Ten common nmap scanning commands and ten nmap scans
Ten common nmap scanning commands
NMap is also known as Network Mapper. nmap is a powerful scanner that is often used in Network security penetration testing. It has powerful functions and is self-evident. The following describes several scanning commands. You have to learn it by yourself, becauseToo powerful.
1) obtain the system type and open port of the remote host
nmap -sS -P0 -sV -O <target>
<Target> can be a single IP address, host name, domain name, or subnet.
-SS tcp syn scan (also known as semi-open or stealth scan)
-P0 allows you to Disable ICMP pings.
-SV: Enable System Version Detection
-O attempts to identify remote operating systems
Other options:
-A: Enable the operating system fingerprint and version detection at the same time.
-V: Output Scan details.
2) list hosts with specified ports Enabled
nmap -sT -p 80 -oG – 192.168.1.* | grep open
3) Search for all online hosts on the network
nmap -sP 192.168.0.*
You can also use the following command:
nmap -sP 192.168.0.0/24
Specify subnet
4) Ping the IP address within the specified range
nmap -sP 192.168.1.100-254
5) Search for unused IP addresses on a subnetwork
nmap -T4 -sP 192.168.2.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp
6) scan the Conficker worm on the LAN.
nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 192.168.0.1-254
7) scan the malicious access point (rogue APs) on the network ).
nmap -A -p1-85,113,443,8080-8100 -T4 –min-hostgroup 50 –max-rtt-timeout2000 –initial-rtt-timeout 300 –max-retries 3 –host-timeout 20m–max-scan-delay 1000 -oA wapscan 10.0.0.0/8
8) scan host ports using bait scanning methods
sudo nmap -sS 192.168.0.10 -D 192.168.0.2
9) List reverse DNS records for a subnet
nmap -R -sL 209.85.229.99/27 | awk ‘{if($3==”not”)print”(“$2″) no PTR”;else print$3″ is “$2}’ | grep ‘(‘
10) How many Linux and Win devices are displayed on the network?
sudo nmap -F -O 192.168.0.1-255 | grep “Running: ” > /tmp/os; echo “$(cat /tmp/os | grep Linux \| wc -l) Linux device(s)”; echo “$(cat /tmp/os | grep Windows | wc -l) Window(s) device”
Free to provide the latest Linux technology tutorial books, for open source technology enthusiasts to do more and better: http://www.linuxprobe.com/