Using Nmap On Linux To Scan For Open Ports On Remote Host

View previous topic View next topic Go down

Using Nmap On Linux To Scan For Open Ports On Remote Host

Post by jamied_uk on 8th May 2017, 23:44





Online Camera Feed Finder Using Range Of IP Part 1




Part 2



Script that finds hosts and scans ranges of ips!

Code:
sudo apt install -y nmap



check ports if pingable!
Code:
sudo nmap -O 199.20.14.237

 
check weather pingable or not and assume host is online!

Code:
sudo nmap -PN 199.20.14.237



Code:
sudo gedit .bashrc



.bashrc function


Code:
function portscan(){
# Usage: portscan 199.20.14.237
var="$1"
sudo nmap -PN $var
}





~~~~~~~~~~~~~~~~~~
More examples:



Specify a range with "-" or "/24" to scan a number of hosts at once:

Code:
sudo nmap -PN xxx.xxx.xxx.xxx-yyy



Scan a network range for available services:

Code:
sudo nmap -sP network_address_range



Scan without preforming a reverse DNS lookup on the IP address specified. This should speed up your results in most cases:

Code:
sudo nmap -n remote_host



Scan a specific port instead of all common ports:

Code:
sudo nmap -p port_number remote_host



To scan for TCP connections, nmap can perform a 3-way handshake (explained below), with the targeted port. Execute it like this:

Code:
sudo nmap -sT remote_host



To scan for UDP connections, type:

Code:
sudo nmap -sU remote_host



Scan for every TCP and UDP open port:
Code:
sudo nmap -n -PN -sT -sU -p- remote_host



A TCP "SYN" scan exploits the way that TCP establishes a connection.

To start a TCP connection, the requesting end sends a "synchronize request" packet to the server. The server then sends a "synchronize acknowledgment" packet back. The original sender then sends back an "acknowledgment" packet back to the server, and a connection is established.

A "SYN" scan, however, drops the connection when the first packet is returned from the server. This is called a "half-open" scan and used to be promoted as a way to surreptitiously scan for ports, since the application associated with that port would not receive the traffic, because the connection is never completed.

This is no longer considered stealthy with the adoption of more advanced firewalls and the flagging of incomplete SYN request in many configurations.

To perform a SYN scan, execute:

Code:
sudo nmap -sS remote_host



A more stealthy approach is sending invalid TCP headers, which, if the host conforms to the TCP specifications, should send a packet back if that port is closed. This will work on non-Windows based servers.

You can use the "-sF", "-sX", or "-sN" flags. They all will produce the response we are looking for:

Code:
sudo nmap -PN -p port_number -sN remote_host



To see what version of a service is running on the host, you can try this command. It tries to determine the service and version by testing different responses from the server:

Code:
sudo nmap -PN -p port_number -sV remote_host






digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nmap 7.01 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL : Input from list of hosts/networks
  -iR : Choose random targets
  --exclude : Exclude hosts/networks
  --excludefile : Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers : Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags : Customize TCP scan flags
  -sI : Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b : FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p : Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  --exclude-ports : Exclude the specified ports from scanning
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports : Scan most common ports
  --port-ratio : Scan ports more common than
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity : Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=: is a comma separated list of
           directories, script-files or script-categories
  --script-args=: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=: Show help about scripts.
           is a comma-separated list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take
avatar
jamied_uk
Admin

Posts : 2195
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

Re: Using Nmap On Linux To Scan For Open Ports On Remote Host

Post by jamied_uk on 27th May 2017, 14:17

Now Lets Scan The Whole Internet Very Happy

jnet.forumn.biz/t1506-linux-bash-mass-scanning-the-whole-internet-web-cams#2221

http://jnet.forumn.biz/t1506-linux-bash-mass-scanning-the-whole-internet-web-cams#2221
avatar
jamied_uk
Admin

Posts : 2195
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum