Network Scanning
Page contains usage for nmap and masscan, glossary for types of scans, and refers to other scanning scripts/tools.
Nmap
Nmap scans often used
Fast noisy initial scans for labs
-T5: Insane timing ; -sC: enable the most common scripts; -sV: version detection ; -oN: output to file;
Sample Nmap scans
Note worthy Nmap switches:
Scan network for live hosts
Scan network for specific ports open/closed
-sT: TCP Connect (Full open scan)
Stealth scan network for specific ports open/closed
-sS: SYN Scan (Half-open scan)
Scan host with OS detection
Scan host with all detections
-A: Enables OS detection, version detection, script scanning, and traceroute
Stealth scan and add a decoy traffic
-D: Cloak a scan with decoys. Makes it appear to the remote host that the host(s) you specify as decoys are scanning the target network too.
Scan to identify HTTP WAF
Nmap Scripting Engine
List of all NSE scripts: https://nmap.org/nsedoc/
Scan host with all vuln NSE scripts
Nmap Scanning resources
Null byte using nmap to scan for DoS attacks: https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/
Masscan
Python
Scan network for IP and mac address
python3 network_scanner.py -t 10.0.2.1/24
Ref: https://levelup.gitconnected.com/writing-a-network-scanner-using-python-a41273baf1e2
Glossary
TCP Connect (Full open scan)
SYN Scan (Half open Scan)
Other scanning tools
Multi-threaded Python Port Scanner: https://github.com/dievus/threader3000
Last updated