Pentest Book
Search…
Host Scanning

nmap

1
# Fast simple scan
2
nmap 10.11.1.111
3
4
# Nmap ultra fast
5
nmap 10.11.1.111 --max-retries 1 --min-rate 1000
6
7
# Get open ports
8
nmap -p - -Pn -n 10.10.10.10
9
10
# Comprehensive fast and accurate
11
nmap --top-ports 200 -sV -n --max-retries 2 -Pn --open -iL ips.txt -oA portscan_active
12
13
# Get sV from ports
14
nmap -pXX,XX,XX,XX,XX -Pn -sV -n 10.10.10.10
15
16
# Full complete slow scan with output
17
nmap -v -A -p- -Pn --script vuln -oA full 10.11.1.111
18
19
# Network filtering evasion
20
nmap --source-port 53 -p 5555 10.11.1.111
21
# If work, set IPTABLES to bind this port
22
iptables -t nat -A POSTROUTING -d 10.11.1.111 -p tcp -j SNAT --to :53
23
24
# Scan for UDP
25
nmap 10.11.1.111 -sU
26
nmap -sU -F -Pn -v -d -sC -sV --open --reason -T5 10.11.1.111
27
28
# FW evasion
29
nmap -f <IP>
30
nmap --mtu 24 <IP>
31
nmap --data-length 30 <IP>
32
nmap --source-port 53 <IP>
33
34
# Nmap better speed flags
35
--max-rtt-timeout: Time response per probe
36
--script-timeout: Time response per script
37
--host-timeout: Time response for host
38
--open: Avoid detection if filtered or closed
39
--min-rate
Copied!

shodan

1
# https://cli.shodan.io/
2
shodan host 151.101.1.68
Copied!
Export as PDF
Copy link
Edit on GitHub
Contents
nmap
shodan