Host Scanning


# Fast simple scan

# Nmap ultra fast
nmap --max-retries 1 --min-rate 1000

# Get open ports
nmap -p - -Pn -n

# Comprehensive fast and accurate
nmap --top-ports 200 -sV -n --max-retries 2 -Pn --open -iL ips.txt -oA portscan_active

# Get sV from ports
nmap -pXX,XX,XX,XX,XX -Pn -sV -n

# Full complete slow scan with output
nmap -v -A -p- -Pn --script vuln -oA full

# Network filtering evasion
nmap --source-port 53 -p 5555
    # If work, set IPTABLES to bind this port
    iptables -t nat -A POSTROUTING -d -p tcp -j SNAT --to :53

# Scan for UDP
nmap -sU
nmap -sU -F -Pn -v -d -sC -sV --open --reason -T5

# FW evasion
nmap -f <IP>
nmap --mtu 24 <IP>
nmap --data-length 30 <IP>
nmap --source-port 53 <IP>

# Nmap better speed flags
--max-rtt-timeout: Time response per probe
--script-timeout: Time response per script
--host-timeout: Time response for host
--open: Avoid detection if filtered or closed


shodan host

Last updated