Network Mapper is a utility for network discovery and security auditing.
nmap -sV -sC -A -p- T4 -v [IP_ADDRESS]
nmap -sV -n -v -Pn -p- -T4 [IP_ADDRESS]
nmap -sV –script vuln -v [IP_ADDRESS]
<aside>
đź’ˇ Nmap defaults:
- Runs ****at a T3 level (3 - Normal)
- Unprivileged scan performs TCP scans
- Privileged scan performs stealth scan
- Scans top 1000 ports
- Pings the target first before the port scan by default. But if the target have a firewall, maybe the scan will be blocked. To avoid this, you can use -Pn to disable ping. (If you’re in LAN and you need to disable ARP ping, use: –disable-arp-ping)
</aside>
<aside>
💡 It is advisable to use root privileges while scanning the network for more accurate information.
</aside>
<aside>
đź’ˇ Add -Pn if ICMP probe request are blocked. -Pn basically says that treat all hosts as alive and no need to ping them (skips host discovery)
</aside>
- Basic
- Host Discovery
- Target Selection
- Port Selection
- Port Scan Types or Scan Techniques
- Service Version and OS Enumeration
- Scan Performance and Timing
- Firewall Detection - ACK Probing
- Firewall Evasion
- Nmap Scripting Engine (NSE)
- Output Formats
- Verbosity
- Enumeration
Vulnerability Scanning
sudo nmap -sV -p 21-8080 –script vulners 192.168.1.1