nmap

Descobrindo status das principais portas

# COMMAND
nmap -Pn -F {host}

# Output Sample
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-06 15:35 EDT
Nmap scan report for scanme.nmap.com (45.33.32.156)
Host is up (0.23s latency).
Other addresses for scanme.nmap.com (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: scanme.nmap.org
Not shown: 94 closed ports
PORT    STATE    SERVICE
22/tcp  open     ssh
25/tcp  filtered smtp
80/tcp  open     http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 8.47 seconds

{host}: domain ou ip
-F: principais portas
-Pn: não executar ping no mapeamento

Fingerprint de serviços e SO

# COMMAND
nmap -A -F {host}

# Output Sample
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-06 15:36 EDT
Nmap scan report for scanme.nmap.com (45.33.32.156)
Host is up (0.26s latency).
Other addresses for scanme.nmap.com (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: scanme.nmap.org
Not shown: 94 closed ports
PORT    STATE    SERVICE      VERSION
22/tcp  open     ssh          OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA)
|   2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA)
|   256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA)
|_  256 33:fa:91:0f:e0:e1:7b:1f:6d:05:a2:b0:f1:54:41:56 (ED25519)
25/tcp  filtered smtp
80/tcp  open     http         Apache httpd 2.4.7 ((Ubuntu))
|_http-favicon: Nmap Project
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Go ahead and ScanMe!
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.40 seconds

-A: Enable OS detection, version detection, script scanning, and traceroute.

Descobrir hosts ativos na rede

# COMMAND
nmap -sP {BASE_IP}.*

# ex: nmap -sP 192.168.0.*

# Output Sample
$ nmap -sP 10.0.2.*
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-06 15:43 EDT
Nmap scan report for 10.0.2.2
Host is up (0.00083s latency).
Nmap scan report for 10.0.2.3
Host is up (0.0011s latency).
Nmap scan report for 10.0.2.4
Host is up (0.0011s latency).
Nmap scan report for 10.0.2.15
Host is up (0.00088s latency).
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.98 seconds

-sP: This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the scan.

PortScan com IPs randômicos

# COMMAND
nmap -D RND:20 --top-ports=25 --open -Pn {IP}

-D RND:20 : Decoy, vai realizar o ataque simulando 20 endereços IPs randômicos.

Previousnetstat Nexth8mail

Last updated 4 years ago

Was this helpful?