Nmap fundamentals

  • Finding live hosts in your network

#nmap-sn gogle.com

  • Listing open ports on target host

#nmap google.com

  • Fingerprinting os and services running on target host

#nmap –Sv google.com

  • To enable os detection

#nmap –O google.com

Using NSE scripts against a target host

#nmap -Sc google.com

Excluding a host list form your scans

#nmap  -exclude-file dontsan.txt 192.168.1.1/24

Scanning an ip address ranges

#nmap -p25,80 -O -T4 192.168.1.1/24 goole.com/24

Scanning random targets on the internet

#nmap -Ir 100

Collecting singnatures  of web servers

#namp -p80,443-Pn-T4-open-script http-headers,htt-title,ssl-cert

Crafting ICMP echo replies with Nping

#nping -icmp -c 1 -icmp-type 0 -icme-code 0 -source-ip192.168.0.5 -dest-ip 192.168.0.10 -icmp-id 5

 

Network Exploration

Discovering host with TCP SYN ping scans

#nmap -sn -PS 192.168.1.1/24

Discovering host with TCP ACK ping scans

#nmap -sn -PA 192.168.1.1/24

Privileged versus unprivileged TCP ACK scans

#namp -sn -PA21,22,80 google.com

Discovering host with UDP ping scans

#namp -sn -PU google.com

Selecting ports in UDP ping scans

#nmap -sn -PU1337,11111 google.com

#nmap -sn -PU1337 google.com

#nmap -sn -PU1337-1339 google.com

Discovering hosts with ICMP Ping scans

#nmap -sn -PY google.com

Discovering host with SCTP INIT ping scans

#nmap -sn -PY google.com

Select ports in SCTP INIT ping scans

#nmap -sn -PY21,22,80 goole.com

#nmap -sn -PY80-81 goole.com

#nmap -sn -PY22,1000-1005 goole.com

Discovering Host with ip protocol ping scans

#nmap -sn -PO google.com

Discovering host with ARP ping scans

#nmap -sn -PR 192.168.1.1/24

MAC address spoofing

#nmap -sn -PR -spoof-mac “MAC-ADDRESS” goole.com

Discovering hosts with broadcast ping scans

#nmap -script broadcast-ping

#nmap -script broadcast-ping -script-args broadcast-ping.num_probes=5

#nmap -script broadcast-ping -script-args broadcast-ping.num_probes=10000

#nmap -script broadcast-ping -script-args broadcast-ping.interface=wlan3

Scanning IPv6 address

#nmap -6 google.com

Gathering network information with broadcast scripts

#nmap -script broadcast -e eth0

Scanning through proxies

#nmap -Sv -Pv -n -proxies socks://127.0.0.1:9050 scanme.nmap.org

 

Spoofing the origin IP of a scan

#nmap -p80 -script ipidseq -IR 1000

Leave a Comment