NMAP port scanning

Show open services: nmap -sV <ip>

# nmap -sV 192.168.1.1-254

or 

nmap -open <ip>  # show all open ports

Port scanning Techniques

  1. TCP SYN see that the host is up and port is open, Quick half-open scan
    • nmap -sS -p80 192.168.56.102
  2. XMAS scan - Sets bits for xmas, Sets the FIN, PSH, and URG flags, work for Unix, not windows cisco
    • nmap -sX -p80 192.168.56.102
  3. FIN scan - Sets just the TCP FIN bit.
    • nmap -sF -p80 192.168.56.102
  4. NULL scan - Does not set any bits (TCP flag header is 0)
    • nmap -sN -p80 192.168.56.102
  5. TCP ACK scan - used to map out firewall rulesets, determining which ports are filtered.
    • nmap -sA -p80 192.168.56.102
  6. Version
    • nmap -sV --version-intensity 2 192.168.56.102
  7. TCP connect - use this instead of TCP SYN if you don't have raw packet privileges
    • nmap -sT -p80 192.168.56.102
  8. UDP scan DNS 53, SNMP 161/162, and DHCP 67/68are three of the most common
    • nmap -sU -p53 192.168.56.102

 

You can tell if the port is open 

nmap -O 192.168.56.102

 

See the services that are running

nmap -sV -p80 10.0.2.15

 

Turn on aggressive

nmap -A -p80 10.0.2.15

 

Turn up the intensity

nmap -sV --version-intensity 9 10.0.2.15

 

search for open ports

nmap -O 192.168.56.102

 

This will give you the CVE (Common Vulnerabilities and Exposures) search metasploit by cve 

nmap -sV --script vuln -p80 192.168.56.102

 

script discovery

nmap -sP  --script discovery 192.168.56.1/24

 

Scan the UDP port to see if open

nmap -sU -pU:53 192.168.56.102

 

More Scan Examples

scans the source root directory for vunerabilities

nikto -h 192.168.56.102 

 

nikto -h http://192.168.56.102/mutillidae

Try all the directories to see if any can be traversed

dotdotpwn -m http-url -u http://192.168.56.102/dvwa/TRAVERSAL -k "passwd"

 

Damm Vuneralbe Web Application

192.168.56.102/dvwa 

admin/password

Click on security button to decrease the security level

 

theharvester you need to add the api_key to hunter

  1. register on hunter.io
  2. go to the web site: https://hunter.io/api_keys

docker images of honey pots on digital ocean 174.138.60.183

No class Feb 21st