Nmap Scan

Initial system scan with nmap

sudo nmap -p- --min-rate 10000 -oN nmap/minrate $IP
- Quick scan for all ports (might miss some ports)
- To get comma separated list of only ports to use in next commands
  - cat nmap/minrate | grep open | awk -F/ '{print $1}' ORS=','; echo
sudo nmap -p -sC -sV -oN nmap/scriptscan $IP
- Take all the ports from first scan and run this scan on them
sudo nmap -p- -oN nmap/norate $IP
- Another long scan just to make sure no ports were missed
- If this found more ports, rerun the scriptscan
Maybe run a -Pn scan to ping ips that won’t respond
Then sudo nmap -sU -oN nmap/udp $IP in the background since it takes long
- Nmap UDP scan

Nmap scans on an entire subnet is also possible by adding the /subnet after the ip (192.168.0.0/24)

Last updated 2 years ago

Initial system scan with nmap

sudo nmap -p- --min-rate 10000 -oN nmap/minrate $IP
- Quick scan for all ports (might miss some ports)
- To get comma separated list of only ports to use in next commands
  - cat nmap/minrate | grep open | awk -F/ '{print $1}' ORS=','; echo
sudo nmap -p -sC -sV -oN nmap/scriptscan $IP
- Take all the ports from first scan and run this scan on them
sudo nmap -p- -oN nmap/norate $IP
- Another long scan just to make sure no ports were missed
- If this found more ports, rerun the scriptscan
Maybe run a -Pn scan to ping ips that won’t respond
Then sudo nmap -sU -oN nmap/udp $IP in the background since it takes long
- Nmap UDP scan

Nmap scans on an entire subnet is also possible by adding the /subnet after the ip (192.168.0.0/24)

Last updated 2 years ago