====== regular scan ======

<WRAP center round box >

2020-08-28

    nmap  10.9.8.1

</WRAP>



====== output the scan to file with all of those formats ======

<WRAP center round box >

2020-07-21

    nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16
    nmap -sU -p 67 --script dhcp-discover 10.230.0.2/32

Result stored in three files of type grep xml and text
    nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16

Now, what if you want to output the scan to all of those formats? XML, text, and grepable? Simple! Use: 
   nmap -oA test 10.73.31.1. 
   
Now if I use ls -l test.* I’ll see all of the newly created files. gnmap is Grep, XML is XML, and .nmap is a text file.

From <https://www.hak5.org/episodes/haktip-103> 
</WRAP>




====== Broadcast Scripts ======

From: https://nmap.org/nsedoc/categories/broadcast.html

<WRAP center round box >
Attempts to discover available IPv6 hosts on the LAN by sending an MLD (multicast listener discovery) query to   he link-local multicast address (ff02::1) and listening for any responses. The query's maximum response delay set to 1 to provoke hosts to respond immediately rather than waiting for other responses from their multicast group.

</WRAP>


<WRAP center round box >

description = 
Sends an ICMPv6 echo request packet to the all-nodes link-local
multicast address
<code>ff02::1</code>
to discover responsive hosts
on a LAN without needing to individually ping each IPv6 address.


---
-- @usage
-- ./nmap -6 --script=targets-ipv6-multicast-echo.nse --script-args 'newtargets,interface=eth0' -sL
-- @output


From: https://svn.nmap.org/nmap/scripts/targets-ipv6-multicast-echo.nse
</WRAP>

====== Ubiquiti Scan ======


nmap -sU -p 10001 --script ubiquiti-discovery.nse <target>

From <https://nmap.org/nsedoc/scripts/ubiquiti-discovery.html> 


====== broadcast-dns-service-discovery ======


From: https://nmap.org/nsedoc/scripts/broadcast-dns-service-discovery.html

   nmap --script broadcast-dns-service-discovery

====== File broadcast-dhcp-discover ======

From: https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html

<code>
sudo nmap --script broadcast-dhcp-discover

File broadcast-dhcp6-discover

sudo nmap -6 --script broadcast-dhcp6-discover
</code>

====== nmap cheat sheet ======

From: https://pentestlab.blog/2012/08/17/nmap-cheat-sheet/

<code>
Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]
</code>

====== nmap ======

From: http://krypted.com/tag/smb/

    Basic Scanning
    To then scan a computer, just use the mmap command followed by the host name or 
    even throw a -v option in there to see more information (you can use a hostname 
    or an IP):  nmap -v www.apple.com
    Use the -6 option if scanning via IPv6:
    nmap -v -6 8a33:1a2c::83::1a
    Firewalls
    Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on 
    firewalls. First, check whether there is actually a firewall using -s:
    nmap -sA www.apple.com 
    Scan even if the host is protected by a firewall: 
    nmap -PN www.apple.com
    Just check to see if some devices are up even if behind a firewall:
    nmap -sP 192.168.210.10-20