|||

Nmap Notes

Logging Nmap

Ping only

  • nmap -sn <hosts>

Lists of hosts

-iL list.txt

Grep-able

’Note: this does not display vulnerability info’’

-oG - (or file name)

Grep display IP only

<nmap command> -oG - | grep "/open" | awk '{ print $2 }'

Grep vulnerability

Something like this may work:

nmap -sS -sU -p U:137,T:139 --script nbstat --script smb-os-discovery.nse <hosts> | grep -B 10 VULNERABLE

Scripts

nmap -sV --script ssl-enum-ciphers -p 443 <hosts>

Windows Hostname discovery

nmap -sS -sU -p U:137,T:139 --script nbstat --script smb-os-discovery.nse <hosts>
Nmap scan report for 192.168.1.2
Host is up (0.19s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
137/udp open  netbios-ns

Host script results:
|_nbstat: NetBIOS name: SERVERNAME, NetBIOS user: <unknown>, NetBIOS MAC: 00:01:9e:76:5d:6c (VENDOR)
| smb-os-discovery: 
|   OS: Windows Server 2003 R2 3790 Service Pack 2 (Windows Server 2003 R2 5.2)
|   OS CPE: cpe:/o:microsoft:windows_server_2003::sp2
|   Computer name: servername
|   NetBIOS computer name: SERVERNAME\x00
|   Domain name: domain
|   Forest name: domain
|   FQDN: servername.domain
|_  System time: 2017-06-15T17:09:37-05:00

Up next 4runner Notes vim notes Nearly all commands are in normal (not INSERT) mode. My vimrc file is here This is a super handy feature. Basically you can press q then any key, to
Latest posts Learning Graphical Design Python Notes Deploy to a Remote Docker registry DMented 'zine for DM's and Character Sheets for Players Online Security Now Find Notes Kawasaki Vulcan S 650 Notes Honda Rebel 300 Notes Samba Notes Things worth noting My Software Friends Favorites Recommended Tech Elasticsearch Notes Book Notes APRS Notes vim notes Nmap Notes 4runner Notes Bash Notes Raspberry PI Zero quickstart Notes on Van Life Ubuntu 16.04 or 18.04 Installing Dropbox on Arch Linux Arch Linux Notes About Knives, Mainly Sharpening ENS Environment Notification System