30 Nmap Examples

11

This instructional presentations 30 Nmap utilization examples, associated with topics which have been defined in earlier articles revealed at Linux Hint.

Examples come with from host discovery to vulnerability audit, community diagnostics and extra. Most of them had been produced in actual or simulated eventualities making them actual treasured for community directors or scholars.

Implementing the examples described on this instructional is beautiful easy, as operating a command.

All topics lined on this article come with:

NOTE: Last replace of this instructional used to be in October 2021.

Ping Sweep with Nmap

Ping sweep is a method used to find reside hosts inside of a community or vary.

Nmap ping sweep examples had been deeply defined at Nmap ping sweep.

To execute ping sweep the usage of Nmap, you want to put in force the -sP or -sn choices, which instruct Nmap to steer clear of port scan after discovery.

In the next instance, a wildcard is carried out to instruct Nmap to find all on-line C magnificence community hosts or gadgets.

In the former instance, Nmap best confirms the host is alive with out scanning the objective. The reverse will be the -Pn possibility, which instructs Nmap to start out the scan with out checking if the host is alive.

30 nmap examples 30 Nmap Examples 1635831886 87 30 Nmap Examples

At the tip, it’ll print the full choice of reside hosts as proven within the screenshot under.

30 nmap examples 30 Nmap Examples 1635831886 367 30 Nmap Examples

As you’ll be able to see, from 239 scanned addresses, 10 had been on-line gadgets.

Defining Ports with Nmap Using the -p Flag

Defining a port to scan with Nmap is beautiful simple, simply upload the flag -p adopted through the port, or ports separated through commas as proven within the screenshot under.

nmap -p 80,22,139,21,23 192.168.0.*

30 nmap examples 30 Nmap Examples 1635831887 153 30 Nmap Examples

In the next instance the port vary is outlined with a hyphen to scan Linux Hint port vary from 22 to 80:

nmap -p 2280 linuxhint.com

30 nmap examples 30 Nmap Examples 1635831887 922 30 Nmap Examples

The following instance presentations Nmap scanning two other port levels separated through commas.

nmap -p 2080,100600 192.168.0.3-14

30 nmap examples 30 Nmap Examples 1635831888 420 30 Nmap Examples

There are some ways to specify ports to scan the usage of Nmap. We have revealed an educational appearing alternative ways to scan all ports the usage of Nmap. One of those the way to scan all ports on a goal calls for the implementation of the -p- possibility as proven within the following instance.

30 nmap examples 30 Nmap Examples 1635831888 909 30 Nmap Examples

The ultimate instance of this segment presentations an ARP scan performed thru Nping, a part of the Nmap suite, which inherited Nmap flags to customise ARP scans.

nping –arp-type ARP 192.168.1.100-104

30 nmap examples 30 Nmap Examples 1635831889 435 30 Nmap Examples

As you notice, Nping identifies each and every IP with the right kind MAC cope with.

Nmap FIN Scan Example

The subsequent instance is an competitive FIN scan in opposition to a port vary.

nmap -sF -T4 192.168.0.3-14

30 nmap examples 30 Nmap Examples 1635831890 920 30 Nmap Examples

This is an instance of an insane FIN scan in opposition to a unmarried tool:

30 nmap examples 30 Nmap Examples 1635831890 204 30 Nmap Examples

To finish FIN scan examples, let’s do a much less competitive scan in opposition to a metasploit digital tool.

nmap -sF -T2 192.168.56.1

30 nmap examples 30 Nmap Examples 1635831890 409 30 Nmap Examples

Nmap NULL Scan Example

The following instance presentations a NULL scan in opposition to linuxhint.com port 80. Remember Nmap NULL, Xmas and FIN scans can’t distinguish between open and filtered ports, in lots of eventualities.

sudo nmap -v -sN -p 80 linuxhint.com

30 nmap examples 30 Nmap Examples 1635831891 198 30 Nmap Examples

Now, let’s check out an insane scan in opposition to a router.

nmap -sN -T5 192.168.56.1

30 nmap examples 30 Nmap Examples 1635831891 21 30 Nmap Examples

Usually NULL, Xmas and FIN scans can’t distinguish between filtered and open ports when the port is open, the following instance contains the -sV technique to lend a hand it distinguish, however including this selection leads to a much less stealthy scan:

nmap -sN -T2 -sV -p80,22,21,139  192.168.56.1

30 nmap examples 30 Nmap Examples 1635831892 403 30 Nmap Examples

Nmap Xmas Scan Example

The Xmas scan with Nmap used to be deeply defined on this article.

Below, you’ll be able to see an instance of an competitive Xmas scan in opposition to the objective 192.168.56.1.

nmap -sX -T4 192.168.56.1

30 nmap examples 30 Nmap Examples 1635831892 317 30 Nmap Examples

Now, a much less competitive Xmas scan in opposition to port 80 and 22.

nmap -sX -T2 -p80,22 192.168.0.3

30 nmap examples 30 Nmap Examples 1635831892 838 30 Nmap Examples

The following instance is very similar to the above, however contains stage 2 verbosity:

nmap -sX -T2 -v2  -p80,22 192.168.0.3

30 nmap examples 30 Nmap Examples 1635831893 99 30 Nmap Examples

As you’ll be able to see, the remaining output unearths more information than the former output.

Update Scripts Database

Nmap comprises a collection of scripts with further functionalities. This suite is referred to as Nmap NSE.

Before the usage of the Nmap NSE replace the database through operating the command under.

30 nmap examples 30 Nmap Examples 1635831893 673 30 Nmap Examples

Once up to date, you’ll be able to continue with Nmap NSE.

Get Devices OS, Workgroup, Domain, Device Name Over SMB Protocol

The following instance makes use of the NSE script –script smb-os-discovery (https://nmap.org/nsedoc/scripts/smb-os-discovery.html) in opposition to complete remaining 2 octets of the community 172.31.X.X

nmap -p 445 –script smb-os-discovery 172.31.*.*

30 nmap examples 30 Nmap Examples 1635831894 445 30 Nmap Examples

As you’ll be able to see within the screenshot under, the primary conceivable inclined goal used to be one.

30 nmap examples 30 Nmap Examples 1635831894 603 30 Nmap Examples

The screenshot under unearths a brand new inclined goal used to be discovered.

30 nmap examples 30 Nmap Examples 1635831894 67 30 Nmap Examples

Two Windows XP computer systems had been discovered, nice applicants for a Idle scan which might be defined later under on this instructional.

Finding Zombie for Idle Scan

The following instance presentations the way to seek for a zombie candidate to execute an Idle scan through scanning the remaining octet of the ten.100.100.X community through the usage of the NSE script ipidseq (https://nmap.org/nsedoc/scripts/ipidseq.html).

nmap -p80 –script ipidseq 10.100.100.*

30 nmap examples 30 Nmap Examples 1635831895 691 30 Nmap Examples

Another solution to in finding possible zombie applicants for Idle scans:

nmap -Pn -O -v 192.168.56.102

30 nmap examples 30 Nmap Examples 1635831895 278 30 Nmap Examples

Executing an Idle Scan

Running an Idle scan the usage of a candidate discovered within the earlier step.

nmap -Pn  -sI 10.100.100.108 -p80,21,22,443 172.31.124.141

30 nmap examples 30 Nmap Examples 1635831896 357 30 Nmap Examples

Another Idle scan the usage of the similar candidate in opposition to a gateway:

nmap -Pn -sI 172.31.100.108 -p80,21,22,443 172.31.99.2

30 nmap examples 30 Nmap Examples 1635831896 126 30 Nmap Examples

An Idle scan in opposition to the FTP of a router the usage of a Windows 98 virtualized tool:

nmap -Pn -sI  192.168.56.102 -p21 192.168.0.1

30 nmap examples 30 Nmap Examples 1635831896 982 30 Nmap Examples

Scanning Ranges for Vulnerabilities

The following instance presentations the wildcard implementation to scan a complete octet’s vary.

nmap -v –script vuln  172.31.100.*

30 nmap examples 30 Nmap Examples 1635831897 771 30 Nmap Examples

Below, you’ll be able to see an output pattern.

30 nmap examples 30 Nmap Examples 1635831897 163 30 Nmap Examples

Scanning for smb-vuln-ms08-067 Vulnerability

The following scan makes use of the NSE script smb-vuln-ms08-067 (https://nmap.org/nsedoc/scripts/smb-vuln-ms08-067.html) to seek for a far flung execution vulnerability on two remaining octets of the community through enforcing the wildcard two times.

nmap -p445 –script smb-vuln-ms08-067 172.31.*.*

30 nmap examples 30 Nmap Examples 1635831898 910 30 Nmap Examples

Brute Force Against SSH with Nmap NSE

Nmap NSE (Nmap Scripting Engine) used to be deeply lined within the Nmap NSE instructional. This instance presentations the way to use the Nmap scripting engine to bruteforce the objective ssh.

For this assault we will be able to use the NSE script named ssh-brute.nse.

nmap –script ssh-brute.nse 192.168.0.3

30 nmap examples 30 Nmap Examples 1635831898 615 30 Nmap Examples

As you’ll be able to see, NSE will learn a listing together with username and password pairs. Of direction, you’ll be able to supply NSE your customized record.

Conclusion

I am hoping all Nmap examples proven on this instructional had been helpful to you. Nmap is most certainly the most efficient community scanner out there. Despite sooner answers, like Mass Scan, Nmap leads with more than one options and further scripts. You may write your individual NSE scripts to make use of with Nmap.

As you’ll be able to see, regardless of its energy, Nmap will also be simply performed through any Linux stage person. Deep Nmap finding out could be very positive for any person coping with networking.

Thank you for studying this instructional appearing 30 Nmap examples. Keep following Linux Hint for added Linux pointers and tutorials.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More