diff --git a/tools/nmap.md b/tools/nmap.md index bbc7a8c..2f7f2cc 100644 --- a/tools/nmap.md +++ b/tools/nmap.md @@ -2,13 +2,13 @@ Notes ------- -What is Nmap? -Nmap("Network Mapper") is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. + +Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. It is the most popular and widely docuemnted network scanner. Help Text ------- ``` -Nmap 6.25 ( http://nmap.org ) +Nmap 6.45 ( http://nmap.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. @@ -59,7 +59,7 @@ SCRIPT SCAN: --script-trace: Show all data sent and received --script-updatedb: Update the script database. --script-help=: Show help about scripts. - is a comma separted list of script-files or + is a comma-separated list of script-files or script-categories. OS DETECTION: -O: Enable OS detection @@ -84,6 +84,7 @@ FIREWALL/IDS EVASION AND SPOOFING: -S : Spoof source address -e : Use specified interface -g/--source-port : Use given port number + --proxies : Relay connections through HTTP/SOCKS4 proxies --data-length : Append random data to sent packets --ip-options : Send packets with specified ip options --ttl : Set IP time-to-live field @@ -103,7 +104,7 @@ OUTPUT: --append-output: Append to rather than clobber specified output files --resume : Resume an aborted scan --stylesheet : XSL stylesheet to transform XML output to HTML - --webxml: Reference stylesheet from Nmap.Org for more portable XML + --webxml: Reference stylesheet from Nmap.org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/XML output MISC: -6: Enable IPv6 scanning @@ -119,11 +120,13 @@ EXAMPLES: nmap -v -sn 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -Pn -p 80 SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES + ``` + Example Usage ------- # nmap -O -v scanme.nmap.org - +``` Starting Nmap ( http://nmap.org ) Nmap scan report for scanme.nmap.org (74.207.244.221) Not shown: 994 closed ports @@ -146,7 +149,87 @@ IP ID Sequence Generation: All zeros Read data files from: /usr/local/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 5.58 seconds Raw packets sent: 1063 (47.432KB) | Rcvd: 1031 (41.664KB) +``` + +# nmap -A -T4 -p- -oX XMLoutput.xml scanme.nmap.org +``` +Starting Nmap 6.45 ( http://nmap.org ) at 2014-04-21 22:16 HST +Warning: 74.207.244.221 giving up on port because retransmission cap hit (6). +Nmap scan report for scanme.nmap.org (74.207.244.221) +Host is up (0.027s latency). +Not shown: 63194 closed ports, 2338 filtered ports +PORT STATE SERVICE VERSION +22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0) +| ssh-hostkey: +| 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA) +|_ 2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA) +80/tcp open http Apache httpd 2.2.14 ((Ubuntu)) +|_http-title: Go ahead and ScanMe! +9929/tcp open nping-echo Nping echo +Device type: general purpose +Running (JUST GUESSING): Linux 2.6.X|3.X (91%) +OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 +Aggressive OS guesses: Linux 2.6.39 (91%), Linux 2.6.32 - 2.6.39 (89%), Linux 2.6.32 - 3.6 (88%), Linux 3.0 - 3.9 (86%), Linux 2.6.22 - 2.6.36 (85%), Linux 2.6.37 (85%) +No exact OS matches for host (test conditions non-ideal). +Network Distance: 2 hops +Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel +TRACEROUTE (using port 80/tcp) +HOP RTT ADDRESS +1 22.47 ms 192.168.1.254 +2 22.38 ms scanme.nmap.org (74.207.244.221) + +OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 1274.85 seconds +``` + +# nmap -PR -sn -n 192.168.1.0/24 +``` +Starting Nmap 6.45 ( http://nmap.org ) at 2014-04-21 22:17 HST +Nmap scan report for 192.168.1.55 +Host is up (0.00020s latency). +MAC Address: 12:EE:F2:93:42:9E (Unknown) +Nmap scan report for 192.168.1.64 +Host is up (0.065s latency). +MAC Address: A4:A2:4A:20:89:FE (Cisco Spvtg) +Nmap scan report for 192.168.1.65 +Host is up (0.064s latency). +MAC Address: 60:2A:D0:5F:E3:AE (Cisco Spvtg) +Nmap scan report for 192.168.1.66 +Host is up (0.064s latency). +MAC Address: 60:2A:D0:5F:E0:F9 (Cisco Spvtg) +Nmap scan report for 192.168.1.67 +Host is up (0.13s latency). +MAC Address: AC:81:12:35:B4:AE (Gemtek Technology Co.) +Nmap scan report for 192.168.1.73 +Host is up (0.13s latency). +MAC Address: 00:16:EB:0E:1E:84 (Intel Corporate) +Nmap scan report for 192.168.1.77 +Host is up (0.20s latency). +MAC Address: 88:32:9B:34:F4:F9 (Samsung Electro Mechanics co.) +Nmap scan report for 192.168.1.110 +Host is up (0.0023s latency). +MAC Address: 12:EE:F2:93:42:9E (Unknown) +Nmap scan report for 192.168.1.254 +Host is up (0.0045s latency). +MAC Address: 28:16:2E:73:78:C1 (2Wire) +Nmap scan report for 192.168.1.75 +Host is up. +Nmap done: 256 IP addresses (10 hosts up) scanned in 3.56 seconds +``` +# nmap -p 80 --script http-title -Pn -n google.com +``` +Starting Nmap 6.45 ( http://nmap.org ) at 2014-04-21 22:19 HST +Nmap scan report for google.com (72.234.39.57) +Host is up (0.014s latency). +Other addresses for google.com (not scanned): 72.234.39.45 72.234.39.59 72.234.39.38 72.234.39.49 72.234.39.30 72.234.39.34 72.234.39.23 72.234.39.27 72.234.39.44 72.234.39.29 72.234.39.19 72.234.39.42 72.234.39.15 72.234.39.53 +PORT STATE SERVICE +80/tcp open http +| http-title: Google +|_Requested resource was http://www.google.com/ + +Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds +``` Links ------- http://nmap.org/