====== regular scan ======
2020-08-28
nmap 10.9.8.1
====== output the scan to file with all of those formats ======
2020-07-21
nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16
nmap -sU -p 67 --script dhcp-discover 10.230.0.2/32
Result stored in three files of type grep xml and text
nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16
Now, what if you want to output the scan to all of those formats? XML, text, and grepable? Simple! Use:
nmap -oA test 10.73.31.1.
Now if I use ls -l test.* I’ll see all of the newly created files. gnmap is Grep, XML is XML, and .nmap is a text file.
From
====== Broadcast Scripts ======
From: https://nmap.org/nsedoc/categories/broadcast.html
Attempts to discover available IPv6 hosts on the LAN by sending an MLD (multicast listener discovery) query to he link-local multicast address (ff02::1) and listening for any responses. The query's maximum response delay set to 1 to provoke hosts to respond immediately rather than waiting for other responses from their multicast group.
description =
Sends an ICMPv6 echo request packet to the all-nodes link-local
multicast address
ff02::1
to discover responsive hosts
on a LAN without needing to individually ping each IPv6 address.
---
-- @usage
-- ./nmap -6 --script=targets-ipv6-multicast-echo.nse --script-args 'newtargets,interface=eth0' -sL
-- @output
From: https://svn.nmap.org/nmap/scripts/targets-ipv6-multicast-echo.nse
====== Ubiquiti Scan ======
nmap -sU -p 10001 --script ubiquiti-discovery.nse
From
====== broadcast-dns-service-discovery ======
From: https://nmap.org/nsedoc/scripts/broadcast-dns-service-discovery.html
nmap --script broadcast-dns-service-discovery
====== File broadcast-dhcp-discover ======
From: https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html
sudo nmap --script broadcast-dhcp-discover
File broadcast-dhcp6-discover
sudo nmap -6 --script broadcast-dhcp6-discover
====== nmap cheat sheet ======
From: https://pentestlab.blog/2012/08/17/nmap-cheat-sheet/
Basic Scanning Techniques
Scan a single target —> nmap [target]
Scan multiple targets —> nmap [target1,target2,etc]
Scan a list of targets —-> nmap -iL [list.txt]
Scan a range of hosts —-> nmap [range of IP addresses]
Scan an entire subnet —-> nmap [IP address/cdir]
Scan random hosts —-> nmap -iR [number]
Excluding targets from a scan —> nmap [targets] –exclude [targets]
Excluding targets using a list —> nmap [targets] –excludefile [list.txt]
Perform an aggressive scan —> nmap -A [target]
Scan an IPv6 target —> nmap -6 [target]
====== nmap ======
From: http://krypted.com/tag/smb/
Basic Scanning
To then scan a computer, just use the mmap command followed by the host name or
even throw a -v option in there to see more information (you can use a hostname
or an IP): nmap -v www.apple.com
Use the -6 option if scanning via IPv6:
nmap -v -6 8a33:1a2c::83::1a
Firewalls
Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on
firewalls. First, check whether there is actually a firewall using -s:
nmap -sA www.apple.com
Scan even if the host is protected by a firewall:
nmap -PN www.apple.com
Just check to see if some devices are up even if behind a firewall:
nmap -sP 192.168.210.10-20