Marcus Hall

User Tools

Site Tools

Trace: nmap
software:nmap

Table of Contents

regular scan

2020-08-28 

  nmap  10.9.8.1

output the scan to file with all of those formats

2020-07-21 

  nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16
  nmap -sU -p 67 --script dhcp-discover 10.230.0.2/32

Result stored in three files of type grep xml and text 

  nmap -oA c:\temp\nmap-broadcast-dhcp-discover-2020-07-21 --script=broadcast-dhcp-discover 10.9.0.0/16

Now, what if you want to output the scan to all of those formats? XML, text, and grepable? Simple! Use: 

 nmap -oA test 10.73.31.1.

Now if I use ls -l test.* I’ll see all of the newly created files. gnmap is Grep, XML is XML, and .nmap is a text file.

From <https://www.hak5.org/episodes/haktip-103>

Broadcast Scripts

From: https://nmap.org/nsedoc/categories/broadcast.html

Attempts to discover available IPv6 hosts on the LAN by sending an MLD (multicast listener discovery) query to he link-local multicast address (ff02::1) and listening for any responses. The query's maximum response delay set to 1 to provoke hosts to respond immediately rather than waiting for other responses from their multicast group.

description = Sends an ICMPv6 echo request packet to the all-nodes link-local multicast address 

ff02::1

to discover responsive hosts on a LAN without needing to individually ping each IPv6 address.

— – @usage – ./nmap -6 –script=targets-ipv6-multicast-echo.nse –script-args 'newtargets,interface=eth0' -sL – @output

From: https://svn.nmap.org/nmap/scripts/targets-ipv6-multicast-echo.nse

Ubiquiti Scan

nmap -sU -p 10001 –script ubiquiti-discovery.nse <target>

From <https://nmap.org/nsedoc/scripts/ubiquiti-discovery.html>

broadcast-dns-service-discovery

From: https://nmap.org/nsedoc/scripts/broadcast-dns-service-discovery.html 

 nmap --script broadcast-dns-service-discovery

File broadcast-dhcp-discover

From: https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html 

sudo nmap --script broadcast-dhcp-discover

File broadcast-dhcp6-discover

sudo nmap -6 --script broadcast-dhcp6-discover

nmap cheat sheet

From: https://pentestlab.blog/2012/08/17/nmap-cheat-sheet/ 

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

nmap

From: http://krypted.com/tag/smb/ 

  Basic Scanning
  To then scan a computer, just use the mmap command followed by the host name or 
  even throw a -v option in there to see more information (you can use a hostname 
  or an IP):  nmap -v www.apple.com
  Use the -6 option if scanning via IPv6:
  nmap -v -6 8a33:1a2c::83::1a
  Firewalls
  Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on 
  firewalls. First, check whether there is actually a firewall using -s:
  nmap -sA www.apple.com 
  Scan even if the host is protected by a firewall: 
  nmap -PN www.apple.com
  Just check to see if some devices are up even if behind a firewall:
  nmap -sP 192.168.210.10-20
software/nmap.txt · Last modified: 2022/07/13 19:48 by superwizard