{"id":162282,"date":"2022-10-31T11:15:40","date_gmt":"2022-10-31T05:45:40","guid":{"rendered":"https:\/\/www.jigsawacademy.com\/?p=162282"},"modified":"2022-11-15T18:53:32","modified_gmt":"2022-11-15T13:23:32","slug":"blogs-cyber-security-nmap-commands","status":"publish","type":"post","link":"https:\/\/www.jigsawacademy.com\/blogs\/cyber-security\/nmap-commands\/","title":{"rendered":"Nmap Commands (With Examples) You Must Master In 2022"},"content":{"rendered":"\r\n<h2><strong>Introduction<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The current world is like a technical frontier where gadgets and technologies control, process, and perform everything. The introduction of networks has given rise to networking administrators whose most important job is executing Nmap commands or mapping and port scanning. With such a massive number of monitoring tools already available in the market, Nmap is still an industry-standard preferred by many experts.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>IT managers, administrators, and security professionals: every one of them faces a never-ending battle with network traffic. They have to constantly check their networks, figure out if there are any vulnerabilities or junk, and eradicate them from the system. It is their duty to use various Nmap commands for vulnerability scanning and eliminate lurking threats. The usability and versatility offered by Nmap are incomparable to the various other technologies available in the market. Nmap is a widely and extensively used software for enumeration and detection scans.<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-03.webp\" alt=\"Desktop Banner\" title=\"\">\u00a0<\/a><\/p>\r\n<!-- New Code Ends -->\r\n<p><strong>Table of Contents<\/strong><\/p>\r\n\r\n\r\n\r\n<ol>\r\n<li><strong><a class=\"rank-math-link\" href=\"#What-Is-a-Nmap-Command\">What Is a Nmap Command?<\/a><\/strong><\/li>\r\n<li><strong><a class=\"rank-math-link\" href=\"#Nmap-Command-in-Linux\">Nmap Command in Linux<\/a><\/strong><\/li>\r\n<li><strong><a class=\"rank-math-link\" href=\"#Nmap-Commands-for-System-Administrators-With-Examples\">Nmap Commands for System Administrators With Examples<\/a><\/strong><\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<h2 id=\"What-Is-a-Nmap-Command\" class=\"has-vivid-cyan-blue-color has-text-color\">1) <strong>What Is a Nmap Command?<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Before we try and explore the various Nmap commands, we should get acquainted with the term first. It is an open-source monitoring tool that can help scan and discover networks and network problems respectively.<\/p>\r\n\r\n\r\n\r\n<h2 id=\"Nmap-Command-in-Linux\" class=\"has-vivid-cyan-blue-color has-text-color\">2) <strong>Nmap Command in Linux<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Linux is an integral part of the designing and digital world; many coders still use this platform to perform various tasks. Some Nmap commands can make operations easier on this platform. Here is the Nmap command in Linux that can help you in installation.<\/p>\r\n<ul>\r\n<li>CentOS\/Fedora: sudo dnf install nmap<\/li>\r\n<li>Ubuntu\/Debian: sudo apt-get install nmap<\/li>\r\n<\/ul>\r\n<p>\r\n\r\n<\/p>\r\n<p>The Nmap commands for Windows are slightly different, but they are not as complex as this one because of the automated downloader that helps install Nmap within seconds.\u00a0<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\" https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-02.webp\" alt=\"Desktop Banner\" title=\"\">\u00a0<\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n<h2 id=\"Nmap-Commands-for-System-Administrators-With-Examples\" class=\"has-vivid-cyan-blue-color has-text-color\">3) <strong>Nmap Commands for System Administrators With Examples<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>We have established an understanding of what Nmap is and how we can use it. Here are some basic Nmap commands that administrators can use to their advantage.\u00a0<\/p>\r\n\r\n\r\n\r\n<h2><strong>1. Nmap Port Scan Command<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>If you wish to scan a port or even an entire port range on remote or local servers, you will have to execute the Nmap port scan command. Here is what the Nmap port scan command will be:<\/p>\r\n\r\n\r\n\r\n<p>nmap -p 1-65535 localhost<\/p>\r\n\r\n\r\n\r\n<p>Now, in this example, you scanned 65535 ports on the local host computer. You can change the values according to your need, and the number of ports getting scanned will also change completely. Nmap command to scan all ports can also help execute the process better and in an easy way.<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-03.webp\" alt=\"Desktop Banner\" title=\"\">\u00a0<\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n<h2><strong>2. Nmap Scan Against Host and Ip Address<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>While this is included in the Nmap basic commands, the scan against the host or IP address can come in handy. The command that can help in executing this process is:<\/p>\r\n\r\n\r\n\r\n<p>nmap 1.1.1.1<\/p>\r\n\r\n\r\n\r\n<p>The above example is for the host&#8217;s IP address, but you just have to replace the address with the name when you scan the hostname.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>For e.g.,\u00a0<\/p>\r\n\r\n\r\n\r\n<p>nmap cloudflare.com<\/p>\r\n\r\n\r\n\r\n<h2><strong>3. Ping Scan Using Nma<\/strong><strong>p<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The Nmap command list is vast and extensive. Several examples can be listed, but if you wish to ping scan using Nmap, here is what you need to do:\u00a0<\/p>\r\n\r\n\r\n\r\n<p>nmap -sp 192.168.5.0\/24<\/p>\r\n\r\n\r\n\r\n<p>This is probably one of the most used and popular Nmap commands to help host detection on any network.\u00a0<\/p>\r\n\r\n\r\n\r\n<h2><strong>4. Multiple Ip Address Scan<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The list of Nmap commands also includes the IP address scanner. If you wish to scan one IP address, follow the code given in point number 2, but if you have multiple IP addresses to scan, you need to follow the steps listed below.\u00a0<\/p>\r\n<p>nmap 1.1.1.1 8.8.8.8<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>This syntax will help in scanning multiple addresses. You do have other syntaxes for consecutive IP addresses.<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\" https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-02.webp\" alt=\"Desktop Banner\" title=\"\">\u00a0<\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n<h2><strong>5. Scanning Ip Range<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>A Nmap scan command helps in scanning the entire IP range. This syntax will help in knowing the entire CIDR range of IP addresses. Example:<\/p>\r\n\r\n\r\n\r\n<p>nmap -p 8.8.8.0\/28<\/p>\r\n\r\n\r\n\r\n<p>Like the other syntaxes, you will have to select the random ranges even in IP range scanning. Several syntaxes can help scan alternate IPs in the range, and some others can scan consecutive IPs.\u00a0<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-03.webp\" alt=\"Desktop Banner\" title=\"\"> <img decoding=\"async\" class=\"blog-mob-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-01.webp\" alt=\"Mobile Banner\" title=\"\"><\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n<h2><strong>6. Popular Ports Scanning<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>There is a syntax for everything in Nmap, but you must use the one below for popular port scanning.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>nmap &#8211;top-ports 20 192.168.1.106<\/p>\r\n\r\n\r\n\r\n<p>Using top ports with specific numbers can help the user scan the top &#8216;X\u2019 number of the common ports in the given an example. You can replace the number 20 from the above syntax, and here are the outputs that can be expected.<\/p>\r\n\r\n\r\n\r\n<p>[root@securitytrails:~]nmap &#8211;top-ports 20 localhost<\/p>\r\n\r\n\r\n\r\n<p>Starting Nmap 6.40 ( http:\/\/nmap.org ) at 2018-10-01 10:02 EDT<\/p>\r\n\r\n\r\n\r\n<p>Nmap scan report for localhost (127.0.0.1)<\/p>\r\n\r\n\r\n\r\n<p>Host is up (0.000016s latency).<\/p>\r\n\r\n\r\n\r\n<p>Other addresses for localhost (not scanned): 127.0.0.1<\/p>\r\n\r\n\r\n\r\n<p>PORT \u00a0 \u00a0 STATE\u00a0 \u00a0 SERVICE<\/p>\r\n\r\n\r\n\r\n<p>21\/tcp \u00a0 closed \u00a0 ftp<\/p>\r\n\r\n\r\n\r\n<p>22\/tcp \u00a0 closed \u00a0 ssh<\/p>\r\n\r\n\r\n\r\n<p>23\/tcp \u00a0 closed \u00a0 telnet<\/p>\r\n\r\n\r\n\r\n<p>25\/tcp \u00a0 closed \u00a0 smtp<\/p>\r\n\r\n\r\n\r\n<p>53\/tcp \u00a0 closed \u00a0 domain<\/p>\r\n\r\n\r\n\r\n<p>80\/tcp \u00a0 filtered http<\/p>\r\n\r\n\r\n\r\n<p>110\/tcp\u00a0 closed \u00a0 pop3<\/p>\r\n\r\n\r\n\r\n<p>111\/tcp\u00a0 closed \u00a0 rpcbind<\/p>\r\n\r\n\r\n\r\n<p>135\/tcp\u00a0 closed \u00a0 msrpc<\/p>\r\n\r\n\r\n\r\n<p>139\/tcp\u00a0 closed \u00a0 netbios-ssn<\/p>\r\n\r\n\r\n\r\n<p>143\/tcp\u00a0 closed \u00a0 imap<\/p>\r\n\r\n\r\n\r\n<p>443\/tcp\u00a0 filtered https<\/p>\r\n\r\n\r\n\r\n<p>445\/tcp\u00a0 closed \u00a0 microsoft-ds<\/p>\r\n\r\n\r\n\r\n<p>993\/tcp\u00a0 closed \u00a0 imaps<\/p>\r\n\r\n\r\n\r\n<p>995\/tcp\u00a0 closed \u00a0 pop3s<\/p>\r\n\r\n\r\n\r\n<p>1723\/tcp closed \u00a0 pptp<\/p>\r\n\r\n\r\n\r\n<p>3306\/tcp closed \u00a0 mysql<\/p>\r\n\r\n\r\n\r\n<p>3389\/tcp closed \u00a0 ms-wbt-server<\/p>\r\n\r\n\r\n\r\n<p>5900\/tcp closed \u00a0 vnc<\/p>\r\n\r\n\r\n\r\n<p>8080\/tcp closed \u00a0 http-proxy<\/p>\r\n\r\n\r\n\r\n<h2><strong>7. Scanning Ip Addresses and Scan Host from a Text File<\/strong><\/h2>\r\n<p>Nmap is proficient in scanning; one can use a few syntaxes to read text files. You need to keep the only thing in mind is that it contains IPs and hosts inside. To use this Nmap command, you need first to create a list.txt file and ensure that the file contains this syntax:<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>192.168.1.106<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>cloudflare.com<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>microsoft.com<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>securitytrails.com<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>The iL parameter in the syntax will help you read the file and scan the host simultaneously. The syntax is:<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>nmap -iL list.txt<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\" https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-02.webp\" alt=\"Desktop Banner\" title=\"\"> <img decoding=\"async\" class=\"blog-mob-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-01.webp\" alt=\"Mobile Banner\" title=\"\"><\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n\r\n\r\n<h2><strong>8. Disabling Dns Name Resolution<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>If you have a lot of scans to perform, you will need to speed up your scans. To speed your scans up, you will have to disable the reverse DNS for the scans you do. Make sure to include the \u201c-n\u201d parameter. Here is the syntax that can be used:<\/p>\r\n<p>[root@securitytrails:~]nmap -p 80 -n 8.8.8.8<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-10-01 09:15 -03<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Nmap scan report for 8.8.8.8<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Host is up (0.014s latency).<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>PORT \u00a0 STATE\u00a0 \u00a0 SERVICE<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>80\/tcp filtered http<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>If you want to see the difference between the scan speeds of disabled and enabled DNS resolution, then here it is:\u00a0<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>[root@securitytrails:~]nmap -p 80 8.8.8.8<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-10-01 09:15 -03<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Nmap scan report for google-public-dns-a.google.com (8.8.8.8)<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Host is up (0.014s latency).<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>PORT \u00a0 STATE\u00a0 \u00a0 SERVICE<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>80\/tcp filtered http<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-03.webp\" alt=\"Desktop Banner\" title=\"\"> <img decoding=\"async\" class=\"blog-mob-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-01.webp\" alt=\"Mobile Banner\" title=\"\"><\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n<h2><strong>9. Saving the Result to a File<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Nmap command use has become a crucial part of the coding world. If you want to save the results, here is how you can do it:<\/p>\r\n\r\n\r\n\r\n<p>nmap -oN output.txt securitytrails.com<\/p>\r\n\r\n\r\n\r\n<p>This command will help you export or save the result from a file without reading it.\u00a0<\/p>\r\n\r\n\r\n\r\n<h2><strong>10. Detection of Services<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>From the Nmap full scan command to the Nmap help command, there is something for everything you want. Similarly, the detection of services is also a command that people extensively use. You can easily execute the detecting services by using the -sV parameters. The syntax for the same is:\u00a0<\/p>\r\n\r\n\r\n\r\n<p>nmap -sV localhost<\/p>\r\n\r\n\r\n\r\n<p>A good and expressive example of this syntax is given below:<\/p>\r\n\r\n\r\n\r\n<p>[root@securitytrails:~]nmap -sV localhost<\/p>\r\n\r\n\r\n\r\n<p>Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-10-01 09:28 -03<\/p>\r\n\r\n\r\n\r\n<p>Nmap scan report for localhost (127.0.0.1)<\/p>\r\n\r\n\r\n\r\n<p>Host is up (0.000020s latency).<\/p>\r\n\r\n\r\n\r\n<p>Other addresses for localhost (not scanned): ::1<\/p>\r\n\r\n\r\n\r\n<p>Not shown: 997 closed ports<\/p>\r\n\r\n\r\n\r\n<p>PORT STATE SERVICE VERSION<\/p>\r\n\r\n\r\n\r\n<p>111\/tcp open rpcbind 2-4 (RPC #100000)<\/p>\r\n\r\n\r\n\r\n<p>631\/tcp open ipp CUPS 2.2<\/p>\r\n\r\n\r\n\r\n<p>902\/tcp open ssl\/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)<\/p>\r\n\r\n\r\n\r\n<p>Service detection performed. Please report any incorrect results at https:\/\/nmap.org\/submit\/.<\/p>\r\n\r\n\r\n\r\n<p>Nmap done: 1 IP address (1 host up) scanned in 7.96 seconds.<\/p>\r\n\r\n\r\n\r\n<p>You can use this code as a Nmap os detection command.<\/p>\r\n\r\n\r\n\r\n<h2><strong>11. Scanning Using Udp and Tcp<\/strong><\/h2>\r\n<p>One of the best things is the Nmap command to check open ports, and the second-best thing about Nmap is its power to work with TCP and UDP without any hiccups. Several services are limited to just TCP, but people understand the advantage of scanning UDP-based services. Here are examples of both these services that are allowed by Nmap.<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>The output you get when you scan using standard TCP:<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>[root@securitytrails:~]nmap -sT 192.168.1.1<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-10-01 09:33 -03<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Nmap scan report for 192.168.1.1<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Host is up (0.58s latency).<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Not shown: 995 closed ports<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>PORT STATE SERVICE<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>80\/tcp open http<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>1900\/tcp open upnp<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>20005\/tcp open btx<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>49152\/tcp open unknown<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>49153\/tcp open unknown<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds.<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Now, when you do the same process using UDP:<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>[root@securitytrails:~]nmap -sU localhost<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-10-01 09:37 -03<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Nmap scan report for localhost (127.0.0.1)<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Host is up (0.000021s latency).<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Other addresses for localhost (not scanned): ::1<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>Not shown: 997 closed ports<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>PORT STATE SERVICE<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>68\/udp open|filtered dhcpc<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>111\/udp open rpcbind<\/p>\r\n<p>\r\n\r\n<\/p>\r\n<p>5353\/udp open|filtered zeroconf<\/p>\r\n<!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\" https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-02.webp\" alt=\"Desktop Banner\" title=\"\"> <img decoding=\"async\" class=\"blog-mob-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-01.webp\" alt=\"Mobile Banner\" title=\"\"><\/a><a class=\"all-link\">\u00a0<\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n\r\n\r\n<!-- New Code Start -->\r\n<h2><strong>12. Using Nmap for Cve Detection<\/strong><\/h2>\r\n<p><!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph --><\/p>\r\n<p>Many system administrators are unaware of this feature offered by Nmap &#8212; detection of CVE. It is one of the best features that is under-utilized by people. There is a predefined script present in the command in Nmap that allows users to execute this process. One can use these predefined scripts or own their Lua programming language to derive a specific functionality that can help in CVE detection. Listed below is the command that you need to use:<\/p>\r\n<!-- New Code Ends -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>nmap -Pn &#8211;script vuln 192.168.1.105<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>The best example to understand the command is listed below:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>[root@securitytrails:~]nmap -Pn &#8211;script vuln 192.168.1.105<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-10-01 09:46 -03<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Pre-scan script results:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| broadcast-avahi-dos:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| Discovered hosts:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| 224.0.0.251<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| After NULL UDP avahi packet DoS (CVE-2011-1002).<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|_ Hosts are all up (not vulnerable).<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Nmap scan report for 192.168.1.105<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Host is up (0.00032s latency).<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Not shown: 995 closed ports<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>PORT STATE SERVICE<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>80\/tcp open http<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|_http-csrf: Couldn&#8217;t find any CSRF vulnerabilities.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|_http-dombased-xss: Couldn&#8217;t find any DOM based XSS.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| http-slowloris-check:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| VULNERABLE:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| Slowloris DOS attack<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| State: LIKELY VULNERABLE<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| IDs: CVE:CVE-2007-6750<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| Slowloris tries to keep many connections to the target <a href=\"https:\/\/www.jigsawacademy.com\/blogs\/cyber-security\/what-is-a-web-server\/\">web server<\/a> open and hold<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| them open as long as possible. It accomplishes this by opening connections to<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| the target web server and sending a partial request. By doing so, it starves<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| the http server&#8217;s resources causing Denial Of Service.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| Disclosure date: 2009-09-17<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| References:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>| http:\/\/ha.ckers.org\/slowloris\/<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|_ https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2007-6750<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|_http-stored-xss: Couldn&#8217;t find any stored XSS vulnerabilities.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>1900\/tcp open upnp<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>20005\/tcp open btx<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>49152\/tcp open unknown<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>49153\/tcp open unknown<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:heading -->\r\n<h2><strong>13. How to Launch Dos With Nmap<\/strong><\/h2>\r\n<p>One thing that Nmap will never have a shortage of is the number of features. From Nmap commands cheat sheet to termux Nmap commands, there are several features on all the platforms available on Nmap. Apart from every other command that is executed on Nmap, you get a chance to launch DOS files on this platform. This can be done against network testing.\u00a0<\/p>\r\n<p><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/p>\r\n<p>The command that you will have to follow to get this done is:<\/p>\r\n<p><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/p>\r\n<p>nmap 192.168.1.105 -max-parallelism 800 -Pn &#8211;script http-slowloris &#8211;script-args http-slowloris.runforever=true<\/p>\r\n<!-- \/wp:heading --><!-- New Code Start -->\r\n<p><a class=\"all-link\"><img decoding=\"async\" class=\"blog-desk-banner\" src=\" https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-02.webp\" alt=\"Desktop Banner\" title=\"\"> <img decoding=\"async\" class=\"blog-mob-banner\" src=\"https:\/\/www.jigsawacademy.com\/wp-content\/uploads\/2022\/06\/CS-01.webp\" alt=\"Mobile Banner\" title=\"\"><\/a><\/p>\r\n<!-- New Code Ends -->\r\n\r\n<!-- wp:paragraph --><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:heading -->\r\n<h2><strong>14. Brute Force Attacks Launching<\/strong><\/h2>\r\n<!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>You can also use Nmap to launch a brute-force attack. Its command is different on different browsers.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>To do this process on WordPress, you will have to use the command:\u00a0<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>nmap -sV &#8211;script http-wordpress-brute &#8211;script-args &#8216;userdb=users.txt,passdb=passwds.txt,http-wordpress-brute.hostname=domain.com, http-wordpress-brute.threads=3,brute.firstonly=true&#8217; 192.168.1.105<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Brute force attack against MS-SQL:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>nmap -p 1433 &#8211;script ms-sql-brute &#8211;script-args userdb=customuser.txt,passdb=custompass.txt 192.168.1.105<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Brute force attack against FTP:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>nmap &#8211;script ftp-brute -p 21 192.168.1.105<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:heading -->\r\n<h2><strong>15. Remote Host Malware Infection Detection<\/strong><\/h2>\r\n<!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>Nmap commands in kali Linux, Nmap commands in termux, or even Nmap commands for vulnerability scanning are essential for system administrators, but detecting remote host malware is more critical.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>You can simply use the Google malware checker by the command:<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>nmap -p80 &#8211;script http-google-malware infectedsite.com<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:heading -->\r\n<h2><strong>Conclusion<\/strong><\/h2>\r\n<!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>There are various ways you can improve your Nmap using capabilities. These commands and examples can help you to understand and explore the Nmap monitoring tool. Have a look at the entire blog keeping in mind the commands that are useful for your systems. There are some specific sets of commands for every platform and UI, but on the flip side, several of them are common and can be used in all of them.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph -->\r\n<p>So, have you made up your mind to make a career in Cyber Security? Visit our <strong><a href=\"https:\/\/www.jigsawacademy.com\/program\/postgraduate-certificate-program-in-cybersecurity\/\">Postgraduate Certificate Program in Cybersecurity<\/a>\u00a0<\/strong>to check out your best option for kickstarting a successful career in Cybersecurity.<\/p>\r\n<!-- \/wp:paragraph -->\r\n\r\n<!-- wp:heading -->\r\n<h2><strong>ALSO READ,<\/strong><\/h2>\r\n<!-- \/wp:heading -->\r\n\r\n<!-- wp:list -->\r\n<ul>\r\n<li><a class=\"rank-math-link\" href=\"https:\/\/www.jigsawacademy.com\/blogs\/cyber-security\/ethical-hacking\/\"><strong>Ethical Hacking: A Comprehensive Guide In 2020<\/strong><\/a><\/li>\r\n<\/ul>\r\n<!-- \/wp:list -->","protected":false},"excerpt":{"rendered":"<p>Introduction The current world is like a technical frontier where gadgets and technologies control, process, and perform everything. The introduction of networks has given rise to networking administrators whose most important job is executing Nmap commands or mapping and port scanning. With such a massive number of monitoring tools already available in the market, Nmap [&hellip;]<\/p>\n","protected":false},"author":2640,"featured_media":162130,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1496,673],"tags":[3588,3589,9490,9491,3585,3587,9489,3586],"form":[10312],"acf":[],"_links":{"self":[{"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/posts\/162282"}],"collection":[{"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/users\/2640"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/comments?post=162282"}],"version-history":[{"count":8,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/posts\/162282\/revisions"}],"predecessor-version":[{"id":257646,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/posts\/162282\/revisions\/257646"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/media\/162130"}],"wp:attachment":[{"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/media?parent=162282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/categories?post=162282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/tags?post=162282"},{"taxonomy":"form","embeddable":true,"href":"https:\/\/www.jigsawacademy.com\/wp-json\/wp\/v2\/form?post=162282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}