Tuesday, December 12, 2017

Friday, December 01, 2017

Three #IoT apps that are changing how we work and play

Another nmap cheat list

Nmap Target Selection
Scan a single IP
Scan a host
Scan a range of IPs
Scan a subnet
Scan targets from a text file
nmap -iL list-of-ips.txt
These scans will scan 1000 TCP ports. Host discovery is the main objective.
Nmap Port Selection
Scan a single Port
nmap -p 22
Scan a range of ports
nmap -p 1-100
Scan 100 most common ports (Fast)
nmap -F
Scan all 65535 ports
nmap -p-
Nmap Port Scan types
Scan using TCP connect
nmap -sT
Scan using TCP SYN scan (default)
nmap -sS
Scan UDP ports
nmap -sU -p 123,161,162
Scan selected ports - ignore discovery
nmap -Pn -F
Ignoring discovery is used to bypass firewalls or hosts that does not respond to PING, but might increase the scan time as non existing hosts are also tried.
Scan for UDP DDOS reflectors
nmap –sU –A –PN –n –pU:19,53,123,161 –script=ntp-monlist,dns-recursion,snmp-sysdescr

Service and OS Detection
Detect OS and Services
nmap -A
Standard service detection
nmap -sV
More aggressive Service Detection
nmap -sV --version-intensity 5
Lighter banner grabbing detection
nmap -sV --version-intensity 0

Nmap Output Formats
Save default output to file
nmap -oN outputfile.txt
Save results as XML
nmap -oX outputfile.xml
Save results in a format for grep
nmap -oG outputfile.txt
Save in all formats
nmap -oA outputfile

Digging deeper with NSE Scripts
Scan using default safe scripts
nmap -sV -sC
Get help for a script
nmap --script-help=ssl-heartbleed
Scan using a specific NSE script
nmap -sV -p 443 –script=ssl-heartbleed.nse
Scan with a set of scripts
nmap -sV --script=smb*

Heartbleed Testing
nmap -sV -p 443 --script=ssl-heartbleed

To search for installed scripts         locate nse | grep script.

HTTP Service Information
Gather page titles from HTTP services
nmap --script=http-title
Get HTTP headers of web services
nmap --script=http-headers
Find web apps from known paths
nmap --script=http-enum

IP Address information
Find Information about IP address
nmap --script=asn-query,whois,ip-geolocation-maxmind

Just a bookmark for handy nmap commands