Table of Contents
regular scan
2020-08-28
nmap 10.9.8.1
output the scan to file with all of those formats
2020-07-21
nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16 nmap -sU -p 67 --script dhcp-discover 10.230.0.2/32
Result stored in three files of type grep xml and text
nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16
Now, what if you want to output the scan to all of those formats? XML, text, and grepable? Simple! Use:
nmap -oA test 10.73.31.1.
Now if I use ls -l test.* I’ll see all of the newly created files. gnmap is Grep, XML is XML, and .nmap is a text file.
Broadcast Scripts
From: https://nmap.org/nsedoc/categories/broadcast.html
Attempts to discover available IPv6 hosts on the LAN by sending an MLD (multicast listener discovery) query to he link-local multicast address (ff02::1) and listening for any responses. The query's maximum response delay set to 1 to provoke hosts to respond immediately rather than waiting for other responses from their multicast group.
description = Sends an ICMPv6 echo request packet to the all-nodes link-local multicast address
ff02::1
to discover responsive hosts on a LAN without needing to individually ping each IPv6 address.
— – @usage – ./nmap -6 –script=targets-ipv6-multicast-echo.nse –script-args 'newtargets,interface=eth0' -sL – @output
From: https://svn.nmap.org/nmap/scripts/targets-ipv6-multicast-echo.nse
Ubiquiti Scan
nmap -sU -p 10001 –script ubiquiti-discovery.nse <target>
From <https://nmap.org/nsedoc/scripts/ubiquiti-discovery.html>
broadcast-dns-service-discovery
From: https://nmap.org/nsedoc/scripts/broadcast-dns-service-discovery.html
nmap --script broadcast-dns-service-discovery
File broadcast-dhcp-discover
From: https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html
sudo nmap --script broadcast-dhcp-discover File broadcast-dhcp6-discover sudo nmap -6 --script broadcast-dhcp6-discover
nmap cheat sheet
From: https://pentestlab.blog/2012/08/17/nmap-cheat-sheet/
Basic Scanning Techniques Scan a single target —> nmap [target] Scan multiple targets —> nmap [target1,target2,etc] Scan a list of targets —-> nmap -iL [list.txt] Scan a range of hosts —-> nmap [range of IP addresses] Scan an entire subnet —-> nmap [IP address/cdir] Scan random hosts —-> nmap -iR [number] Excluding targets from a scan —> nmap [targets] –exclude [targets] Excluding targets using a list —> nmap [targets] –excludefile [list.txt] Perform an aggressive scan —> nmap -A [target] Scan an IPv6 target —> nmap -6 [target]
nmap
From: http://krypted.com/tag/smb/
Basic Scanning To then scan a computer, just use the mmap command followed by the host name or even throw a -v option in there to see more information (you can use a hostname or an IP): nmap -v www.apple.com Use the -6 option if scanning via IPv6: nmap -v -6 8a33:1a2c::83::1a Firewalls Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on firewalls. First, check whether there is actually a firewall using -s: nmap -sA www.apple.com Scan even if the host is protected by a firewall: nmap -PN www.apple.com Just check to see if some devices are up even if behind a firewall: nmap -sP 192.168.210.10-20