Difference between revisions of "Nmap"
Jump to navigation
Jump to search
↑ https://nmap.org/book/nping-man.html
↑ https://www.aldeid.com/wiki/Nping
↑ https://serverfault.com/a/608976
(48 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | '''[[wikipedia:Nmap| | + | {{lowercase}} |
+ | <code>'''[[wikipedia:Nmap|nmap]]'''</code> ([[1997]]) (''Network Mapper'') is a security [[Network scanner|scanner]] developed by [[Gordon Lyon]] that can be used to discover [[Host (network)|hosts]] and [[Web service|services]] on a computer or [[computer network]]. Includes at least nmap and nping binaries. | ||
+ | |||
+ | == Installation == | ||
+ | * <code>apt install nmap</code> or <code>snap install nmap</code> | ||
+ | |||
== Basic nmap commands == | == Basic nmap commands == | ||
− | * Basic nmap | + | |
− | **<code>nmap - | + | * Basic nmap [[port]] scan (not all ports are scanned): |
− | **<code>nmap - | + | **<code>nmap -Pn HOSTNAME_OR_NET_TO_SCAN</code> |
+ | **<code>nmap -Pn HOSTNAME_OR_NET_TO_SCAN -p 80,443</code> | ||
+ | -Pn (No ping), do not verify is host is up | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | **Scan all [[port]]s (1 – 65535) | ||
+ | *** <code>nmap -p- 192.168.0.1</code> | ||
**<code>nmap HOSTNAME_TO_SCAN</code> | **<code>nmap HOSTNAME_TO_SCAN</code> | ||
− | * | + | |
− | :<code>-sn: Ping scan so disable port scan</code> | + | |
+ | * Network scan: | ||
+ | **<code>nmap -sn 192.168.0.*</code> (-sn - [[ping]] scan so No/disable [[port scan]]) | ||
+ | :::<code>-sn: [[Ping]] scan so disable port scan</code> | ||
+ | |||
+ | |||
+ | * [[OS]] detection: | ||
+ | ::<code>nmap -O IP</code> | ||
+ | |||
+ | *<code>nmap -A IPAddress</code> equivalent to <code>nmap -sV -sC -O -traceroute IPaddress</code> | ||
== Basic nping commands == | == Basic nping commands == | ||
Line 15: | Line 37: | ||
** <code>nping -c 3 --tcp -p 443 --flags syn google.com</code><ref>https://www.aldeid.com/wiki/Nping</ref> | ** <code>nping -c 3 --tcp -p 443 --flags syn google.com</code><ref>https://www.aldeid.com/wiki/Nping</ref> | ||
* <code>nping -H -tr 8.8.8.8</code> (-H Hide-sent do not display sent packets, -tr traceroute) | * <code>nping -H -tr 8.8.8.8</code> (-H Hide-sent do not display sent packets, -tr traceroute) | ||
+ | |||
+ | ==Basic port scanning== | ||
+ | *Scan common ports | ||
+ | ::<code>nmap -F 192.168.0.1</code> | ||
+ | |||
+ | *Scan all [[port]]s (1 – 65535) | ||
+ | ::<code>nmap -p- 192.168.0.1</code> | ||
+ | |||
+ | *To scan using [[TCP connect]] | ||
+ | ::<code>nmap -sT 192.168.0.1</code> | ||
+ | |||
+ | *To perform the default [[SYN]] scan | ||
+ | ::<code>nmap -sS 192.168.0.1</code> | ||
+ | |||
+ | *The nmap utility can be used to detect the [[operating system]] of a particular target | ||
+ | ::<code>[[nmap -A]] 192.168.0.1</code> | ||
+ | |||
+ | ==Banner Grabbing== | ||
+ | * <code>-sV</code>: Probe open ports to determine service/version info | ||
+ | |||
+ | * <code>nmap -sV --version-intensity 5 xxxxxx.com -p 80</code> | ||
+ | |||
+ | The <code>-sV</code> option lets us fetch the software versions, and by adding <code>--version-intensity 5</code>, we can get the maximum number of possible details about the remote running software. | ||
+ | |||
+ | By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily: | ||
+ | |||
+ | * <code>nmap -sV --script=banner IP</code> | ||
== Activities == | == Activities == | ||
Line 21: | Line 70: | ||
=== Advanced === | === Advanced === | ||
− | # Read [[ | + | # Read [[nmap Changelog]]: https://nmap.org/changelog.html |
+ | |||
+ | == Related == | ||
+ | * [[Idle scan]] | ||
+ | * [[sslcan]] | ||
==See also== | ==See also== | ||
+ | * {{nmap}} | ||
+ | * {{Security tools}} | ||
* [[Wikibooks:Hacking/Tools/Network/Nmap]] | * [[Wikibooks:Hacking/Tools/Network/Nmap]] | ||
− | * | + | * {{ping}} |
− | * | + | * {{netcat}} |
− | * | + | * {{tcpdump}} |
− | |||
* {{fail2ban}} | * {{fail2ban}} | ||
* [[MASSCAN]] | * [[MASSCAN]] | ||
− | + | * {{whois}} | |
− | |||
− | * | ||
− | |||
Latest revision as of 12:02, 27 February 2024
nmap
(1997) (Network Mapper) is a security scanner developed by Gordon Lyon that can be used to discover hosts and services on a computer or computer network. Includes at least nmap and nping binaries.
Contents
Installation[edit]
apt install nmap
orsnap install nmap
Basic nmap commands[edit]
- Basic nmap port scan (not all ports are scanned):
nmap -Pn HOSTNAME_OR_NET_TO_SCAN
nmap -Pn HOSTNAME_OR_NET_TO_SCAN -p 80,443
-Pn (No ping), do not verify is host is up
- Scan all ports (1 – 65535)
nmap -p- 192.168.0.1
nmap HOSTNAME_TO_SCAN
- Scan all ports (1 – 65535)
-sn: Ping scan so disable port scan
- OS detection:
nmap -O IP
nmap -A IPAddress
equivalent tonmap -sV -sC -O -traceroute IPaddress
Basic nping commands[edit]
nping is packet generation, response analysis and response time measurement available since 2011 and developed by nmap developers
- "TCP ping":
nping -H -tr 8.8.8.8
(-H Hide-sent do not display sent packets, -tr traceroute)
Basic port scanning[edit]
- Scan common ports
nmap -F 192.168.0.1
- Scan all ports (1 – 65535)
nmap -p- 192.168.0.1
- To scan using TCP connect
nmap -sT 192.168.0.1
- To perform the default SYN scan
nmap -sS 192.168.0.1
- The nmap utility can be used to detect the operating system of a particular target
nmap -A 192.168.0.1
Banner Grabbing[edit]
-sV
: Probe open ports to determine service/version info
nmap -sV --version-intensity 5 xxxxxx.com -p 80
The -sV
option lets us fetch the software versions, and by adding --version-intensity 5
, we can get the maximum number of possible details about the remote running software.
By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily:
nmap -sV --script=banner IP
Activities[edit]
Basic[edit]
- Use nping to execute a "tcp ping": Check TCP connectivity
Advanced[edit]
Related[edit]
See also[edit]
- Security tools: Vulnerability scanner, port scan, Host sweep,
nmap
,nping
,ncat, nc
,psad
, Gordon Lyon - Security tools: Password cracking, Vulnerability Scanning, Chainguard
- Wikibooks:Hacking/Tools/Network/Nmap
ping
,nping
,arping
,fping, gping
,hping
,mtr
,traceroute
,tcptraceroute
,tracepath
,Test-Connection
Powershell cmdlet,iperf
, Ping (PAN-OS), BWPing,check_ping
,ping -M
,ios ping, ping -a
telnet
,netcat, nc, nc -l
,ncat
,socat, ngrok
- Packet analyzer:
tcpdump
,Wireshark
, snoop (Solaris),ngrep
, Wireshark,dSniff
, netsniff-ng, Corvil, PAN-OS, pcap - Port knocking,
fail2ban
[3]fwknop
, DenyHosts - MASSCAN
whois
, IP address,geoiplookup
,ip2location
Advertising: