nmap -oN output.txt 192.168.1.1 Save Nmap scan result to XML File :

$ nmap -oX output.xml 192.168.1.1

21. Obtaining remote host information and determining the operating system Nmap is used as follows:

$ sudo nmap -sS -P0 -sV -O target где:

target – IP, host or subnet -sS – TCP SYN scan (semi-open) -P0 – Disable ICMP scan. -sV – define closed and filtered ports -O – define operating system version More options:

-A – enables “fingerprint” and operating system version detection -v|-vv – diagnostic message output level Using additional options, the command looks like this:

$ sudo nmap -sS -P0 -A -v target

22. Defining the list of servers with an open port Nmap is used as follows:

$ sudo nmap -sT -p 22 -oG 192.168.1.* | grep open The port number is specified after the “-p” option. In this example, it searches machines for which ssh login is possible (unless, of course, the default port for ssh is changed).

23. Search for active IP addresses on the network Nmap is used as follows:

$ sudo nmap -sP 192.168.0.* To poll a specific subnet, you can use the following parameters:

$ sudo nmap -sP 192.168.0.0/24 24. Query (ping) the address range Nmap is used as follows:

$ sudo nmap -sP 192.168.1.100-254 Nmap understands many IP address natations.

25. Search for unused IP addresses in a subnet Nmap is used as follows:

$ sudo nmap -T4 -sP 192.168.2.0/24 egrep 00:00:00:00:00:00″ /proc/net/arp 26. Search for Conficker virus on subnet Nmap is used as follows:

$ sudo nmap -PN -T4 -p139,445 -n -v -script=smb-check-vulns -script-args safe=1 192.168.0.1-254 To correct the list of IP addresses, replace “192.168.0.1-256” with your choice.

27. Searching for rogue access points (APs) on the network Nmap is used as follows:

$ sudo nmap -A -p1-85,113,443,8080-8100 -T4 -min-hostgroup 50 -max-rtt-timeout 2000 -initial-rtt-timeout 300 -max-retries 3 -host-timeout 20m -max-scan-delay 1000 -oA wapscan 10.0.0.0/8 28. Decoding the true IP address when scanning the network Nmap is used as follows:

$ sudo nmap -sS 192.168.0.10 -D 192.168.0.2 This example searches for open ports on machine 192.168.0.10, the address 192.168.0.2 is used as the scanning address. Therefore, the log of 192.168.0.10 will not show the true IP address, but the specified one – 192.168.0.2.

29. The list of reverse DNS records for the subnet Nmap is used as follows:

$ sudo nmap -R -sL 209.85.229.99/27 | awk {if($3==not)print( $2 ) no PTR;else print $3 is $2} | grep ( In this example, nmap searches reverse DNS records for the subnet. The result is a list of IP addresses with matching PTR records for the subnet. To query through a particular DNS server, you need to add “-dns-servers x.x.x.x” after the “-sL” option.

30. Counting Linux/Windows machines on the network Nmap is used as follows:

$ sudo nmap -F -O 192.168.0.1-255 | grep Running: /tmp/os; echo $(cat /tmp/os | grep Linux | grep Linux | wc -l) Linux device(s); echo $(cat /tmp/os | grep Windows | grep Windows | wc -l) Windows(s) devices =====================

best cc bins

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *