Nmap Notes

Logging Nmap

Ping only

  • nmap -sn <hosts>

Lists of hosts

-iL list.txt


’Note: this does not display vulnerability info’’

-oG - (or file name)

Grep display IP only

<nmap command> -oG - | grep "/open" | awk '{ print $2 }'

Grep vulnerability

Something like this may work:

nmap -sS -sU -p U:137,T:139 --script nbstat --script smb-os-discovery.nse <hosts> | grep -B 10 VULNERABLE


nmap -sV --script ssl-enum-ciphers -p 443 <hosts>

Windows Hostname discovery

nmap -sS -sU -p U:137,T:139 --script nbstat --script smb-os-discovery.nse <hosts>
Nmap scan report for
Host is up (0.19s latency).

139/tcp open  netbios-ssn
137/udp open  netbios-ns

Host script results:
|_nbstat: NetBIOS name: SERVERNAME, NetBIOS user: <unknown>, NetBIOS MAC: 00:01:9e:76:5d:6c (VENDOR)
| smb-os-discovery: 
|   OS: Windows Server 2003 R2 3790 Service Pack 2 (Windows Server 2003 R2 5.2)
|   OS CPE: cpe:/o:microsoft:windows_server_2003::sp2
|   Computer name: servername
|   NetBIOS computer name: SERVERNAME\x00
|   Domain name: domain
|   Forest name: domain
|   FQDN: servername.domain
|_  System time: 2017-06-15T17:09:37-05:00

Up next Bash Notes I tried out zsh, but it had too many buggy display bits for my tastes. likely the stuff I was using in conjunction. So I’ve stuck with bash and vim notes Nearly all commands are in normal (not INSERT) mode. My vimrc file is here This is a super handy feature. Basically you can press q then any key, to
Latest posts Recommended Tech 2022 Proxmox Notes Meow Wolf Financial Notes Cast a URL to a Chromecast Email List System Design Cards About Music, Finding the good stuff. Zines shirt designs Now Learning Graphical Design Python Notes Deploy to a Remote Docker registry DMented 'zine for DM's and Character Sheets for Players Online Security Find Notes Samba Notes Things worth noting My Software Friends Favorites Recommended Tech Elasticsearch Notes Book Notes APRS Notes vim notes Nmap Notes Bash Notes Raspberry PI Zero quickstart Ubuntu 16.04 or 18.04