Nmap Scan

Initial system scan with nmap

  1. sudo nmap -p- --min-rate 10000 -oN nmap/minrate $IP

    • Quick scan for all ports (might miss some ports)

    • To get comma separated list of only ports to use in next commands

      • cat nmap/minrate | grep open | awk -F/ '{print $1}' ORS=','; echo

  2. sudo nmap -p -sC -sV -oN nmap/scriptscan $IP

    • Take all the ports from first scan and run this scan on them

  3. sudo nmap -p- -oN nmap/norate $IP

    • Another long scan just to make sure no ports were missed

    • If this found more ports, rerun the scriptscan

  4. Maybe run a -Pn scan to ping ips that won’t respond

  5. Then sudo nmap -sU -oN nmap/udp $IP in the background since it takes long

    • Nmap UDP scan

Nmap scans on an entire subnet is also possible by adding the /subnet after the ip (192.168.0.0/24)

PreviousRecon & ScanningNextServices

Last updated