forked from buckyroberts/Source-Code-from-Tutorials
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheatSheet.sh
More file actions
99 lines (63 loc) · 2.23 KB
/
cheatSheet.sh
File metadata and controls
99 lines (63 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
Tool used to scan a network to discover devices, ports, and services that are running.
Awesome network security tool
----------
# Scan a single target (sends packets and analyzes servers response)
nmap thenewboston.com
# Also by IP
nmap 54.186.250.79
This displays ports detected, states, and services associated with that port
----------
States
open - active and open to connections
closed - responds to probes but most likely no services running
filtered - usually means protected by firewall
unfiltered - Nmap cant determine whether its open or closed
----------
# Scan multiple targets by seperating with space
nmap 192.168.0.9 192.168.0.17 192.168.0.23
# Scan a range of IP addresses
nmap 192.168.0.1-30
# You can also scan an entire subnet (0-255)
nmap 192.168.0.*
----------
# Make a targets.txt file
cat targets.txt
- 54.186.250.79
- 192.168.0.3
# Scan a list of targets (iL means input or import from list)
nmap -iL targets.txt
----------
# Perform an aggressive scan (tries to detect OS, versions, traceroute, etc...) basically more info
nmap -A 54.186.250.79
----------
# Trace path to host (all the routers you pass through)
nmap --traceroute thenewboston.com
This is useful when you have a slow connection and you want to figure out where the bottle neck is.
----------
OS and service detection
# -O to try to detect operating system (usually able to determine the OS from the response)
nmap -O thenewboston.com
# Determine service versions
nmap -sV thenewboston.com
----------
Port scanning options
There are 65,535 ports available and by default Nmap only scans the 1,000 most popular ones
# -F to only scan the 100 most popular ones (DNS, http, ssh, ftp, etc...)
nmap -F thenewboston.com
# -p to only scan specific port(s)
nmap -p 20-25,80,443 thenewboston.com
# You can also scan ports by name
nmap -p http,mysql thenewboston.com
# Scan all ports (takes a long time)
nmap -p- 192.068.0.1
# Only display open ports (I use almost always)
nmap --open thenewboston.com
----------
# Save scan results to a text file (-oX for XML)
nmap -F -oN Desktop/results.txt thenewboston.com
cat Desktop/results.txt
----------
# Verbose updates you more in real time
nmap -v thenewboston.com
# Display NICs and routes for your system
nmap --iflist