Jump to content

nmap tips and tricks


Cowboy Denny
 Share

Recommended Posts

I utilize nmap and netcat (nc) often to validate no firewall is blocking traffic.  Below you will find some of the userful commands I use

[root@usdet1lvdwb002 ~]# nmap -sS 10.47.38.55 -p443,4889,5443,8081,8443 --reason
Starting Nmap 7.70 ( https://nmap.org ) at 2022-04-07 14:12 EDT
Nmap scan report for oem-dev.int.thezah.com (10.47.38.55)

Host is up, received syn-ack ttl 244 (0.037s latency).

PORT     STATE SERVICE         REASON
443/tcp  open  https           syn-ack ttl 244
4889/tcp open  unknown         syn-ack ttl 244
5443/tcp open  spss            syn-ack ttl 244
8081/tcp open  blackice-icecap syn-ack ttl 244
8443/tcp open  https-alt       syn-ack ttl 244

Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds

 

[root@usdet1lvdwb002 ~]# nmap 10.47.38.55 -p443,4889,5443,8081,8443 -sF --scanflags URGPSH
Starting Nmap 7.70 ( https://nmap.org ) at 2022-04-07 14:17 EDT
Nmap scan report for oem-dev.int.thezah.com (10.47.38.55)

Host is up (0.036s latency).

PORT     STATE  SERVICE
443/tcp  closed https
4889/tcp closed unknown
5443/tcp closed spss
8081/tcp closed blackice-icecap
8443/tcp closed https-alt

Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds

 

[root@usdet1lvdwb002 ~]# nmap -sP -PS443,4889,5443,8081,8443 10.47.38.55
Starting Nmap 7.70 ( https://nmap.org ) at 2022-04-07 14:19 EDT
Nmap scan report for oem-dev.int.thezah.com (10.47.38.55)

Host is up (0.036s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds

 

[root@usdet1lvdwb002 ~]# nmap -sP -PA443,4889,5443,8081,8443 10.47.38.55
Starting Nmap 7.70 ( https://nmap.org ) at 2022-04-07 14:21 EDT
Nmap scan report for oem-dev.int.thezah.com (10.47.38.55)

Host is up (0.037s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds

 

[root@usdet1lvdwb002 ~]# nmap -sV -p443 10.47.38.55 --version-all
Starting Nmap 7.70 ( https://nmap.org ) at 2022-04-07 14:25 EDT
Nmap scan report for oem-dev.int.thezah.com (10.47.38.55)
Host is up (0.036s latency).

PORT    STATE SERVICE   VERSION
443/tcp open  ssl/https
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port443-TCP:V=7.70%T=SSL%I=9%D=4/7%Time=624F2CA3%P=x86_64-redhat-linux-
SF:gnu%r(GetRequest,232,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Thu,\x2007\x20
SF:Apr\x202022\x2018:26:05\x20GMT\r\nX-Content-Type-Options:\x20nosniff\r\
SF:nX-XSS-Protection:\x201;\x20mode=block\r\nX-ORCL-EMOA:\x20true\r\nConte
SF:nt-Length:\x20337\r\nConnection:\x20close\r\nContent-Type:\x20text/html
SF:;charset=ISO-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD
SF:\x20HTML\x203\.2\x20Final//EN\">\n<html>\n\x20<head>\n\x20\x20<title>In
SF:dex\x20of\x20/</title>\n\x20</head>\n\x20<body>\n<h1>Index\x20of\x20/</
SF:h1>\n<ul><li><a\x20href=\"bipunavailable\.html\">\x20bipunavailable\.ht
SF:ml</a></li>\n<li><a\x20href=\"favicon\.ico\">\x20favicon\.ico</a></li>\
SF:n<li><a\x20href=\"omsunavailable\.html\">\x20omsunavailable\.html</a></
SF:li>\n</ul>\n</body></html>\n")%r(HTTPOptions,F5,"HTTP/1\.1\x20200\x20OK
SF:\r\nDate:\x20Thu,\x2007\x20Apr\x202022\x2018:26:05\x20GMT\r\nX-Content-
SF:Type-Options:\x20nosniff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nAl
SF:low:\x20OPTIONS,HEAD,GET,POST\r\nX-ORCL-EMOA:\x20true\r\nContent-Length
SF::\x200\r\nConnection:\x20close\r\nContent-Type:\x20httpd/unix-directory
SF:\r\n\r\n")%r(FourOhFourRequest,1B7,"HTTP/1\.1\x20404\x20Not\x20Found\r\
SF:nDate:\x20Thu,\x2007\x20Apr\x202022\x2018:26:06\x20GMT\r\nX-Content-Typ
SF:e-Options:\x20nosniff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nConte
SF:nt-Length:\x20225\r\nConnection:\x20close\r\nContent-Type:\x20text/html
SF:;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF
SF://DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>404\x20Not\x20Found<
SF:/title>\n</head><body>\n<h1>Not\x20Found</h1>\n<p>The\x20requested\x20U
SF:RL\x20/nice\x20ports,/Trinity\.txt\.bak\x20was\x20not\x20found\x20on\x2
SF:0this\x20server\.</p>\n</body></html>\n")%r(RTSPRequest,1BA,"HTTP/1\.1\
SF:x20400\x20Bad\x20Request\r\nDate:\x20Thu,\x2007\x20Apr\x202022\x2018:26
SF::16\x20GMT\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:\x
SF:201;\x20mode=block\r\nContent-Length:\x20226\r\nConnection:\x20close\r\
SF:nContent-Type:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20
SF:HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n
SF:<title>400\x20Bad\x20Request</title>\n</head><body>\n<h1>Bad\x20Request
SF:</h1>\n<p>Your\x20browser\x20sent\x20a\x20request\x20that\x20this\x20se
SF:rver\x20could\x20not\x20understand\.<br\x20/>\n</p>\n</body></html>\n");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 373.98 seconds

 

You can also create an input txt file with IP and port like this

10.47.38.55 443,4889,5443,8081,8443
10.45.12.47 80,443,22

Then create your script on your linux box that looks like this

#!/bin/bash

if [ ! -f $1 ]
then
    echo "Error: Must supply file"
    exit
fi

while read -r line
do
    host=`echo $line | cut -d" " -f1`
    port=`echo $line | cut -d" " -f2`
    echo "Scanning $host : $port "
    nmap $host -p $port
done < $1

you would then run at your command prompt on your linux box where these two files are: bash script.sh input.txt

VERY VERY helpful.

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...