Nmap

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

Cybersecurity > Pentesting > Nmap


Simple NMAP scan of the network

sudo su
nmap -sn network/mask -oN hosts.txt
  • sn prevents a port scan of hosts


Just return the IP addresses

nmap -n -sn network/mask -oG | awk '/Up$/{print $2}' | sort -V > hosts.txt


Find the open ports

nmap ip

Find the open ports for a small IP range

nmap start ip-end octlet

example 

nmap 192.168.0.1-20

Faster scan 

nmap -Pn -T5 -p- -sS -sU --min-rate 5000 start ip-end octlet

Dumping the faster scan to a text file 

nmap -Pn -T5 -p- -sS -sU --min-rate 5000 start ip-end octlet > scan.txt

Just query pots of interest

nmap =p ports star ip-end octlet

ports Can be a range 1090-1095 or a list 80,443,8080

Port states in NMAP

  • Open - Accepting TCP connections
  • Closed - Accessible but nobody is listening
  • Filtered - Cannot determine if port is open Firewall rules could be filtering the port.
  • Unfiltered - Accessible but cannot determine if open or closed.
  • Open|Filtered - Cannot determine if open OR filtered.
  • Closed|Filtered - Cannot determine if closed or filtered.


Reference

Nmap guide

Retrieved from "https://cramsession.net/index.php?title=Nmap&oldid=1295"