Skip to main content

Posts

Showing posts from June 15, 2017

Nmap: Discovery Options Overview (part-11)

  Discovery Options Discovery Options Overview Before port scanning a target, Nmap will attempt to send ICMP echo requests to see if the host is “alive.” This can save time when scanning multiple hosts as Nmap will not waste time attempting to probe hosts that are not online. Because ICMP requests are often blocked by firewalls, Nmap will also attempt to connect to port 80 and 443 since these common web server ports are often open (even if ICMP is not). The default discovery options aren’t useful when scanning secured systems and can hinder scanning progress. The following section describes alternative methods for host discovery which allows you to perform more comprehensive discovery when looking for available targets.

Nmap: How to Scan an IPv6 Target (part-10)

Scan an IPv6 Target The -6 parameter is used to perform a scan of an IP version 6 target . Usage syntax: nmap -6 [target] # nmap -6 fe80::29aa:9db9:4164:d80e Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-11 15:52 Central Daylight Time Interesting ports on fe80::29aa:9db9:4164:d80e: Not shown: 993 closed ports PORT STATE SERVICE 135/tcp open msrpc 445/tcp open microsoft-ds 5357/tcp open unknown 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 227.32 seconds Scanning an IPv6 address The example above displays the results of scanning an IP version 6 target. Most Nmap options support IPv6 with the exception of multiple target scanning using ranges and CIDR as they are pointless on IPv6 networks. note    Both the host and the target systems must support the IPv6 protocol in 44 order for a -6 scan to work.

Nmap: how to Perform an Aggressive Scan (part-9)

Perform an Aggressive Scan The -A parameter instructs Nmap to perform an aggressive scan . Usage syntax: nmap -A [target] # nmap -A 10.10.1.51 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-10 09:39 CDT Interesting ports on 10.10.1.51: Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http Linksys WAP54G wireless-G router http config |_ html-title: 401 Unauthorized | http-auth: HTTP Service requires authentication |_ Auth type: Basic, realm = Linksys WAP54G MAC Address: 00:12:17:AA:66:28 (Cisco-Linksys) Device type: general purpose Running: Linux 2.4.X OS details: Linux 2.4.18 - 2.4.35 (likely embedded) Network Distance: 1 hop Service Info: Device: WAP OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.61 seconds Output of an aggressive scan The aggressive scan selects some of the most commonly used options within Nmap and is provided...

Nmap: How to Exclude Targets Using a List (part-8)

 Exclude Targets Using a List The --excludefile option is similar to the --exclude option and can be used to provide a list of targets to exclude from a network scan. $ cat list.txt 192.168.10.1 192.168.10.12 192.168.10.44 Text file with hosts to exclude from a scan The example below demonstrates using the --excludefile argument to exclude the hosts in the list.txt file displayed above. Usage syntax: nmap [targets] --excludefile [list.txt] $ nmap 192.168.10.0/24 --excludefile list.txt Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-08 20:49 CDT Interesting ports on 192.168.10.100: Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs Nmap done: 253 IP addresses (1 host up) scanned in 33.10 second Excluding a list of hosts from a network scan In the above example, the targets in the list.txt file are excluded from the scan. Exclude Targets Using a List The --excludefile option is ...

Nmap: how to Exclude Targets from a Scan (part-7)

Exclude Targets from a Scan The --exclude option is used with Nmap to exclude hosts from a scan. Usage syntax: nmap [targets] --exclude [target(s)] $ nmap 192.168.10.0/24 --exclude 192.168.10.100 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-08 20:39 CDT Interesting ports on 192.168.10.1: Not shown: 996 filtered ports PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp closed ftp 23/tcp closed telnet 80/tcp open http ... Excluding a single IP fromhow  a scan The --exclude option is useful if you want to exclude specific hosts when scanning a large number of addresses. In the example above host 192.168.10.100 is excluded from the range of targets being scanned. The --exclude option accepts single hosts, ranges, or entire network blocks (using CIDR notation) as demonstrated in the next example. $ nmap 192.168.10.0/24 --exclude 192.168.10.100-105 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-08 20:39 CDT ... Excluding a range of IP addresses ...