Nmap
Network scanning tool with enumeration script to get detailed information about TCP/UDP ports, and the underlying system
Description
Nmap's main use case is finding open TCP ports, but while doing so, it can do much more.
Some useful options include (see man nmap
and docs for more details):
-sV
,-O
: Software versions, OS detection-sC
: Run default safe scripts-Pn
,-n
: Disable ping, disable DNS resolution-sS
,-T4
: Stealth scan (half connections, but requiressudo
), faster scanning speed-oN [filename]
: Output to fileSituational options:
-p [ports]
: Specify comma-separated or ranges of ports (-p-
= all ports)-sU
: Scan UDP instead of TCP (slower and often inconsistent)-vv
: Verbose output while scan is running, seeing open ports before completion10.10.10.0/24
: Subnets in target field
Tip: While running, there are a few useful keybinds to alter your scan:
v
: Increase verbosity[any]
: Print status update
Tip: Nmap is a binary that cannot simply be copied over to a compromised machine to scan from there, not even when compiled statically. It requires some folders for services and scripts which it cannot find and won't run.
The solution is to copy these folders over too, like done in the nmap-static-binaries
repository. After transferring this folder you can run ./nmap
Last updated