NMAP Scanning

Various nmap scans

Full UDP Scan

nmap -sU -sV -vv -oA quick_udp 10.10.10.20
nmap -A -sV -sU --script=default,vuln --open -oA udp_full_scan 10.10.10.20

Full TCP Scan

nmap -sC -sV -p- -vv -oA full 10.10.10.20
nmap -A -sV --script=default,vuln -p- --open -oA tcp_full_scan 10.10.10.20
nmap -T4 -A -p- 10.10.10.20

Port Knock

for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max-retries 0 -p $x 1

Scan all ports

nmap -sS -A -T4 -p 1-65535 -oA nmapscan.txt 10.10.10.20

OS Guess

nmap -O -v -n 10.10.10.0/24 --osscan-guess

NSE scripts

Used for:

  • Service enumeration

  • Brute-force

  • Vulnerabilities

  • /usr/share/nmap/scripts/ # Directory

--script=name-of-the-script
OR
--script name-of-the-script.nse

Vulnerability Scan

# On general
nmap --script vuln -oA nmap vulnscan 10.10.10.20

# On specific ports
nmap --script +vuln -p80,1999,8180,35316 10.10.10.20 
nmap --script +vuln -p4433 10.10.10.20
nmap --script +vuln -p2049,445,80,60666 10.10.10.20

Last updated