NMAP port scanning

Show open services: nmap -sV <ip>

# nmap -sV


nmap -open <ip>  # show all open ports

Port scanning Techniques

  1. TCP SYN see that the host is up and port is open, Quick half-open scan
    • nmap -sS -p80
  2. XMAS scan - Sets bits for xmas, Sets the FIN, PSH, and URG flags, work for Unix, not windows cisco
    • nmap -sX -p80
  3. FIN scan - Sets just the TCP FIN bit.
    • nmap -sF -p80
  4. NULL scan - Does not set any bits (TCP flag header is 0)
    • nmap -sN -p80
  5. TCP ACK scan - used to map out firewall rulesets, determining which ports are filtered.
    • nmap -sA -p80
  6. Version
    • nmap -sV --version-intensity 2
  7. TCP connect - use this instead of TCP SYN if you don't have raw packet privileges
    • nmap -sT -p80
  8. UDP scan DNS 53, SNMP 161/162, and DHCP 67/68are three of the most common
    • nmap -sU -p53


You can tell if the port is open 

nmap -O


See the services that are running

nmap -sV -p80


Turn on aggressive

nmap -A -p80


Turn up the intensity

nmap -sV --version-intensity 9


search for open ports

nmap -O


This will give you the CVE (Common Vulnerabilities and Exposures) search metasploit by cve 

nmap -sV --script vuln -p80


script discovery

nmap -sP  --script discovery


Scan the UDP port to see if open

nmap -sU -pU:53


More Scan Examples

scans the source root directory for vunerabilities

nikto -h 


nikto -h

Try all the directories to see if any can be traversed

dotdotpwn -m http-url -u -k "passwd"


Damm Vuneralbe Web Application 


Click on security button to decrease the security level


theharvester you need to add the api_key to hunter

  1. register on hunter.io
  2. go to the web site: https://hunter.io/api_keys

docker images of honey pots on digital ocean

No class Feb 21st