| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
- bash
- docker
- GitLab
- elastic stack
- pfsense
- Kibana server is not ready yet
- XCP-ng
- 보안양파
- Windows
- endpoint security
- miniconda
- G-suite
- Proxy
- Kibana
- centos 8
- hardening
- ssh key 배포
- application security
- xe guest utilities
- PlayBook
- Elasticsearch
- macos
- freebsd
- x-pack
- ELASTIC
- 한글가이드
- 로그인불가
- ansible
- proxycfg
- Today
- Total
선 밖에 선 자유인
Nmap cheat sheet 본문
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
간단히 정리해보면,
|
Nmap Target Selection |
|
|
Scan a single IP |
nmap 192.168.1.1 |
|
Scan a host |
nmap www.testhostname.com |
|
Scan a range of IPs |
nmap 192.168.1.1-20 |
|
Scan a subnet |
nmap 192.168.1.0/24 |
|
Scan targets from a text file |
nmap -iL list-of-ips.txt |
|
|
|
|
Nmap Port Selection |
|
|
Scan a single Port |
nmap -p 22 192.168.1.1 |
|
Scan a range of ports |
nmap -p 1-100 192.168.1.1 |
|
Scan 100 most common ports (Fast) |
nmap -F 192.168.1.1 |
|
Scan all 65535 ports |
nmap -p- 192.168.1.1 |
|
|
|
|
Nmap Port Scan types |
|
|
Scan using TCP connect |
nmap -sT 192.168.1.1 |
|
Scan using TCP SYN scan (default) |
nmap -sS 192.168.1.1 |
|
Scan UDP ports |
nmap -sU -p 123,161,162 192.168.1.1 |
|
Scan selected ports - ignore discovery |
nmap -Pn -F 192.168.1.1 |
|
|
|
|
Service and OS Detection |
|
|
Detect OS and Services |
nmap -A 192.168.1.1 |
|
Standard service detection |
nmap -sV 192.168.1.1 |
|
More aggressive Service Detection |
nmap -sV --version-intensity 5 192.168.1.1 |
|
Lighter banner grabbing detection |
nmap -sV --version-intensity 0 192.168.1.1 |
|
|
|
|
Nmap Output Formats |
|
|
Save default output to file |
nmap -oN outputfile.txt 192.168.1.1 |
|
Save results as XML |
nmap -oX outputfile.xml 192.168.1.1 |
|
Save results in a format for grep |
nmap -oG outputfile.txt 192.168.1.1 |
|
Save in all formats |
nmap -oA outputfile 192.168.1.1 |
|
|
|
|
Digging deeper with NSE Scripts |
|
|
Scan using default safe scripts |
nmap -sV -sC 192.168.1.1 |
|
Get help for a script |
nmap --script-help=ssl-heartbleed |
|
Scan using a specific NSE script |
nmap -sV -p 443 –script=ssl-heartbleed.nse 192.168.1.1 |
|
Scan with a set of scripts |
nmap -sV --script=smb* 192.168.1.1 |
|
|
|
|
A scan to search for DDOS reflection UDP services |
|
|
Scan for UDP DDOS reflectors |
nmap –sU –A –PN –n –pU:19,53,123,161 –script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.1.0/24 |
|
|
|
|
HTTP Service Information |
|
|
Gather page titles from HTTP services |
nmap --script=http-title 192.168.1.0/24 |
|
Get HTTP headers of web services |
nmap --script=http-headers 192.168.1.0/24 |
|
Find web apps from known paths |
nmap --script=http-enum 192.168.1.0/24 |
|
|
|
|
Detect Heartbleed SSL Vulnerability |
|
|
Heartbleed Testing |
nmap -sV -p 443 --script=ssl-heartbleed 192.168.1.0/24 |
|
|
|
|
IP Address information |
|
|
Find Information about IP address |
nmap --script=asn-query,whois,ip-geolocation-maxmind 192.168.1.0/24 |