NMAP

  • To find all open ports (TCP)

    • use --min-rate according to the environment in which you are testing

    • use -Pn in windows environment

nmap -sT -p- --min-rate 10000 [IP] -Pn -oA nmap_ports
nmap -sS -p- --min-rate 10000 [IP] -Pn -oA nmap_ports

  • To print only ports

cat nmap_ports.nmap | awk '/^[0-9]+\/tcp/ {gsub("/tcp",""); print $1}' | tr '\n' ',' | sed 's/,$/\n/'

  • To run an in-depth scan of open ports

    • -A to Enable OS detection, version detection, script scanning, and traceroute

    • -sC to perform a script scan using the default set of scripts

    • -sV to Probe open ports to determine service/version info

nmap -sC -sV -p [Ports] [IP] -Pn -oA nmap_ports_details

  • To find nmap scripts

ls -la /usr/share/nmap/scripts/ | grep ftp-*

  • If TCP scan is not possibel or take too much time or give false negatives we can use SYN scan

nmap -sS -p- --min-rate 10000 $IP -Pn -oA nmap_ports
PreviousGeneralNextPowershell

Last updated