NMAP CODES

NMAP Training

NMAP's Some Commands

    ## The single IP is scanning ##
    nmap 192.168.0.0

    ## Scan a host name ##
    nmap www.examplesite.com

    ## Host name with more info ##
    nmap -v www.site.com

    ## Multiple scanning ##

    The IP addresses
    nmap 192.168.1.1 22.15.2.2 88.1.3.5

    Range of IP
    nmap 192.168.1.1-20

    Range of IP with "*" sign
    nmap 192.168.0.*

    Entire subnet
    nmap 192.168.0.0/24

    ## Excluding Hosts/Networks ##
    nmap 192.168.1.0/24 --exclude 192.168.1.5

    ## OS Scanning ##
    nmap -A 192.168.0.0 //Turn on OS detection scanning
    nmap -v -A 192.168.0.0 //OS and its version
    nmap -sA 192.168.0.0 //...protected by a firewall?
    nmap -PN 192.168.1.2 //scanning when protected by the firewall.
    nmap -O 192.168.0.0
    nmap -v -O --osscan-guess 192.168.1.1

    Note : If you want enable IP6 scanning, just you adding -6 on your nmap command.
    Example : nmap -6 2001:db8:0:0:0:0:2:1
    Note : If firewall blocking standard ICMP pings, when you use TCP ACK(PA) and TCP Syn(PS): nmap -PS 192.168.1.1
    nmap -PA 80,21 162.31.6.5

    ## Host discovery or the other named ping scan ##
    nmap -sP 192.168.1.0/24

    ## Firewall weakness scan ##
    nmap -sN 192.xxx.xxx.xxx //TCP Null scan to fool a firewall to generate a response
    nmap -sF 192.xxx.xxx.xxx //TCP FIN scan to check firewall
    nmap -sX 192.xxx.xxx.xxx //TCP Xmas scan to check firewall

    ##Scan a Firewall for packets fragments##
    nmap -f 192.168.1.1 //-f fragment packets

    MAC Spoofing
    nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE 192.168.1.1
    nmap -v -sT -PN --spoof-mac 0 192.168.1.1 //The number 0, means nmap chooses a completely random MAC address

    ## Advanced nmap ##

    nmap -sT -sV -v -v -v -n --min-hostgroup 6 --min-parallelism 56 --min-rate 1000 -Pn www.examplesite.com
    nmap -sS --osscan-limit --packet-trace --top-ports 10 --version-intensity 0-4 xxx.xxx.xxx.xxx
    nmap -O -A -Pn --open --packet-trace www.examplesite.com

    Codes from itself

    TARGET SPECIFICATION:
    Can pass hostnames, IP addresses, networks, etc.
    Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
    -iL : Input from list of hosts/networks
    -iR : Choose random targets
    --exclude : Exclude hosts/networks
    --excludefile : Exclude list from file

    HOST DISCOVERY:
    -sL: List Scan - simply list targets to scan
    -sn: Ping Scan - disable port scan
    -Pn: Treat all hosts as online -- skip host discovery
    -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
    -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
    -PO[protocol list]: IP Protocol Ping
    -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
    --dns-servers : Specify custom DNS servers
    --system-dns: Use OS's DNS resolver
    --traceroute: Trace hop path to each host

    SCAN TECHNIQUES:
    -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
    -sU: UDP Scan
    -sN/sF/sX: TCP Null, FIN, and Xmas scans
    --scanflags : Customize TCP scan flags
    -sI : Idle scan
    -sY/sZ: SCTP INIT/COOKIE-ECHO scans
    -sO: IP protocol scan
    -b : FTP bounce scan

    PORT SPECIFICATION AND SCAN ORDER:
    -p : Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
    -F: Fast mode - Scan fewer ports than the default scan
    -r: Scan ports consecutively - don't randomize
    --top-ports : Scan most common ports
    --port-ratio : Scan ports more common than

    SERVICE/VERSION DETECTION:
    -sV: Probe open ports to determine service/version info
    --version-intensity : Set from 0 (light) to 9 (try all probes)
    --version-light: Limit to most likely probes (intensity 2)
    --version-all: Try every single probe (intensity 9)
    --version-trace: Show detailed version scan activity (for debugging)

    SCRIPT SCAN:
    -sC: equivalent to --script=default
    --script=: is a comma separated list of directories, script-files or script-categories
    --script-args=: provide arguments to scripts
    --script-args-file=filename: provide NSE script args in a file
    --script-trace: Show all data sent and received
    --script-updatedb: Update the script database.
    --script-help=: Show help about scripts.
    is a comma separted list of script-files or
    script-categories.

    OS DETECTION:
    -O: Enable OS detection
    --osscan-limit: Limit OS detection to promising targets
    --osscan-guess: Guess OS more aggressively

    TIMING AND PERFORMANCE:
    Options which take are in seconds, or append 'ms' (milliseconds), 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
    -T<0-5>: Set timing template (higher is faster)
    --min-hostgroup/max-hostgroup : Parallel host scan group sizes
    --min-parallelism/max-parallelism : Probe parallelization
    --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout : Specifies probe round trip time.
    --max-retries : Caps number of port scan probe retransmissions.
    --host-timeout : Give up on target after this long
    --scan-delay/--max-scan-delay : Adjust delay between probes
    --min-rate : Send packets no slower than per second
    --max-rate : Send packets no faster than per second

    FIREWALL/IDS EVASION AND SPOOFING:
    -f; --mtu : fragment packets (optionally w/given MTU)
    -D : Cloak a scan with decoys
    -S : Spoof source address
    -e : Use specified interface
    -g/--source-port : Use given port number
    --data-length : Append random data to sent packets
    --ip-options : Send packets with specified ip options
    --ttl : Set IP time-to-live field
    --spoof-mac : Spoof your MAC address
    --badsum: Send packets with a bogus TCP/UDP/SCTP checksum

    OUTPUT:
    -oN/-oX/-oS/-oG : Output scan in normal, XML, s|: Output in the three major formats at once
    -v: Increase verbosity level (use -vv or more for greater effect)
    -d: Increase debugging level (use -dd or more for greater effect)
    --reason: Display the reason a port is in a particular state
    --open: Only show open (or possibly open) ports
    --packet-trace: Show all packets sent and received
    --iflist: Print host interfaces and routes (for debugging)
    --log-errors: Log errors/warnings to the normal-format output file
    --append-output: Append to rather than clobber specified output files
    --resume : Resume an aborted scan
    --stylesheet : XSL stylesheet to transform XML output to HTML
    --webxml: Reference stylesheet from Nmap.Org for more portable XML
    --no-stylesheet: Prevent associating of XSL stylesheet w/XML output

    MISC:
    -6: Enable IPv6 scanning
    -A: Enable OS detection, version detection, script scanning, and traceroute
    --datadir : Specify custom Nmap data file location
    --send-eth/--send-ip: Send using raw ethernet frames or IP packets
    --privileged: Assume that the user is fully privileged
    --unprivileged: Assume the user lacks raw socket privileges
    -V: Print version number
    -h: Print this help summary page.

    EXAMPLES:
    nmap -v -A scanme.nmap.org
    nmap -v -sn 192.xxx.xxx.xxx/16 10.0.0.0/8
    nmap -v -iR 10000 -Pn -p 80


Comments

Post a Comment

Popular posts from this blog

Tech Duos For Web Development

Complete Guide to Web Development Technology Stacks Complete Guide to Web Development Technology Stacks Choosing the Right Technology Stack Selecting the appropriate technology stack is one of the most critical decisions in web development. Your choice impacts: Development speed - How quickly you can build and iterate Scalability - How well your application can grow Performance - The speed and responsiveness of your app Maintainability - How easy it is to update and extend your code Team expertise - The skills your developers need to have Cost - Both development and hosting expenses Pro Tip: Consider your project requirements, team skills, and long-term maintenance needs when choosing a stack. Popular Technology Stacks MERN Stack The MERN stack is one of the most po...
Read more

CIFAR-10 Dataset Classification Using Convolutional Neural Networks (CNNs) With PyTorch

CIFAR-10 Image Classification with CNN (PyTorch) - Complete Guide CIFAR-10 Image Classification Using CNN with PyTorch This comprehensive guide demonstrates how to classify images from the CIFAR-10 dataset using Convolutional Neural Networks (CNNs) built with PyTorch. The project covers the entire machine learning pipeline from data loading to model deployment, including advanced techniques for improving performance. 🚀 Key Features Complete PyTorch implementation Data augmentation techniques Multiple CNN architectures Training visualization Model evaluation metrics Hyperparameter tuning Model saving/loading Deployment options 📊 Performance Baseline model: ~70% accuracy Improved mod...
Read more

Long-short-term-memory (LSTM) Word Prediction With PyTorch

LSTM Text Generation with PyTorch - Complete Guide LSTM Text Generation with PyTorch A comprehensive guide to building word-level language models with Long Short-Term Memory networks Introduction to LSTM Text Generation Long Short-Term Memory (LSTM) networks are a special kind of recurrent neural network (RNN) capable of learning long-term dependencies. They are particularly useful for sequence prediction problems like text generation, where the context from previous words is crucial for predicting the next word. Key Concepts Word-level modeling : Predicts the next word given previous words Embeddings : Dense vector representations of words ...
Read more