- Quick commands
https://github.com/DevilSquidSecOps/NetworkOps/edit/master/Nmap.md - -sC means connect scan
- -sV means do version dection of port service
- -oA means ouput to .nmap .gnmap and .xml formats to specified file
- –top-ports you can specify 100,1000,10000
- -oN <filename> export to a normal file(like nmaps normal output)
- -sS syn scan
Initial Scan
nmap -oN scan.nmap -v -sS -sU -T5 –top-ports 1000 10.10.10.51
nmap -sC -sV -oA fighter 10.10.10.72
Scan top 10,000 ports
- avg 134.74 seconds
nmap -oN scan.nmap -v -sS -sV –top-ports 1000 10.10.10.7
Using Vulners nse script
nmap -oN vulners.nmap -sV –version-intensity 9 –script vulners -p 80 10.10.10.37
Scan All ports
nmap -p- -T5 -oN all.nmap 10.10.10.51
Grep open ports
- need nmap gerppable file
grep -oP ‘\d{1,5}/open’ scan.grep
Awk Open ports and pipe to new NMAP scan
- -F ” |/” sets the field separator ie; 22/open
- /open/ on any line that has “open” in it
- {print $1} print the first field of that line ie; “22” if the line started with 22/open
- {print \$NF”:”\$4} this would print the last field in the line followed by a colon and then the 4th field
- ORS=”,” this replaces the newline chars with a comma putting all ports from an nmap scan into one line separated by commas
- {print substr(\$1, 1, length(\$1)-1)} choose the line “\$1, 1,” and make it’s length the line itself minus one char “length(\$1)-1)}”
- -I ‘{}’ Finally pipe to xargs with these params to store the line with now comma separated ports and feed into nmap
awk -F” |/” ‘/open/ {print $1}’ ORS=”,” scan.nmap | awk ‘{print substr($1, 1, length($1)-1)}’ | xargs -I ‘{}’ nmap -v -sV –version-intensity 9 –script vulners -p {} 10.10.10.11