Pentest Book
Search…
Host Scanning

nmap

1
# Fast simple scan
2
nmap 10.11.1.111
3
4
# Nmap ultra fast
5
nmap 10.11.1.111 --max-retries 1 --min-rate 1000
6
7
# Get open ports
8
nmap -p - -Pn -n 10.10.10.10
9
10
# Get sV from ports
11
nmap -pXX,XX,XX,XX,XX -Pn -sV -n 10.10.10.10
12
13
# Full complete slow scan with output
14
nmap -v -A -p- -Pn --script vuln -oA full 10.11.1.111
15
16
# Network filtering evasion
17
nmap --source-port 53 -p 5555 10.11.1.111
18
# If work, set IPTABLES to bind this port
19
iptables -t nat -A POSTROUTING -d 10.11.1.111 -p tcp -j SNAT --to :53
20
21
# Scan for UDP
22
nmap 10.11.1.111 -sU
23
nmap -sU -F -Pn -v -d -sC -sV --open --reason -T5 10.11.1.111
24
25
# FW evasion
26
nmap -f <IP>
27
nmap --mtu 24 <IP>
28
nmap --data-length 30 <IP>
29
nmap --source-port 53 <IP>
30
31
# Nmap better speed flags
32
--max-rtt-timeout: Time response per probe
33
--script-timeout: Time response per script
34
--host-timeout: Time response for host
35
--open: Avoid detection if filtered or closed
36
--min-rate
Copied!
Last modified 4mo ago
Export as PDF
Copy link