Nmap

Nmap is a very useful and effective port-scanner / network enumeration tool. Here are some fun things you can do with it:

Good opsec

Do not forget to use the following flag when stealth is important.

--script-args http.useragent="CUSTOM_AGENT"

Port Scans

Host Discovery (ping sweep)

nmap -sn <ip>/<cidr>

Aggressive Scan a single port

nmap -p<port> -A <ip>

Syn Scan for all open ports

nmap -p- -sS <ip>

Fuck you tell me scans (can be loud)

nmap -p- -v -T4 <ip>
nmap -p<ports> -sV -sC -T4 -Pn -oA <ip> <ip>

Threader3000

Threader3000 has quickly became my go to port scanning tool. It can be used to quickly scan all ports on a host, then perform a verbose Nmap scan on only the discovered ports. The speed and thoroughness of this tool just cant be beat

https://github.com/dievus/threader3000

pip install threader3000
threader3000

Enumeration

SMB Enumeration

nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>

RPC Enumeration

nmap -p 111 --script=nds-la,nfs-statfs,nfs-showmount <ip>

PreviousKernal NextOSINT

Last updated 2 years ago