nmap

referensi :

Beberapa intruksi bagus :

guide : nmap [Scan Type(s)] [Options] {target specification}

scan ip :

nmap $IP

scan host :

nmap hostname.com

scan range IP :

nmap 192.168.1.1-20

scan subnet

nmap 192.168.1.0/24

port selection : (single)

nmap -p 80 $IP

port selection : (most commond)

nmap -F $IP

port selection : (range)

nmap -p 1-100 $IP

port selection : (all)

nmap -p- $IP

scaning mesin :

nmap -v -sS -O 192.168.0.254
nmap –sV –O 192.168.12.120
nmap –Pn --script vuln 192.168.12.120
-v
untuk verbose supaya banyak keluar informasi
-sS
scanning port dengan mengirim paket SYNC
-O
dicoba juga untuk menebak sitem operasi yang digunakan

very verbose :

nmap -vv $IP

bypass firewall :

nmap -Pn $IP

default scan :

nmap -vv -sC -sV -oN nmap.log $IP

complete scan :

nmap -vv -A -p- -oN nmap-complete.log $IP

vulnerability scan :

nmap -vv --script vuln -oN nmap-vuln.log $IP

http scan :

nmap -vv --script http* -oN nmap-http.log $IP

mysql scan :

nmap -vv --script mysql* -oN nmap-mysql.log $IP

ftp scan :

nmap -vv --script ftp* -oN nmap-ftp.log $IP

smb scan :

nmap -vv --script smb* -oN nmap-smb.log $IP

ssh scan :

nmap -vv --script ssh* -oN nmap-ssh.log $IP

ip address information :

nmap --script=asn-query,whois,ip-geolocation-maxmind $IP

passing brute force :

nmap --script=ssh-brute --script-args userdb=usernames.lst,passwd=passwords.lst $IP

brute force ftp password :

nmap -p21 –script ftp-brute.nse –script-args userdb=rockyou.txt,passdb=rockyou.txt 192.168.1.105

brute force telnet password :

nmap -p23 --script telnet-brute.nse --script-args userdb=rockyou.txt,passdb=rockyou.txt 192.168.1.105

brute force smb password :

nmap --script smb-brute.nse -p445 192.168.0.7
nmap --script smb-brute.nse -p445 192.168.0.80
nmap -sU -sS --script smb-brute.nse -p U:137,T:139 192.168.0.80
nmap –p445 –script smb-brute.nse –script-args userdb=/root/Desktop/user.txt,passdb=/root/Desktop/pass.txt 192.168.1.105

brute force mysql : *masih ada catatan

nmap --script=mysql-brute <target>
nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace  192.168.0.100
nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100