Nmap: Difference between revisions

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials
Line 31: Line 31:


  nmap -Pn -T5 -p- -sS -sU --min-rate 5000 ''start ip''-''end octlet''
  nmap -Pn -T5 -p- -sS -sU --min-rate 5000 ''start ip''-''end octlet''
Dumping the faster scan to a text file
nmap -Pn -T5 -p- -sS -sU --min-rate 5000 ''start ip''-''end octlet'' > scan.txt


=Port states in NMAP=
=Port states in NMAP=

Revision as of 16:55, 29 October 2025

Cybersecurity > Pentesting > Nmap


Simple NMAP scan of the network

sudo su
nmap -sn network/mask -oN hosts.txt
  • sn prevents a port scan of hosts


Just return the IP addresses

nmap -n -sn network/mask -oG | awk '/Up$/{print $2}' | sort -V > hosts.txt


Find the open ports

nmap ip

Find the open ports for a small IP range

nmap start ip-end octlet

example 

nmap 192.168.0.1-20

Faster scan 

nmap -Pn -T5 -p- -sS -sU --min-rate 5000 start ip-end octlet

Dumping the faster scan to a text file 

nmap -Pn -T5 -p- -sS -sU --min-rate 5000 start ip-end octlet > scan.txt

Port states in NMAP

  • Open - Accepting TCP connections
  • Closed - Accessible but nobody is listening
  • Filtered - Cannot determine if port is open Firewall rules could be filtering the port.
  • Unfiltered - Accessible but cannot determine if open or closed.
  • Open|Filtered - Cannot determine if open OR filtered.
  • Closed|Filtered - Cannot determine if closed or filtered.


Reference

Nmap guide

Retrieved from "https://cramsession.net/index.php?title=Nmap&oldid=1294"