Nmap bestpractice
Version vom 14. Oktober 2020, 07:31 Uhr von Thomas.will (Diskussion | Beiträge) (→vollständiger connect)
basics
reine pings scan
- nmap -sP 192.168.66.0/24
schneller scan mit weniger Ports
- nmap -F 192.168.66.0/24
vollständiger connect
SYN - SYN/ACK - ACK - RST
- nmap -sT 192.168.66.52
einfacher scan
SYN - SYN/ACK - RST (ohne root rechte möglich)=
- nmap -sS 192.168.244.52
udp scan
ports von 50 bis 70 werden gescanned (zeigte keine gewünschte ergebnisse)
- nmap -sU 192.168.244.52 -p 50-70
tcp und udp scan
- nmap -sTU 192.168.244.52
bestimmer Ports scannen
- nmap -p21,22,80 192.168.244.52
alle Ports scannen
- nmap -p- 192.168.244.52
reverse auflösung der host
- nmap -sL 192.168.244.50-60
Angabe von Source Address und Interface
- nmap -e eth0 -S 192.168.100.254 -P0 -sS 192.168.100.72
kompletter scan in numerischer reihenfolge
-r numerische reihenfolge -p- alle ports -v verbose
- nmap -v -r -p- -sS 192.168.244.52
os detection
- nmap -O 192.168.242.50
Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-14 14:05 CEST Nmap scan report for 192.168.242.50 Host is up (0.00013s latency). Not shown: 991 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown 49157/tcp open unknown MAC Address: 48:5B:39:AD:8A:F3 (Asustek Computer) Device type: general purpose Running: Microsoft Windows 2008|7 OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8 OS details: Microsoft Windows Server 2008 SP2, Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8 Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 83.95 seconds
Aktiviert OS detection und Version detection, Script scanning und Traceroute
-T 4 timing
- nmap -A -T 4 192.168.242.50
Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-14 14:22 CEST Nmap scan report for 192.168.242.50 Host is up (0.00015s latency). Not shown: 991 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open netbios-ssn 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49155/tcp open msrpc Microsoft Windows RPC 49156/tcp open msrpc Microsoft Windows RPC 49157/tcp open msrpc Microsoft Windows RPC MAC Address: 48:5B:39:AD:8A:F3 (Asustek Computer) Device type: general purpose Running: Microsoft Windows 2008|7 OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8 OS details: Microsoft Windows Server 2008 SP2, Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8 Network Distance: 1 hop Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_nbstat: NetBIOS name: WIN-VJCRWQXC6A7, NetBIOS user: <unknown>, NetBIOS MAC: 48:5b:39:ad:8a:f3 (Asustek Computer) | smb-os-discovery: | OS: Windows Server (R) 2008 Enterprise 6001 Service Pack 1 (Windows Server (R) 2008 Enterprise 6.0) | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1 | Computer name: WIN-VJCRWQXC6A7 | NetBIOS computer name: WIN-VJCRWQXC6A7 | Workgroup: WORKGROUP |_ System time: 2015-10-14T14:23:23+02:00 | smb-security-mode: | Account that was used for smb scripts: guest | User-level authentication | SMB Security: Challenge/response passwords supported |_ Message signing disabled (dangerous, but default) |_smbv2-enabled: Server supports SMBv2 protocol TRACEROUTE HOP RTT ADDRESS 1 0.16 ms 192.168.242.50 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 64.83 seconds
Timing Template
Timing Templates werden benutzt wenn man vermutet das die Firewall einen Portscan erkennt und man deshalb verzögert scannen will.
- nmap -A -T sneaky 192.168.242.50
Es gibt folgende Templates
- paranoid (0)- verhindert IDS Erkennung
- sneaky (1) - verhindert IDS Erkennung
- polite (2) - langsamer Scan
- normal (3) - normaler Scan
- aggressive (4) - setzt schnelles Netzwerk voraus
- insane (5) - - setzt sehr schnelles Netzwerk voraus