NMAP port scanning
Show open services: nmap -sV <ip>
# nmap -sV 192.168.1.1-254
or
nmap -open <ip> # show all open ports
- TCP SYN see that the host is up and port is open, Quick half-open scan
- nmap -sS -p80 192.168.56.102
- XMAS scan - Sets bits for xmas, Sets the FIN, PSH, and URG flags, work for Unix, not windows cisco
- nmap -sX -p80 192.168.56.102
- FIN scan - Sets just the TCP FIN bit.
- nmap -sF -p80 192.168.56.102
- NULL scan - Does not set any bits (TCP flag header is 0)
- nmap -sN -p80 192.168.56.102
- TCP ACK scan - used to map out firewall rulesets, determining which ports are filtered.
- nmap -sA -p80 192.168.56.102
- Version
- nmap -sV --version-intensity 2 192.168.56.102
- TCP connect - use this instead of TCP SYN if you don't have raw packet privileges
- nmap -sT -p80 192.168.56.102
- UDP scan DNS 53, SNMP 161/162, and DHCP 67/68are three of the most common
- nmap -sU -p53 192.168.56.102
You can tell if the port is open
nmap -O 192.168.56.102
See the services that are running
nmap -sV -p80 10.0.2.15
Turn on aggressive
nmap -A -p80 10.0.2.15
Turn up the intensity
nmap -sV --version-intensity 9 10.0.2.15
search for open ports
nmap -O 192.168.56.102
This will give you the CVE (Common Vulnerabilities and Exposures) search metasploit by cve
nmap -sV --script vuln -p80 192.168.56.102
script discovery
nmap -sP --script discovery 192.168.56.1/24
Scan the UDP port to see if open
nmap -sU -pU:53 192.168.56.102
More Scan Examples
scans the source root directory for vunerabilities
nikto -h 192.168.56.102
nikto -h http://192.168.56.102/mutillidae
Try all the directories to see if any can be traversed
dotdotpwn -m http-url -u http://192.168.56.102/dvwa/TRAVERSAL -k "passwd"
Damm Vuneralbe Web Application
192.168.56.102/dvwa
admin/password
Click on security button to decrease the security level
theharvester you need to add the api_key to hunter
- register on hunter.io
- go to the web site: https://hunter.io/api_keys
docker images of honey pots on digital ocean 174.138.60.183
No class Feb 21st