nmap

Examples

  • nmap -p80 -Pn -iL liste1.txt -oG - | awk '/open/{print $2 " " $3}'
  • nmap -p80 10.167.1.0/24 -oG - | grep open
  • /usr/local/bin/nmap -Pn -T3 --open -pT:23,139,445,3389,4786,16992  --script smb-os-discovery.nse --script smb-vuln-ms17-010.nse --script cve-2017-7494.nse --script-args unsafe=1 --excludefile /root/bin/exclude_from_ossscan.txt 10.128.0.0/18 >> 10.128.0.0-18.oss &
  • nmap -Pn -T3 -n --randomize-hosts --script smb-os-discovery.nse -pT:139,445 10.152.192.0/18
  • nmap -T2 -p 22 --open -sV -oG sshserver 10.130.0.0/16
  • nmap -T2 -p T:6556 --open -v -sV -Pn -oG 20170510-nagios-10.135.0.0.gout 10.135.0.0/16
  • nmap -T4 -v -sV -sT -Pn  --reason -O -p1-65535 -oA ip_ranges_result -iL ip-list.txt | tee ip_ranges_result.output
  • nmap -sS -Pn  -sV --version-all --script "(default or safe or intrusive)" -p80,443 194.123.169.150
  • cat /home/pietzko/ip_ranges_result.gnmap | grep open | grep "\(21/open\|110/open\|143/open\|541/open\|587/open\|993/open\|995/open\|4101/open\|4520/open\|7501/open\|7504/open\|7547/open\|7999/open\|9997\)" | awk '{print $2}' | xargs nmap -sS -Pn  -sV --version-all --script "(default or safe or intrusive)" -pT:21,110,143,541,587,993,995,4101,4520,7501,7504,7547,7999,9997 -oA strange-ports

ntp

  • nmap -p123 -Pn -T4 -vv -n -sU -iR 10000 -oN nmap_ntp --open
  • nmap -sU -pU:123 -sV time.uni-konstanz.de --script=ntp-info.nse
  • nmap -sU -p123 -iL ntp_targ.txt --script ntp-info -Pn -n
  • nmap -sU -p 123 --script ntp-info
  • nmap -sU -pU:123 -Pn -n --script=ntp-monlist

Utilities

  • cat gscan.10.130.0.0-16.out | grep 445/open/t | awk '{print $2}' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 > 10.130.0.0-16.cifs
  • cat ip_ranges_result.gnmap | grep 21/open/tcp | awk '{print $2}' > ftpserver.list
  • nmap -sV -sC -iL ftpserver.list
  • cat ip_ranges_result.gnmap | grep Ports | awk '{ for (i=1;i<=NF;i++ ) printf $i "\n" }' | grep open | grep -v 443 | grep -v 80 | grep -v 22 | grep -v 25 | grep -v 53

pipe IPs to nmap

cat ip_ranges_result.gnmap | grep "80/open/tcp" | awk '{print $2}' | xargs nmap --script=http-headers