Nmap

Network Scanning Tool

$nmap google.com - gives the ip address and shows the open ports

$nmap -o nmap.org - detects the operating system of web server running.

Basic Scaning Technique

Commands:-

1.Nmap 192.168.x.x

2.nmap 192.168.y.y 192.168.z.z - multiple scans

3.nmap 192.168.1.1-100 scan a range of ip.

4.nmap 192.168.1.0/24 - scan the entire subnet.

List of ip address scanning

1.$cat list.txt

2.nmap -iL list.txt

3.nmap 192.168.1.0/24 --exclude 192.168.1.100

Discovery Scanning Options

Commands

1.$nmap -Pn 192.168.1.111 (Don't Ping)

2.$nmap -sP 192.168.75.111 (Ping only scan)

3.$nmap --traceroute demo.testfire.net

Advanced Scanning Options:

$nmap -sS 192.168.x.x (TCP Syn Scan)

Three way handshake

syn->

syn+ack<-

ack + rst ->

$nmap -sT 192.168.x.x (TCP Connect Scan)

Three way shake complete

$nmap -sF 192.168.x.x (TCP FYN/FIN Scan)

$nmap -sX 192.168.x.x (TCP Xmas Scan)

nmap -F ip  100 ports

nmap -p 80 ip - specific port will scan

nmap -O ip - operating system scanning.

Timing Options

Commands

nmap -T4 ip - 

t0 extremely slow , t5 very fast and aggressive scan

Evading Firewall

1.nmap -f ip - 

fragment probes into 8-bytes packets. Bypass Firewall

2.nmap -D RND:10 ip (10 random decoy) - 

Output Options

nmap -oX scan.xml ip (xml file)

nmap -o scan.txt ip (txt file)

Nmap Script Engine (NSE)

nmap --script default ip