* nmap –script-updatedb
* nmap -p 1-65535 -T4 -A -v
* nmap -p 1-65535 -sV -sS -T4 IP
* nmap -sC -sV -oA name ip
* nmap -T4 -A -sV -v3 -d -oA output –script all target
Ping scan on the local LAN
nmap -sn -n 10.100.13.0/24
Service scan on the alive hosts
nmap -Pn -sV -n 10.100.13.1,126 --script=smb-os-discovery.nse
/usr/share/nmap/scripts/
less name.nmap
- nmap -sS tcp sync
- nmap -sT full tcp
- nmap -sU udp
- nmap -oX output xml format
- xsltproc portscan.xml -o portscan.html
Zombie Scan
- find incremental fragmentation IP ID +1
- nmap -O -v -n ip
- if IP ID Sequence is incremental host is good
Use Zombie to scan other host
1.nmap -Pn -sI zombieip:openport targetip -p23 -v
ARP network discovery
sudo netdiscover -i tap0 -r 172.16.5.0/24
sudo nmap -PR -sn 172.16.5.*
Scan for DNS servers
sudo nmap -sT -p53 172.16.5.0/24
sudo nmap -sU -p53 172.16.5.0/24
sudo nmap -sV –script /usr/share/nmap/scripts/nmap-vulners.nse 192.168.68.112
RootSecurity 