:::: MENU ::::

Monthly Archives / November 2014

  • Nov 24 / 2014
  • 0

NMap main command-lines

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Standard scan with OS/Version discovery using SYN messages (option -n implies DNS resolution)

nmap -A -sS [host]
nmap -A -sS -n [host]

Scan without usual active hosts discovery

nmap -A -PN [host]

Scan of all opened UDP ports on host

nmap -A -sU [host]

Specify ports you want to scan (UDP and/or TCP)

nmap -pU:53,137,T:21-25,80,8080 [host]

Check if an host is existing on network

nmap -sP [host]

Scan an entire IP range

nmap -A 192.168.0-255

Usurp source IP address. Here, we are scanning [host] through eth1 interface using ip from port 443

nmap -S -g 443 -e eth1 -P0 [host]

Usurp MAC address

nmap --spoof-mac 00:01:02:03:04:05 [host]
nmap --spoof-mac Cisco [host]

Trace  packets and data you just sent/received (can be used when you are using usurpation)

nmap --packet-trace -S192.168.0.1 -eth1 [host]

Choose an output file for getting results

nmap -oN results [host]
nmap -oX results.xml [host]

For each of previous commands, you can use:

  • -v to get a verbose mode
  • -T[0-5] to define an “aggressivity” profile for the scan (usually, T4 is used)

More information on official website : http://www.nmap.org

  • Nov 18 / 2014
  • 0

Find main DNS servers for a given domain name

It can be useful to find the main DNS servers for a domain name and see if you can query it directly to ensure the value you got from your DNS server is the most recent. For this, you can simply use nslookup tools, which is available by default on either most Unix distributions and also on Windows.

~$ nslookup
> set querytype=soa
> python.org

Non-authoritative answer:
	origin = ns1.p11.dynect.net
	mail addr = infrastructure-staff.python.org
	serial = 2014110501
	refresh = 3600
	retry = 600
	expire = 604800
	minimum = 3600

Authoritative answers can be found from:
python.org	nameserver = ns2.p11.dynect.net.
python.org	nameserver = ns4.p11.dynect.net.
python.org	nameserver = ns1.p11.dynect.net.
python.org	nameserver = ns3.p11.dynect.net.
ns1.p11.dynect.net	internet address =
ns2.p11.dynect.net	internet address =
ns3.p11.dynect.net	internet address =
ns4.p11.dynect.net	internet address =

Here you can see you got the main NS servers for the domain name “python.org” with the IP addresses associated for each NS.

Question ? Contact