Nmap Notes

Logging Nmap

Ping only

  • nmap -sn <hosts>

Lists of hosts

-iL list.txt


’Note: this does not display vulnerability info’’

-oG - (or file name)

Grep display IP only

<nmap command> -oG - | grep "/open" | awk '{ print $2 }'

Grep vulnerability

Something like this may work:

nmap -sS -sU -p U:137,T:139 --script nbstat --script smb-os-discovery.nse <hosts> | grep -B 10 VULNERABLE


nmap -sV --script ssl-enum-ciphers -p 443 <hosts>

Windows Hostname discovery

nmap -sS -sU -p U:137,T:139 --script nbstat --script smb-os-discovery.nse <hosts>
Nmap scan report for
Host is up (0.19s latency).

139/tcp open  netbios-ssn
137/udp open  netbios-ns

Host script results:
|_nbstat: NetBIOS name: SERVERNAME, NetBIOS user: <unknown>, NetBIOS MAC: 00:01:9e:76:5d:6c (VENDOR)
| smb-os-discovery: 
|   OS: Windows Server 2003 R2 3790 Service Pack 2 (Windows Server 2003 R2 5.2)
|   OS CPE: cpe:/o:microsoft:windows_server_2003::sp2
|   Computer name: servername
|   NetBIOS computer name: SERVERNAME\x00
|   Domain name: domain
|   Forest name: domain
|   FQDN: servername.domain
|_  System time: 2017-06-15T17:09:37-05:00

Up next 4runner Notes vim notes Nearly all commands are in normal (not INSERT) mode. My vimrc file is here This is a super handy feature. Basically you can press q then any key, to
Latest posts Welding Notes Cast a URL to a Chromecast Email List System Design Cards About Music, Finding the good stuff. “Richie Pan’s America” Font Airflow Notes shirt designs Now Learning Graphical Design Python Notes Deploy to a Remote Docker registry DMented 'zine for DM's and Character Sheets for Players Online Security Find Notes Kawasaki Vulcan S 650 Notes Honda Rebel 300 Notes Samba Notes Things worth noting My Software Friends Favorites Recommended Tech Elasticsearch Notes Book Notes APRS Notes vim notes Nmap Notes 4runner Notes Bash Notes Raspberry PI Zero quickstart