Nmap Arabic Network Scanning

~~
Nmap Arabic Network Scanning :
..
~~
~~
Nmap Arabic

Copyright abdallah kurdi
.. :
/http://abd-kurdi.blogspot.com
http://www.Arhack.net
University of California, Berkeley CentOS is property of CentOS Ltd. .A

Debian are Software in the Public Interest, Inc .B
Fedora is a registered trademark of Red Hat, Inc .C
FreeBSD is a registered trademark of The FreeBSD Foundation .D
Gentoo is a registered trademark of The Gentoo Foundation .E
Linux is the registered trademark of Linus Torvalds .F
Mac OS X is a registered trademark of Apple, Inc. .G
Windows is a registered trademark of Microsoft Corporation .H
Nmap is a registered trademark of Insecure.Com LLC .I
Red Hat is a registered trademark of Red Hat, Inc. .J
Ubuntu is a registered trademark of Canonical Ltd. .K
UNIX is a registered trademark of The Open Group .L
BSD
. .
/ " "

~~
~~

.............................................................................................................................................................
: ......................................................................Nmap
: .........................................................
: .........................................................................
: .........................................................
: ....................................................
: .....................................................
: .......................................................................
: ............................................................
: .......................................................................
: .....................................
: ........................................................Zenmap
Nmap : )......................................................(NSE
: ).........................................................(Ndiff
: ........................................................................
: )....................................................................................................(Nmap
: )...............................................................................................(Nmap
: )............................................................................................................(CIDR
: )................................................................................(TCP/IP
~~
~~

...................................................................................................................
....................................................................................................................................................
: : ).........................................................................................................(Nmap
................................................................................................................................................................
) (Nmap ...............................................................................................................................................XP/
)(Nmap ........................................................................................................................................
............................................................................................................................................
)(Nmap .......................................................................................................................................
) (Nmap ................................................................................................................................ . Mac OS X
: ...................................................................................................
.............................................................................................................................................
................................................................................................................................................... .....................
.....................................................................................................................................................................
................................................................................................................................................. .............IP
..................................................................................................................................................................
................................................................................................................................................... ...................
........................................................................................... ................................................................
............................................................................................................................... .....................
........................................................................................................................................... ...............
........................................................................................................................ .....................................
)...................................................................................................................................................... (IPv6
: ..........................................................................................................
..........................................................................................................................................................
).................................................................................................................................................................. (Ping
)........................................................................................ ............................................................... (Ping
) ( Ping ......................................................................................................................................TCP SYN
) (Ping .........................................................................................................................................TCP ACK
) (Ping ................................................................................................................................ ................ UDP
...................................................................................................................................................................SCTP INIT Ping
..................................................................................................................................................................ICMP Echo Ping
)(Ping )....................................................................................................................................................... (ICMP
ICMP Address MaskPing .....................................................................................................................
IP Protocol Ping .......................................................................................................... Ping
............................................................................................................................................................................ ARP Ping
Trace route ...........................................................................................................................................................
)............................................................................................................................................................... (DNS
) (DNS ........................................................................................................................................................
~~
).....................................................................................................................................................(DNS
) / (DNS ................................................................................................................................................
...................................................................................................................................................... (HOST)/
: ..........................................................................................
/ ................................................................................................................................
).......................................................................................................................................( TCP SYN
).....................................................................................................................................................(TCP
)................................................................................................................................................................ (UDP
)......................................................................................................................................................( TCP NULL
)......................................................................................................................................................... ( TCP FIN
)...........................................................................................................................................................(Xmas
).......................................................................................................... ...................................(TCP
).............................................................................................................................................. (TCP ACK
) .....................................................................................................................................(IP Protocol
)(Ethernet .......................................................................................................................................................
............................................................................... ........................................................................................ IP
: ................................................................................/
........................................................................................................................... /
.....................................................................................................................................................
/ .....................................................................................................................................................
...........................................................................................................................................................
..............................................................................................................................................................
..................................................................................................................................................................
.......................................................................................................................................................
...........................................................................................................................................
: ...................................................................................
.....................................................................................................................................................
............................................................................................................................................................
)......................................................................................................................................................... (TCP/IP
..................................................................................................................................................
..........................................................................................................................................................
................................................................................................................................
)..................................................................................................................................................... (RPC
: .........................................................................................................
.................................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................................
..........................................................................................................................................
~~
.............................................................................................................................................
........................................................................................... ..................................................
...........................................................................................................................................
)............................................................................................................................................................. (RTT
)............................................................................................................................................................. (RTT
..............................................................................................................................................
)..........................................................................................................................................................( TTL
.........................................................................................................................................................
..............................................................................................................................................
.............................................................................................................................................
...........................................................................................................................................................
.........................................................................................................................................................
.....................................................................................................................................
: .......................................................................................
............................................................................................................................
.......................................................................... ....................................................................................
)................................................................................................................................. (MTU
.................................................................................. .........................................................................
).............................................................................................................................................. (Idle Zombie
....................................................................................... ...............................................................
.............................................................................................................................................................
.............................................................................................................................................
)........................................................................................................................................................... (MAC
.............................................................................................................................................................
: .........................................................................................................
...................................................................................................................................................
..........................................................................................................................................................
)..................................................................................................................................................... (XML
).......................................................................................................................................... (Grepable
........................................................................................ .................................................
..................................................................................................................................................
).......................................................................................................................... .................................... (133t
~ ~
: ...................................................................
...............................................................................................................
....................................................................................................................................................
).................................................................................................................................................... (Nmap
....................................................................................................................................................................
......................................................................................................................................................................
................................................................................................................ ..............
........................................................................................................................................................
..................................................................................................................................................................
............................................................................................................................................
......................................................................................................................................................
~ ~
(Zenmap) : .............................................................................
)....................................................................................................................... (Zenmap
).............................................................................................................................................. (Zenmap
).......................................................................................................................................... (Zenmap
).............................................................................................................................................. (Zenmap
...................................................................................................................................................................
............................................................................. ..........................................................................
...................................................................................................................................................
......................................................................................................................................................
........................................................................................................................................................
..................................................................................................................................................
.....................................................................................................................................
.......................................................................... ...................................................................
........................................................................................................................................
(Nmap) : ..............................................................................(NSE).
)..................................................................................................................................... (Nmap
) (Script ................................................................................................................................................
) (Script ...........................................................................................................................................
)........................................................................................................................................................ (Script
) (Script ....................................................................................................................................
) (Script .............................................................................................................................................
)....................................................................................................................................................... (Script
)............................................................................... ........................................................... (Script
........................................................................................................... Ndiff :
).................................................................................................................................................. (Ndiff
) (Ndiff ...................................................................................................................................
)..................................................................................................................................... (Ndiff
)....................................................................................................................................... (XML
: ..................................................................................................
............................................................................................................................................
~ ~
...................................................................................................................................................
.............................................................................................................................................
........................................................................................................................................................
...............................................................................................................................................
.............................................................................................................................................................. Wireshark
............................................................................................................................................ Scanme.Insecure.org
)(Nmap ......................................................................................................................................
).................................................................................................................................... (Nmap
.......................................................................................................................................
)....................................................................................................................................... (CIDR
)................................................................................................................ ( TCP/IP
~ ~
)(Nmap

: ^__^ )(HECR.SYRIA
~ ~
~ ~
)(Nmap GNU
www.gnu.org/copyleft/gpl.html
)(TCP / IP
) (Nmap ""
.

) (Nmap .
/ :
) (
Windows Mac OS X
Nmap ) (NSE ) (
Ndiff )) (Nmap (
) Zenmap (
Nmap . Nmap :
~ ~
~ ~
Nmap Nmap Nmap

.www.seclists.org/nmap-dev
: ) (Nmap
) (Nmap
www.insecure.org/search.html
. Nmap
(Nmap) www.nmap.org / /.
TCP/IP
) (Nmap )(
/www.nmap.org/submit ..............
Nmap
Nmap .
Nmap .insecure.org
.www.insecure.org/advertising.html
~ ~

C:\>nmap scanme.insecure.org
) (Nmap
$nmap scanme.insecure.org
) (Nmap X OS / /
#nmap scanme.insecure.org
/ / OS X Root/
$sudo nmap scanme.insecure.org

X OS / /
:

#nmap -T2 scanme.insecure.org

:
) (T2 ) (t2
100
~ ~
: )(Nmap
~ ~

)(Nmap Microsoft Windows OS .X
Nmap Nmap .
OS X
.
Mac OS

) (nmap
:
Nmap Windows
Nmap
Nmap ) (
Nmap Mac OS X
~ ~
Nmap Windows
...
Nmap .www.nmap.org
...
. Nmap )( (Nmap) .
Windows
~ ~

) (WinPcap
)(WinPcap
~ ~

) (WinPcap ) (WinPcap
) (Nmap )(WinPcap
WinPcap
~ ~

( Nmap)
./ / /
C:\Users\ABD>nmap scanme.insecure.org
Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 Pacific Standard Time
(Nmap scan report for scanme.insecure.org (74.207.244.221

.(Host is up (0.24s latency
rDNS record for 74.207.244.221: scanme.nmap.org
Not shown: 963 closed ports, 34 filtered ports
PORT
STATE SERVICE
tcp open ssh/

tcp open http/
tcp open nping-echo/
Nmap done: 1 IP address (1 host up) scanned in 8.16 seconds
Nmap
( Nmap)
~ ~
Nmap
) (Nmap .
)) (Nmap .(

.....
# apt-get install Nmap
....
# yum install Nmap
....
# Emerge Nmap
Nmap :
# Nmap -V
Nmap version 6.25 ( http://nmap.org
~ ~
Nmap .....
6.25Nmap www.nmap.org
Nmap
Nmap .
...
www.nmap.org/download.html

$ wget http://nmap.org/dist/nmap-6.25.tgz
--2013-04-9 10:46 -- http://nmap.org/dist/nmap-6.25.tgz
Resolving nmap.org... 64.13.134.48

Connecting to nmap.org|64.13.134.48|:80... connected.
HTTP request sent, awaiting response... 200 OK
[Length: 9902346 (9.4M) [application/x-tar
'Saving to: `nmap-6.25.tgz
M/s in 7.5s. ,, [<================================]%
Nmap

Nmap :
$ tar -xf nmap-6.25.tgz
...
~ ~
....
/.configure && make . ( cd nmap -6.25/). Nmap
$ cd nmap-6.25/
$ ./configure && make
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
...
...
.
:

$ sudo make install
Password: ********
/usr/bin/install -c -d /usr/local/bin /usr/local/share/man/man1

/usr/local/share/nmap
/usr/bin/install -c -c -m 755 nmap
/usr/local/bin/nmap /usr/bin/strip -x /usr/local/bin/nmap
/usr/bin/install -c -c -m 644 docs/nmap.1 /usr/local/share/man/man1/
/usr/bin/install -c -c -m 644 docs/nmap.xsl /usr/local/share/nmap/
NMAP SUCCESSFULLY INSTALLED
$
~ ~
...
( Nmap)
$ nmap local host
Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 CDT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on e6400 (127.0.0.1):
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp
open
ssh
25/tcp
open
smtp
111/tcp open
rpcbind
139/tcp open
netbios-ssn
445/tcp open
microsoft-ds
631/tcp open
ipp
2049/tcp open nfs

Nmap
~ ~
Nmap Mac OS X
..
) (Nmap Mac OS X www.nmap.org
: ) (Nmap Mac OS X
. 5.00
..
Nmap . . Nmap
~ ~
..
)( . Nmap . .
~ ~
..
. Nmap
Nmap Mac OS X
~ ~
...
Nmap nmap local host Mac OS X
Terminal Terminal
Nmap Mac OS X
Nmap .
~ ~
~ ~

. Nmap :
. Nmap
. ..

Nmap Sudo .
.
.
~ ~
) (Nmap IP ) (Nmap
IP .. XXX
... Nmap (xxx) :

C:\Users\ABD>nmap 192.168.10.1

Nmap scan report for 192.168.10.1
Host is up (0.029s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
80/tcp open http
>C:\Users\ABD
. .
SERVICE

STATE

POTR

http
open
80/tcp
\ ) (TCP/IP ...

~ ~

) (Nmap . IP ) (.
Nmap ( XXX1 XXX2 ) :

C:\Users\ABD>nmap 192.168.10.1 192.168.10.100 192.168.10.101

PORT STATE SERVICE
80/tcp open http

PORT STATE SERVICE
80/tcp open http
Nmap done: 3 IP addresses (2 hosts up) scanned in 36.40 seconds
>C:\Users\ABD
Nmap .
: Nmap
192.168.1.1,100,101 . ^_^
~ ~
IP
IP .
) : ( Nmap
C:\Users\ABD>Nmap 192.168.10.1-100
Interesting ports on 192.168.10.1:
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp closed ftp
80/tcp open http
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
IP
Nmap IP 192.168.10.1 .192.168.10.1,100

/ . 192.168.1.100* Nmap IP
* 192.168.1.100 * 192.168.1.100 IP
: )*( 255.0
~ ~
Nmap ) (CIDR ) (/
) : Nmap (CIDR/
C:\Users\ABD>Nmap 192.168.10.1/24
PORT STATE SERVICE
21/tcp closed ftp
23/tcp closed telnet
80/tcp open http
PORT STATE SERVICE
22/tcp open ssh
2049/tcp open nfs
Nmap done: 256 IP addresses (2 hosts up) scanned in 8.78 second
(/) CDIR
Nmap 192.168.10.1 (/) CIDR ) ( .

~ ~
) IP (
Nmap .
:
Nmap iL ^_^
192.168.10.1
192.168.10.100
192.168.10.101
192.168.10.1 192.168.10.100 192.168.10.101
list.txt . list.txt
C:\Users\ABD>nmap -iL C:\Users\ABD\Desktop\list.txt.txt

Stats: 0:00:19 elapsed; 1 hosts completed (2 up), 2 undergoing SYN Stealth Scan
)SYN Stealth Scan Timing: About 84.90% done; ETC: 20:24 (0:00:01 remaining
PORT STATE SERVICE
80/tcp open http
PORT STATE SERVICE
80/tcp open http

list.txt
-iL Nmap .list.txt
~ ~
) (iR ) ( . ) (Nmap
....
Nmap iR XXX :
C:\Users\ABD>nmap -iR 1
>C:\Users\ABD
IP
: .
) (-iR1 Nmap IP .
) (.
.
~ ~
) (--exclude
Nmap XXX/24 --exclude XXX :
C:\Users\ABD>192.168.10.0/24
--exclude 192.168.10.100
Starting Nmap 6.25 ( http://nmap.org ) 2013-04-9 10:46 CDT
PORT STATE SERVICE
21/tcp closed ftp
80/tcp open http
...
IP
^_^
) (--exclude ) (IP . 192.168.1.10.000

.
/ CIDR )/ (CIDR
.
C:\Users\ABD>Nmap 192.168.10.0/24 --exclude 192.168.10.100
~ ~
txt.
) (--excludefile ) (--exclude ) (file
192.168.10.1 192.168.10.100 192.168.10.101

192.168.10.1
192.168.10.100
192.168.10.101
--excludefile list.txt
C:\Users\ABD>nmap 192.168.10.0/24 --excludefile list.txt
PORT STATE SERVICE
22/tcp open ssh
2049/tcp open nfs
Nmap done: 253 IP addresses (1 host up) scanned in 33.10 second
list.txt ^_^.
~ ~
. ( Nmap )( A-)
Nmap -A XXX :
C:\Users\ABD>nmap -A 10.10.1.51
PORT STATE SERVICE VERSION
80/tcp open http Linksys WAP54G wireless-G router http config
|_ html-title: 401 Unauthorized
| http-auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = Linksys WAP54G
MAC Address: 00:12:17:AA:66:28 (Cisco-Linksys)
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.18 - 2.4.35 (likely embedded)
Network Distance: 1 hop
Service Info: Device: WAP
OS and Service detection performed. Please report any incorrect results
at http://nmap.org/submit/ .
. Nmap
( A-)

~ ~
IPv6
( IPv6)( -6)
(Nmap) -6 xxx :
C:\Users\ABD>nmap -6 fe70::29aa:9db8:4154:d80e
Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46
Central Daylight Time
Interesting ports on fe80::29aa:9db9:4164:d80e:
PORT STATE SERVICE
135/tcp open msrpc
5357/tcp open unknown
IPv6
Nmap . IPv6
.(/) CIDR IPv6 IPv6
IPv6 IPv6 :
~ ~
~ ~
Nmap ICMP " " .

Nmap .
ICMP Nmap
) ICMP (.
.
.
-PN
-sP
-PS
-PA
-PU
-PY
-PE
-PP
-PM
-PO
-PR
--traceroute
-R
-n
--system-dns
--dns-servers
-sL
Dont Ping
Perform a Ping Only Scan
TCP SYN Ping

TCP ACK Ping
UDP Ping
SCTP INIT Ping
ICMP Echo Ping
ICMP Timestamp Ping
ICMP Address Mask Ping
IP Protocol Ping
ARP Ping
Traceroute
Force Reverse DNS Resolution
Disable Reverse DNS Resolution
Alternative DNS Lookup
)Manually Specify DNS Server(s
Create a Host List
~ ~
Dont Ping
..
( Nmap ) ping .

Nmap Ping )(-PN
Nmap XXX :
C:\Users\ABD>nmap 10.10.5.11
Note: Host seems down. If it is really up, but blocking our ping probes,
try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.16 seconds
Nmap )(-PN) (Ping
) (Nmap
) Ping (-PN
Nmap PN XXX :
C:\Users\ABD>nmap -PN 10.10.5.11
PORT STATE SERVICE
80/tcp open http
>C:\Users\ABD
)(-PN
-PN Nmap
~ ~
Ping Only Scan
) (-sP ping .
Nmap -sP:
C:\Users\ABD>nmap -sP 192.168.10.1/24

>C:\Users\ABD
ping
.
252 192.168.10.1 .
Nmap sP XXX :
C:\Users\ABD>nmap -sP 192.168.1.100/24

Starting Nmap 6.25 ( http://nmap.org ) at 2012-12-31 18:08 Pacific Standard Tim
)MAC Address: 59:DC:11:32:1C:65 (Cisco-Linksys
Host is up.
>C:\Users\ABD
ping )()(
~ ~
TCP SYN Ping

) TCP SYN (-PS .ping
: ) (Ping
.... TCP SYN
Nmap PS port1,port2,port3, XXX :

C:\Users\ABD>nmap PS scanme.insecure.org
)Nmap scan report for scanme.insecure.org (74.207.244.221
STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
9929/tcp open nping-echo
>C:\Users\ABD
)(-PS) SYN TCP (ping
) (SYN TCP) (ping SYN .

ICMP . ICMP
) (SYN TCP
:
) (-PS 80
.. -PS 80,25,23,21
^_^
~ ~
TCP ACK Ping

) (TCP ACK) (-PA) ( ping .
Nmap PA port1,port2,port3,port4 192.168.1.254 :
C:\Users\ABD>nmap -PA 192.168.1.1

STATE SERVICE
open http
PORT
80/tcp
443/tcp open https

)MAC Address: 98:FC:11:99:1C:90 (Cisco-Linksys
>C:\Users\ABD
)TCP ACK (Ping
) (Nmap)(-PA TCP ACK . SYN TCP

TCP . )( TCP ACK) (Ping
ICMP.
:
) (PS-
.. PS 80,25,23,21-
^_^
~ ~
UDP Ping
(UDP Ping) : ) (-PU
Nmap PU XXX :
C:\Users\ABD>nmap -PU 69.68.182.258

)Nmap scan report for 241.box203.quadra10c.serveex.com (66.63.184.241
STATE SERVICE
PORT
21/tcp open ftp

587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
5666/tcp open nrpe
>C:\Users\ABD
)(UDP/Ping
UDP UDP
.

.TCP
: ) (UDP ) (40125
... nmap PU22,80,25,445
~ ~
SCTP INIT Ping

) (-PY ) (Nmap )(SCTP INIT Ping
nmap PY port1,port2,port3 :
sxxC:\Users\ABD>nmap -PY 192.168.1.254

Interesting ports on home (192.168.1.254):
PORT STATE SERVICE
80/tcp open http
443/tcp open https
)MAC Address: 00:25:3C:5F:5A:89 (2Wire
)(SCTP INIT Ping
).(SCTP
SCTP .
PY- . :
nmap -PY22,80,445,20,25.
~ ~
ICMP Echo Ping
PE ) ICMP Echo Ping ( .
Nmap PE XXX :
C:\Users\ABD>nmap -PE 192.168.1.1

STATE SERVICE
open http
PORT
80/tcp
443/tcp open https

)MAC Address: 78:SD:11:88:1C:90 (Cisco-Linksys
>C:\Users\ABD
)(-PE
) (-PE ICMP ) (Echo Ping .

ICMP.
ICMP .
: ) (-PE ) (Ping
.
~ ~
ICMP Timestamp Ping

) (ICMP Timestamp Ping )(-PP
nmap PP XXX :
C:\Users\ABD>nmap -PP 192.168.1.254

Interesting ports on home (192.168.1.254):
PORT STATE SERVICE
80/tcp open http
443/tcp open https
)MAC Address: 00:25:3C:5F:5A:89 (2Wire
ICMP Timestamp Ping:
ICMP
ICMP
. -PP
.
~ ~
ICMP Address Mask Ping
(-PM) ICMP Address Mask Ping
nmap PM XXX :
C:\Users\ABD>nmap -PM 192.168.1.1
PORT
80/tcp
STATE SERVICE
open http
443/tcp open https

MAC Address: 88:FC:11:88:1C:90 (Cisco-Linksys)
C:\Users\ABD>
PM
. ICMP ICMP (-PP )

.( ICMP)
~ ~
IP Protocol Ping
) (IP Protocol Ping )(-PO
nmap PO Protocol1,Protocol2,Protocol3 :
C:\Users\ABD>nmap -PO 192.168.1.1

STATE SERVICE
open http
PORT
80/tcp
443/tcp open https

>C:\Users\ABD
) (IP Ping
) (ICMP) (IGMP

) (nmap PO ICMP,IGMP )(IGMP,2) (ICMP,1
:
www.iana.org/assignments/protocol-numbers
~ ~
ARP Ping
)) (ARP Ping ( )(-PR
nmap PR XXX :
C:\Users\ABD>nmap -PR 192.168.1.1

STATE SERVICE
open http
PORT
80/tcp
443/tcp open https

>C:\Users\ABD
)(-PR
) (-PR
) (Ping .
LAN ) ARP (.
: ARP .

~ ~
Traceroute
( Traceroute)
.( --traceroute)
nmap traceroute XXX :

C:\Users\ABD>nmap --traceroute scanme.insecure.org
Nmap scan report for scanme.insecure.org (74.207.244.221)
PORT
STATE SERVICE
22/tcp open ssh

80/tcp open http
TRACEROUTE (using port 80/tcp)
HOP RTT
ADDRESS
1 6.00 ms 192.115.1.1
2 34.00 ms 192.115.10.3
3 34.00 ms scanme.nmap.org (74.207.244.221)
C:\Users\ABD>

( tracepath)( traceroute)
. ( nmap)
~ ~
Force Reverse DNS Resolution
) (-R ) (DNS ) (rDNS ) (Nmap ) (IP

) (IP
nmap R XXX :
C:\Users\ABD>nmap -R 64.13.134.52
)Nmap scan report for scanme.nmap.org (64.13.134.52
STATE SERVICE
PORT
open ssh
22/tcp
open domain
53/tcp
closed gopher
70/tcp
open http
80/tcp
113/tcp closed ident

31337/tcp closed Elite
>C:\Users\ABD
) (DNS
) (-R ) (IP
DNS
) ( Nmap ^_^
: ) (NMAP

~ ~
Disable Reverse DNS Resolution
(-n) ( DNS)
C:\Users\ABD>nmap -n 64.13.134.52
PORT
STATE SERVICE
22/tcp
open ssh
53/tcp
open domain
70/tcp
closed gopher
80/tcp
open http
113/tcp closed ident

C:\Users\ABD>
( DNS)
. Nmap DNS
. ( -n )
. DNS
~ ~
Alternative DNS Lookup Method
( nmap)( --system-dns) ( DNS)

.( nmap) ( DNS)
nmap system-dns :
C:\Users\ABD>nmap --system-dns 33.19.184.315

Nmap scan report for 241.box203.quadra10c.serveex.com (33.19.145.315)
PORT
STATE SERVICE
21/tcp open ftp

53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
5666/tcp open nrpe
C:\Users\ABD>
DNS Nmap
.
. Nmap DNS
~ ~
)Manually Specify DNS Server(s
)( DNS ) (--dns-servers DNS .
nmap--dns-servers (server1,server2,server3) :
C:\Users\ABD>nmap --dns-servers 208.67.222.222,208.67.220.220 scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD
DNS
Nmap DNS .
) (--dns-servres Nmap .
DNS
.DNS

: .IPv6
~ ~
Create a Host List
DNS ( IP) ( -SL )
nmap sL XXX :
C: \Users\ABD>nmap -sL 10.10.1.1/24

Host 10.10.1.0 not scanned
Host router.nmapcookbook.com (10.10.1.1) not scanned
Host server.nmapcookbook.com (10.10.1.2) not scanned
Host mylaptop.nmapcookbook.com (10.10.1.5) not scanned
Host mydesktop.nmapcookbook.com (10.10.1.9) not scanned
Host mydesktop2.nmapcookbook.com (10.10.1.10) not scanned
...
Nmap
. DNS IP . DNS
.. IP DNS
~ ~
~ ~
~ ~

) (NMAP .
) ( Nmap TCP .
) TCP (UDP
) (Nmap .
.
-sS
TCP SYN Scan
-sT
TCP Connect Scan
-sU
UDP Scan
-sN
TCP NULL Scan
-sF
TCP FIN Scan
-sX
Xmas Scan
-sA
TCP ACK Scan

Custom TCP Scan
--scanflags
IP Protocol Scan
-sO
--send-eth
Send Raw Ethernet Packets
--send-ip
Send IP Packet
: /
.
~ ~
TCP SYN
) (TCP SYN )(-sS
nmap sS XXX :
C:\Users\ABD>nmap -sS 192.168.1.1

STATE SERVICE
open http
PORT
80/tcp
443/tcp open https

)MAC Address: 98:FC:22:99:1D:25 (Cisco-Linksys
>C:\Users\ABD

) (TCP SYN
) /( ....
) (TCP SYN ) (TCP
) (SYN
.
.
:
) (TCP SYN
~ ~
TCP Connect Scan

TCP
) (TCP )(-sT
nmap sT XXX :
C:\Users\ABD>nmap -sT 192.168.1.1

STATE SERVICE
open http
PORT
80/tcp
443/tcp open https

>C:\Users\ABD

. )(IPV6
TCP
) .(
: .
) (-sS
~ ~
UDP Scan
UDP
(( ) UDP) ( -sU)
nmap sU XXX :
C:\Users\ABD>nmap -sU 10.10.1.41

PORT STATE SERVICE
7/udp open echo
9/udp open|filtered discard
13/udp open daytime
19/udp open chargen
37/udp open time
69/udp open|filtered tftp
111/udp open|filtered rpcbind
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
177/udp open|filtered xdmcp
514/udp open|filtered syslog
518/udp open|filtered ntalk
1028/udp open|filtered ms-lsa
1030/udp open|filtered iad1
2049/udp open|filtered nfs
MAC Address: 00:60:B0:59:B6:14 (Hewlett-packard CO.)
UDP
.UDP
.UDP ( SNMP DHCP DNS ) TCP
./ / TCP UDP
~ ~
TCP NULL Scan

)(TCP NULL
) (-sN )(TCP NULL
nmap sN XXX :
C:\Users\ABD>nmap -sN 10.10.1.48

CDT
PORT STATE SERVICE
21/tcp open|filtered ftp
22/tcp open|filtered ssh
25/tcp open|filtered smtp
80/tcp open|filtered http
111/tcp open|filtered rpcbind
2049/tcp open|filtered nfs
)MAC Address: 00:0C:29:D5:38:F4 (VMware

TCP NULL Nmap . TCP .0

NULL .
)(--scanflags 73
~ ~
TCP FIN Scan

)(TCP FIN
) (TCP FIN )(-sF
nmap sF XXX :
C:\Users\ABD>nmap -sF 192.168.1.1

SERVICE
STATE
open|filtered http
PORT
80/tcp
443/tcp open|filtered https

49152/tcp open|filtered unknown
>C:\Users\ABD

) (-sF ) (NMAP ) (TCP ACK .

.
: .
)(--scanflags 73
~ ~
Xmas Scan
)(Xmas
)(Xmas ^_^ )(-sX
nmap sX XXX :
C:\Users\ABD>nmap -sX 192.168.1.1

SERVICE
STATE
open|filtered http
PORT
80/tcp
443/tcp open|filtered https

49152/tcp open|filtered unknown
)MAC Address: 93:FA:11:39:1D:20 (Cisco-Linksys
>C:\Users\ABD

) (NMAP FIN URGPSH

) (--Scanflags 73
~ ~
Custom TCP Scan

(TCP)
(TCP) ( --scanflags)
nmap --scanflags XXX :

C:\Users\ABD>nmap --scanflags SYN 22.23.184.241
PORT
STATE SERVICE
143/tcp open imap

161/tcp closed snmp
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>

TCP ( --scanflags)

(--scanflags FIN ACK)
SYN
ACK
PSH
URG
RST
FIN
Flag
Usage
SYN
Synchronize
ACK
Acknowledgment
PSH
Push
URG
Urgent
RST
Reset
FIN
Finished
(TCP)
~ ~
TCP ACK Scan

) (-sA )(TCP ACK
(nmap sA XXX) :
C:\Users\ABD>nmap -sA 10.10.1.70

SERVICE
PORT STATE
80/tcp unfiltered http

>C:\Users\ABD
)(TCP ACK
) (-sA
) (TCP ACK ) (Nmap )(RST
.
) (RST .
80
: ) (-sA /

~ ~
IP Protocol Scan
) (IP Protocol Scan )(-sO
(nmap sO XXX) :
3C:\Users\ABD>nmap -sO 10.10.1.41
Not shown: 255 open|filtered protocols
PROTOCOL STATE SERVICE
tcp
open
icmp
open
udp
open
17

>C:\Users\ABD
)(IP Protocol
) (IP Protocol ) (IP .

) (ICMP,UDP TCP

: IP IANA
www.iana.org/assignments/protocol-number
~ ~
Send Raw Ethernet Packet

( nmap) ( --send-eth)
(nmap send-eth) :
C:\Users\ABD>nmap --send-eth 11.63.11.211

PORT
STATE SERVICE

80/tcp open http
110/tcp open pop3
143/tcp open imap
161/tcp closed snmp
465/tcp open smtps
C:\Users\ABD>

. IP Nmap
.IP
(--send-ip) (77)
~ ~
Send IP Packets
(IP)
( ip) ( nmap) ( --send-ip)
(nmap send-ip) :
C:\Users\ABD>nmap --send-ip 10.10.1.51

PORT STATE SERVICE
80/tcp open http
443/tcp open https
(IP)
( nmap) ( IP)
(--send-eth) (76)
~ ~
~ ~

Port Scanning Options
~ ~
TCP / IP 131070 (65535 TCP UDP 65535). Nmap .

.
.
.
) (TCP 65536 TCP/IP 131070 +.

) (UDP 65536 ) (NMAP .
1000 1000.
) (NMAP 1000.
.... .
.......
: TCP / IP IANA
.www.iana.org/assignments/port-numbers
-F
}-p{port
}-p{port
}-p U:{UDP ports}, T:{TCP ports
"*" -p
}--top-ports{number
-r
~ ~
Perform a Fast Scan

100 ( -F)
(nmap F XXX) :
C:\Users\ABD>nmap -F 72.29.72.224
Nmap scan report for quela.dizinc.com (72.29.72.224)
PORT
STATE SERVICE
443/tcp open https

465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
C:\Users\ABD>

. 1000 ( NMAP)
. 100 ( -F)
~ ~

Scan Specific Ports
( -p)
(nmap p {port} {XXX} ) :
C:\Users\ABD>nmap -p 80 33.29.88.252
PORT STATE SERVICE
80/tcp open http
C:\Users\ABD>

(nmap -p 80,20,25,445,-200 {XXX} ) :
C:\Users\ABD>nmap -p 80,25,445,20-200 72.29.72.224

PORT
STATE SERVICE

21/tcp open ftp
26/tcp open rsftp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
C:\Users\ABD>

200 ( -F)
~ ~

Scan Ports by Name
) (-F .
(nmap p imap,http XXXX ) :
C:\Users\ABD>nmap -p imap,http 88.28.7.274

)Nmap scan report for quela.dizinc.com (88.44.22.333
SERVICE
STATE
PORT
http
80/tcp open
imap
143/tcp open
8008/tcp filtered http

>C:\Users\ABD

) (imap,http ). (-F
.
)*( .... http,https.
(nmap p "http*" XXX )....
~ ~

Scan Ports by Protocol
) (U,T sU UDP
sT . TCP
) (-p .
(nmap sU sT p U:53,T:25 XXXX) :
C:\Users\ABD>nmap -sT -sU -p U:53,T:25 33.55.88.99

SERVICE
smtp
PORT STATE
25/tcp filtered
53/udp open|filtered domain

>C:\Users\ABD

: ) (nmap ) (TCP
) (UDP ) (-sU
~ ~

Scan All Ports
IP 65,535( -p"*")
(nmap p"*" XXX ) :
C:\Users\ABD>nmap -p"*" 66.35.256.25

Nmap scan report for 241.box203.quadra10c.serveex.com (98.4.45.6.)
PORT
STATE SERVICE

21/tcp open ftp
22/tcp closed ssh
26/tcp closed rsftp
80/tcp open http
110/tcp open pop3
143/tcp open imap
161/tcp closed snmp
443/tcp open https
465/tcp open smtps
623/tcp closed oob-ws-http
993/tcp open imaps
995/tcp open pop3s
2082/tcp open infowave
C:\Users\ABD>

~ ~

Scan Top Ports
) (--top-ports
(nmap top-ports 10 XXX ) :
C:\Users\ABD>nmap --top-ports 10 .15.25.156.55
STATE
SERVICE
ftp
PORT
21/tcp open
22/tcp closed ssh

23/tcp filtered telnet
25/tcp filtered smtp
http
80/tcp open
pop3
110/tcp open
139/tcp filtered netbios-ssn

https
443/tcp open
445/tcp filtered microsoft-ds

3389/tcp filtered ms-wbt-server
>C:\Users\ABD

) (nmap 1000 ) (-F

100 .
) (--top-ports ).(10
) (10 ). (1000
) (--top-ports 500 XXX ) (500 .
) (--top-ports 5000 XXX ) (5000 .
:
...................
~ ~

Perform a Sequential Port Scan
) (-r
(nmap r XXX ) :
C:\Users\ABD>nmap -r 66.63.184.241
STATE SERVICE
PORT

21/tcp open ftp
22/tcp closed ssh
26/tcp closed rsftp
80/tcp open http
110/tcp open pop3
143/tcp open imap
161/tcp closed snmp
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
>C:\Users\ABD

) (nmap
.
) (-r ) (nmap .
: ) (-r
) (-v .
~ ~
~ ~
~ ~
) Nmap ( .
.
.TCP / IP
Nmap .TCP / IP .
Nmap .
-O
--osscan-guess
-sV
--version-trace
RPC
-sR
~ ~
)(-o
(nmap O XXX ) :
C:\Users\ABD>nmap
Central Daylight Time
...
)MAC Address: 00:0C:29:D5:38:F4 (VMware
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.28
Network Distance: 1 hop
...

) (nmap .
) (nmap .
.
: ) (-O) (-v
~ ~
TCP/IP
.( nmap)
www.nmap.org/submit ( nmap)
... No exact OS matches for host (If you know what OS is running on it, see
http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=12/16%OT=3001%CT=1%CU=32781%PV=Y%DS=1%G=Y%M=00204A%TM=4B29
OS:4048%P=i686-pc-windows-windows)SEQ(CI=I%II=I%TS=U)OPS(O1=M400%O2=%O3=%O4
OS:=%O5=%O6=)OPS(O1=M400%O2=M400%O3=%O4=%O5=%O6=)OPS(O1=%O2=M400%O3=M400%O4
OS:=%O5=%O6=)OPS(O1=%O2=%O3=M400%O4=%O5=%O6=)OPS(O1=M400%O2=%O3=M400%O4=%O5
OS:=%O6=)WIN(W1=7FF%W2=0%W3=0%W4=0%W5=0%W6=0)WIN(W1=7FF%W2=7FF%W3=0%W4=0%W5
OS:=0%W6=0)WIN(W1=0%W2=7FF%W3=7FF%W4=0%W5=0%W6=0)WIN(W1=0%W2=0%W3=7FF%W4=0%
OS:W5=0%W6=0)WIN(W1=7FF%W2=0%W3=7FF%W4=0%W5=0%W6=0)ECN(R=Y%DF=Y%T=40%W=0%O=
OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=O
OS:%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=Z%A=S+%F=AR%RD=0%Q=)T2(R=Y%DF=Y%T=40%W=
OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=
OS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=
OS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF

.
.
~ ~
. ( nmap)
(--Oscan-guess)
(nmap -O --osscan-guess XXX ) :
C:\Users\ABD>nmap -O --osscan-guess 66.63.184.241

PORT
STATE SERVICE
143/tcp open imap

161/tcp closed snmp
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
Device type: specialized
Running (JUST GUESSING): AVtech embedded (88%)
Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (88%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
C:\Users\ABD>

. ( nmap)
.
(--osscan-guess) ( --fyzzy) :
.
~ ~
) (-sV
(nmap sV XXX ) :
C:\Users\ABD>nmap -sV 88.26.11.24.1
STATE SERVICE VERSION
PORT

Pure-FTPd
21/tcp open ftp

22/tcp closed ssh
26/tcp closed rsftp
Apache httpd 2.2.23 ((Unix) mod_ssl/2.2.23 OpenSSL/1.0.0
80/tcp open http
)-fips mod_bwlimited/1.4
465/tcp open ssl/smtp Exim smtpd 4.80
)993/tcp open ssl/imap Courier Imapd (released 2011
995/tcp open ssl/pop3 Courier pop3d
Service Info: Host: box203.exaservers.com
>C:\Users\ABD

) (-sV .
Nmap .
: ) (-sV .
9100-9107 .
.
) (--allports ) . (--allports sV
~ ~
. ( --version-trace)
(nmap version-trace XXX ) :

C:\Users\ABD>nmap --version-trace 66.63.184.241
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
Winpcap present, dynamic linked to: WinPcap version 4.1.2 (packet.dll version 4.
1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008)
--------------- Timing report --------------hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
--------------------------------------------Packet capture filter (device eth1): dst host 192.168.1.100 and (icmp or icmp6 o
r ((tcp or udp or sctp) and (src host 55.89.14.23)))
We got a TCP ping packet back from 56.92.38.123 port 80 (trynum = 0)
Overall sending rates: 11.14 packets / s, 423.40 bytes / s.
mass_rdns: Using DNS server 192.168.10.32

.
.10
~ ~
RPC
. ( -sR )
(nmap sR XXX ) :
C:\Users\ABD>nmap -sR 66.63.184.241
PORT

21/tcp open ftp
Pure-FTPd
22/tcp closed ssh

26/tcp closed rsftp
80/tcp open http
-fips mod_bwlimited/1.4)
110/tcp open pop3
Courier pop3d
143/tcp open imap
Courier Imapd (released 2011)
161/tcp closed snmp

443/tcp open http

C:\Users\ABD>
RPC
.( RPC) ( -sR )
. (NFS) ( RPC)
. 80/443 ( Apache 2.2.23 ((Uinx)) )
~ ~
.
Timing Options
~ ~
).(nmap
.
.
) ( .
.
}-T{0-5
-ttl
TLL
--min-parallelism
-max-parallslism
--min-hostgroup
--max-hostgroup
--max-rtt-timeout
RTT
--initial-rtt-timeout
RTT
--max-retries
--host-timeout
--scan-delay
--max-scan-delay
--min-rate
--max-rate
--defeat-rst-ratelimit
~ ~
/ :
) (nmap / .
.
/ .
)/ (
)(
300s
5m
1h
)(nmap
: (--host-timeout) : ). (108
:
nmap --host-timeout 30000 192.168.1.1

nmap --host-timeout 300s 192.168.1.1
nmap --host-timeout 5m 192.168.1.1
nmap --host-timeout 1h 192.168.1.1
h1=5m=300s=300000 .
~ ~
:
) (-T ). (nmap
(nmap T4 XXX ) :
C:\Users\ABD>nmap -T4 192.168.10.1
PORT STATE SERVICE
80/tcp open http
>C:\Users\ABD

) (.
6 5-0 ) ( ) (.
.
-T0
-T1
-T2
-T3
-T4
-T5
)(nmap
~ ~
) (--min-parallelism )(nmap .
(nmap min-parallelism {100} {XXX} ) :
C:\Users\ABD>nmap --min-parallelism 100 6.3.55.44.1

STATE SERVICE
PORT
110/tcp open pop3

143/tcp open imap
161/tcp closed snmp
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
>C:\Users\ABD

) (nmap .
. .
: ) (--min-parallelism
.
~ ~
:
.(nmap) ( --max-paralelism)
(nmap max-parallelism {1} {XXX} ) :
C:\Users\ABD>nmap --max-parallelism 1 192.168.1.1

PORT
80/tcp
STATE SERVICE
open http
443/tcp open https

MAC Address: 99:FC:11:99:1C:80 (Cisco-Linksys)
C:\Users\ABD>

.( nmap)( --max-parallelism 1)
.
~ ~
) (--min-hostgroup .
(nmap --min-hostgroup 30 XXX ) :
C:\Users\ABD>nmap --min-hostgroup 30 10.10.1.0/24
PORT STATE SERVICE
80/tcp open http
443/tcp open https
)MAC Address: 00:06:B1:12:0D:14 (Sonicwall
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
)MAC Address: 00:19:B9:A6:ED:D9 (Dell

) (nmap .
/.
) (--min-hostgroup ) (nmap .
~ ~
.( nmap) ( --max-hostgroup )
(nmap max-hostgroup {1} {XXX} ) :
C:\Users\ABD>nmap --max-hostgroup 10 10.10.1.0/24

PORT STATE SERVICE
80/tcp open http
443/tcp open https
MAC Address: 00:06:B1:12:0D:14 (Sonicwall)
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
MAC Address: 00:19:B9:A6:ED:D9 (Dell)
...

.( --max-hostgroup) ( --min-hostgroup)
.
~ ~
RTT
) (--initial-rtt-timeout ).(nmap
(nmap initial-rtt-timeout {time} {XXX} ) :

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD
RTT nmap
)) (-T3 (.
.
.
) (RTT .
.
~ ~
)(RTT
) (--max-rtt-timeout )) (RTT ( .
(nmap max-rtt-timeout {time} {XXX} ) :
C:\Users\ABD>nmap --max-rtt-timeout 400ms XXXX

)Nmap scan report for XXXXX (XXXXX
rDNS record for XXXXXX: 241.box203.quadra10c.serveex.com
STATE SERVICE
PORT
21/tcp open ftp

80/tcp open http
443/tcp open https
993/tcp open imaps
>C:\Users\ABD
400 )(RTT
) (nmap ) (timeout ) (RTT

) (RTT .
) (RTT .
.
) (RTT ) (nmap .
/ .
.
: .
) (400 ).(400ms
.
~ ~
) (--max-retries
).(nmap
(nmap max-retries {number} {XXXX} ) :
C:\Users\ABD>nmap --max-retries 1 scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD

) (nmap .
) (--max-retries .
.
.
) (--max-retries .
) (nmap .
~ ~
):(TTL
) (--ttl ) (TTL ) (.
(nmap ttl {number} {XXX} ) :
C:\Users\ABD>nmap --ttl 255 scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD
) (TTL 255
) (TTL .
.
: ) (255
. .
~ ~
) (--host-timeout ) (nmap .
(nmap host-timeout {number} {XXX} ) :
C:\Users\ABD>nmap --host-timeout 1m 10.10.5.11

PORT STATE SERVICE
80/tcp open http
>C:\Users\ABD
Nmap 1
.
.
) (--host-timeout ) (nmap .
.
) (nmap .
) (WAN .
: ) (nmap
.
) (nmap .
.
~ ~
)(--scan-delay ) (nmap / .
(nmap scan-delay {time} {XXXX} ) :
C:\Users\ABD>nmap --scan-delay 5s scanme.insecure.org

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 CST
PORT STATE SERVICE
25/tcp closed smtp
53/tcp open domain
70/tcp closed gopher
80/tcp open http
110/tcp closed pop3
113/tcp closed auth

). (nmap
) (nmap .
)/(IDS ( .
/ ).(nmap
~ ~
) (--max-scan-delay ) (nmap .
(nmap max-scan-delay {time} {XXX} ) :

C:\Users\ABD>nmap --max-scan-delay 300s scanme.insecure.org
STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD

) (nmap / .
) (--max-scan-delay / .
.
~ ~
) (--min-rate ) (nmap .
(nmap min-rate {number} {XXX} ) :
C:\Users\ABD>nmap --min-rate 30 scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD

) (nmap .
.
.
) (nmap ).(nmap
.
:
.
~ ~
:
) (--max-rate ) (nmap .
(nmap --max-rate {number} {XXX} ) :
C:\Users\ABD>nmap --max-rate 30 scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD
30
) (nmap .
.
....
: ) (max-rate 0.1--
) (0.1 ) (nmap .
~ ~
) (--defeat-rst-ratelimit ).(RST
(nmap defeat-rst-ratelimit XXXX ) :
C:\Users\ABD>nmap --defeat-rst-ratelimit scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD
)(RST
) (RST .
.
: ) (nmap
..
~ ~
~ ~
) (nmap .
) (nmap .
.
-f
--mtu
MTU
-D
-sl
--source-port
--date-length
--randomize-hosts
--spoof-mac
)(MAC
--badsum
~ ~
) (-f ) (8 .
(nmap f XXX ) :
C:\Users\ABD>nmap -f 10.10.1.48
PORT STATE SERVICE
80/tcp open http
>C:\Users\ABD

) (-f ) (nmap 8 .
.
...
:
.
--send-eth f XXX :...
~ ~
) (MTU:
) (--mtu ).(MTU
(nmap --mtu {number} {XXXX} ) :
C:\Users\ABD>nmap --mtu 16 XXXXXX

)Nmap scan report for 241.boxXX3.quadra10c.XXXXXex.com (XXXXXX
STATE SERVICE
PORT
110/tcp open pop3

143/tcp open imap
161/tcp closed snmp
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
>C:\Users\ABD
) (MTU
) (--mtu ) (-f 177 ) (MTU .

.
)16 (MTU .
: ) (MTU .
--mtu 8,12,14,16,18,20,22,24,26,28,..
: ) (ETH ) (MTU
.
~ ~
) (-D ) (nmap .
(nmap D RND:10 XXXX ) : / .

C:\Users\ABD>nmap -D RND:10 XX.XX.XXX
)Nmap scan report for 241.box203.quadra10c.XXXXXXx.com (XX.XX.XXX
STATE SERVICE
PORT
110/tcp open pop3

143/tcp open imap
161/tcp closed snmp
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
>C:\Users\ABD
10 IP
IP .
.
) (IP .
.
.
) (nmap -D RND:10 ) (nmap .
.
) (nmap D 192.168.1.1,192.168.100,192.168.1.2...
:
.

~ ~
/ :
) (-sI
(nmap sI {zombie host} {XXXX}) :
C:\Users\ABD>nmap -sI 10.10.1.41 10.10.1.252

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 CST
Idle scan using zombie 10.10.1.41 (10.10.1.41:443); Class: Incremental
Not shown: 997 closed|filtered ports
PORT STATE SERVICE
135/tcp open msrpc
)MAC Address: 00:25:64:D7:FF:59 (Dell
.
.
10.10.1.41 / 10.10.1.252 .
IP ID .
/
: .
) .(nmap sI PN XXX
/ http://nmap.org/book/idlescan.html ..
~ ~
) (--source-port .
(nmap source-port {port} {XXX} ) :
C:\Users\ABD>nmap --source-port 53 scanme.insecure.org

STATE SERVICE
PORT
22/tcp open ssh

80/tcp open http
>C:\Users\ABD
TCP ) (nmap ) (nmap .

.
.
.
(FTP)20 (DNS)53 .(DHCP) 67
.
: ) (g- )(source-port--
~ ~
) (--data-length .
(nmap data-length {number} {XXX} ) :
C:\Users\ABD>nmap --data-length 25 10.10.1.252

PORT STATE SERVICE
135/tcp open msrpc
5800/tcp open vnc-http
5900/tcp open vnc
)MAC Address: 00:25:64:D7:FF:59 (Dell
25 .
) (nmap .
.
.
.
~ ~
.( --randomize-hosts)
(nmap randzomize-hosts {192.168.1.1-254} ) :

C:\Users\ABD>nmap --randomize-hosts 10.10.1.100-254
PORT STATE SERVICE
5900/tcp open vnc
MAC Address: 00:1C:23:49:75:0C (Dell)
PORT STATE SERVICE
5900/tcp open vnc
MAC Address: 00:21:9B:3F:AC:EC (Dell)
PORT STATE SERVICE
22/tcp open ssh
...

.( --randomize-hosts)
.
..
~ ~
)(MAC
) (--spoof-mac ) (MAC ).(MAC
(nmap spoof-mac {vendor}{MAC}{0} {XXX} ) :
C:\Users\ABD>nmap -sT -PN --spoof-mac 0 192.168.1.1

)Spoofing MAC address 00:01:02:25:56:AE (3com
PORT STATE SERVICE
21/tcp closed ftp
80/tcp open http
) (MAC
) (nmap .MAC 3COM

MAC .
/ :
) (MAC
)(0
) (MAC
)(MAC
) (
)(MAC
~ ~
) (--badsum / .
(nmap badsum {XXX} ) :
C:\Users\ABD>nmap --badsum 10.10.1.41

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.35 seconds
>C:\Users\ABD
TCP/IP .
.
/ .
).(--badsum
:

.
~ ~
~ ~
~ ~
) (nmap .
XML ).(grepable
.
)) (ndiff .(
: ) (ndiff GREP

-oN
-oX
)(XML
-oG
)(grepable
-oA
--stats-every
-oS
)(133t
~ ~
(text)
(TEXT) ( -oN)
(nmap oN {scan.text} {XXXX} ) :
C:\Users\ABD>nmap -oN scan.text XXXXXX

Nmap scan report for XXXX.XXXX.qXXXX10c.XXXXX.com (XXXXXXXX)
PORT
STATE SERVICE
465/tcp open smtps

993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>
.( scan.text)
C:\Users\ABD>nmap oN scan.text XXXXXXX
Nmap scan report for 241.XXXXX.XXXXXX0c.XXXXXx.com (XXXXXXX)
PORT
STATE SERVICE
465/tcp open smtps

993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>
( --append-otuput) nmap :
(-oN)
(nmap oN append-output scan.text XXXX) :
~ ~
(XML)
.(XML) ( -oX)
(nmap oX scan.text XXX) :
C:\Users\ABD>nmap -oX scan.xml 66.63.184.241

PORT
STATE SERVICE
465/tcp open smtps

993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>
(XML)
( XML)
~ ~
(GREpable)
(GREpable) ( -oG)
(nmap oG {scan.text} {XXX} ) :
C:\Users\ABD>nmap -oG scan.text jooyl.com

Nmap scan report for XXXXX (XX.XXX.XX.X)
rDNS record for XXXXX: XXXXXXXXXXXXXXXX
PORT
STATE SERVICE
443/tcp open https

465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>
(GREpable)

(((( ))) GREP)
# Nmap 6.25 scan initiated Sat Feb 09 06:43:50 2013 as: nmap -oG scan.text XXXX
Host: XXXXXXX (241.XXXX.XXXXXXXcom)
Status: Up
Host: XX.XXX.XX.X (241.XXXXXXXXXX.com)

Ports: 20/closed/tcp//ftp-data//, 21/open/tcp//ftp//, 22/closed/tcp//ssh//,
26/closed/tcp//rsftp//, 80/open/tcp//http//, 110/open/tcp//pop3//, 143/open/tcp//imap//, 161/closed/tcp//snmp//, 443/open/tcp//https//,
465/open/tcp//smtps//, 993/open/tcp//imaps//, 995/open/tcp//pop3s//
Ignored State: filtered (988)
# Nmap done at Sat Feb 09 06:44:10 2013 -- 1 IP address (1 host up) scanned in 20.08 seconds
(GREpabl)
.(scan.txet)
.
~ ~
.( text)(grepabl)(xml) ( -oA)
(nmap oA {scans} {XXXX} ) :

C:\Users\ABD>nmap -oA scans 66.63.184.241
PORT
STATE SERVICE
465/tcp open smtps

993/tcp open imaps
C:\Users\ABD>
scans.*
-rw-r--r-- 1 nick nick 284 2013-02-09 06:43 scans.gnmap
-rw-r--r-- 1 nick nick 307 2013-02-09 06:43 scans.nmap
-rw-r--r-- 1 nick nick 515 2013-02-09 06:43 scans.xml
Scans.gnmap
(GRPabl)
Scans.nmap
(text)
Scans.XML
(XML)
(nmap)
~ ~
.( --stats-every)
(nmap stats-every {time} {XXX} ) :
C:\Users\ABD>nmap --stats-every 5s 66.63.184.241

SYN Stealth Scan Timing: About 13.55% done; ETC: 08:01 (0:00:26 remaining)
.
.(--stats-every)( nmap)
.( nmap)
. /
.(99 )/( h)( m)( s)
~ ~
133t
.("script kiddie") ( -oS)
(nmap oS {scan.text} {XXX} ) :
C:\Users\ABD>nmap -oS scan.text XX.XX.XX.XX

Nmap scan report for 241.XXXXXXXXXXXXXXXXXXXXX (XXXXXXX)
PORT
STATE SERVICE
161/tcp closed snmp

443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>
(133t)
.( leet) ( )( )
.
.
Start1ng nmap 6.25 ( hTtp://nmaP.org ) at 2013-02-09 08:18 PaC!f!C $tandard TIme
nmap scan r3port fOr 241.XXXXXXXXXXXXXXXXX (XXXXXXXXXXX)
Ho$t Iz up (0.20z latEncy).
Not $H0wn: 988 FilTeR3d ports
PoRT
$tAT3 $ERVIC3
161/tcp clO$ed snMp

443/tcp Open Httpz
465/tcp op3n sMtpS
993/tcp 0p3n |mapz
995/tCP Op3n p0P3s
NmAP d0N3: 1 IP Addr3Sz (1 h0st Up) scanN3d |n 25.24 s3Condz
~ ~
~ ~
) (nmap .
.
) (nmap .
.
-h
-V
)(Nmap
-v
-d
--reason
--open
--backet-trace
--iflist
-e
~ ~
.( -h)
(nmap h ) :
C:\Users\ABD>nmap -h
Nmap 6.25 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
( nmap)
. ( man nmap) Nmap
$ man nmap
( man nmap )
( man nmap) :
.Nmap
http://nmap.org/book/man.html
. :
http://nmap.org
~ ~
Nmap
)(-V .
(nmap V ) :
) Nmap version 6.25 ( http://nmap.org

Platform: i686-pc-windows-windows
Compiled with: nmap-liblua-5.2.1 openssl-1.0.1c nmap-libpcre-7.6 libpcap-4.1.2 n
map-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: select
)(Nmap
) (Nmap .
) (Nmap .
)www.nmap.org (Nmap
.
)(up-to-date version ).(bug-free version
~ ~
.( -v)
(nmap v XXX ) :
C:\Users\ABD>nmap -v 66.63.184.241
Initiating Ping Scan at 12:18
Scanning 66.63.184.241 [4 ports]
Completed Ping Scan at 12:18, 0.19s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:18
Completed Parallel DNS resolution of 1 host. at 12:18, 0.03s elapsed
Initiating SYN Stealth Scan at 12:18
Scanning 241.box203.quadra10c.serveex.com (66.63.184.241) [1000 ports]
Discovered open port 21/tcp on 66.63.184.241
Completed SYN Stealth Scan at 12:19, 51.64s elapsed (1000 total ports)
PORT
STATE SERVICE

21/tcp open ftp
22/tcp closed ssh
Read data files from: C:\Program Files\Nmap
Raw packets sent: 3000 (131.876KB) | Rcvd: 91 (4.076KB)
C:\Users\ABD>
( Nmap)

.
.( -vv)( -v) :
~ ~
.( -d)
(nmap d {1-9} {XXX} ) :

C:\Users\ABD>nmap -d XXXXXXXX
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
Winpcap present, dynamic linked to: WinPcap version 4.1.2 (packet.dll version 4.
1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008)
--------------- Timing report --------------hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
--------------------------------------------Initiating Ping Scan at 12:31
Scanning XXXXXXXXXX [4 ports]
Packet capture filter (device eth1): dst host 192.168.1.100 and (icmp or icmp6 o
r ((tcp or udp or sctp) and (src host XXXXXXXX)))
We got a TCP ping packet back from 66.63.184.241 port 80 (trynum = 0)
Completed Ping Scan at 12:31, 0.20s elapsed (1 total hosts)
Overall sending rates: 20.41 packets / s, 775.51 bytes / s.
Initiating Parallel DNS resolution of 1 host. at 12:31
mass_rdns: 0.04s 0/1 [#: 4, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Read from C:\Program Files\Nmap: nmap-payloads nmap-services.
Raw packets sent: 1999 (87.884KB) | Rcvd: 68 (3.120KB)
C:\Users\ABD>
(nmap)
.
.( -d)
.( -d) ( 9-1)
....( -d9) ( -d1)
~ ~
...( --reason)
(nmap reason XXX ) :
C:\Users\ABD>nmap --reason XX.XX.XX.XX

Nmap scan report for 241.XXXXXXXXXXXXXXX (XX.XXX.XXX)
Host is up, received reset (0.29s latency).
Reason: 982 no-responses and 6 port-unreaches
PORT
STATE SERVICE REASON
110/tcp open pop3
syn-ack
143/tcp open imap
syn-ack
161/tcp closed snmp
reset
443/tcp open https
conn-refused
465/tcp open smtps
syn-ack
993/tcp open imaps
syn-ack
995/tcp open pop3s
syn-ack

C:\Users\ABD>
.
.
. SYN-ACK
.(reset),(conn-refused)
.( )
~ ~
.( nmap) ( --open)
(nmap open XXX ) :
C:\Users\ABD>nmap --open XX.XXX.XX.XX.

Nmap scan report for 241.XXXXXXXXXXXXXcom (XXXX.XXX)
Not shown: 989 filtered ports, 4 closed ports
PORT
STATE SERVICE
21/tcp open ftp

110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
C:\Users\ABD>
.( --open)
.
.
C:\Users\ABD>nmap XX.XXX.XXX
Nmap scan report for 241.XXXXXXXXXXXXXXXXXX.com (XXXX.XXX.)
PORT
STATE SERVICE

21/tcp open ftp
22/tcp closed ssh
26/tcp closed rsftp
C:\Users\ABD>
~ ~
.( Nmap) ( --packet-trace)
(nmap --packet-trace XXX) :
C:\Users\ABD>nmap --packet-trace XX.XX.XX.XX.XX

SENT (0.3420s) ICMP 192.168.1.100 > XX.XXX.XX.XX.X Echo request (type=8/code=0) t
tl=48 id=10358 iplen=28
SENT (0.3460s) TCP 192.168.1.100:43927 > XX.XX.XX.XX443 S ttl=39 id=31275 ipl
en=44 seq=2276094172 win=1024 <mss 1460>
SENT (0.3460s) TCP 192.168.1.100:43927 > XX.XXX.XXX.XX.:80 A ttl=48 id=20087 iple
n=40 seq=0 win=1024
SENT (0.3490s) ICMP 192.168.1.100 > XX.XXX.XXX.XX. Timestamp request (type=13/cod
e=0) ttl=39 id=13294 iplen=40
RCVD (0.3710s) TCP XX.XXX.XX.XXX.:80 > 192.168.1.100:43927 R ttl=62 id=0 iplen=40
seq=2276094172 win=0
NSOCK (0.3730s) nsi_new (IOD #1)
.( --packet-trace)
.
(129 ):

.(nmap oN scan.text --packet-trace XXX ) :
~ ~
) (iflist .
(nmap iflist) :
C:\Users\ABD>nmap --iflist
************************************************INTERFACES
UP MTU MAC
down 1500 00:FF:
TYPE
ethernet
DEV (SHORT) IP/MASK

eth0 (eth0) fe80::486:761e:b9f7:3ccf/64
FE:74:B3:A9
down 1500 00:FF:
eth0 (eth0) 169.254.60.207/4
ethernet
FE:74:B3:A9
****************************************************ROUTES
lo0
255.255.255.255/32
eth1
192.168.1.100/32
eth1
255.255.255.255/32
eth1
192.168.1.0/24
lo0
127.0.0.0/8
lo0
224.0.0.0/4
eth0
224.0.0.0/4
eth1
224.0.0.0/4
eth1
0.0.0.0/0
.
..
) (ifconfig ) (.
) (IPCONFIG ).(netstat
.
~ ~
) (-e ).(Nmap
(nmap e eth0 ) :
C:\Users\ABD>nmap -e eth0 10.10.1.48

PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
2049/tcp open nfs
.
.
) (Nmap )(-e
) (-e ) (Nmap ) (eth0 ...
~ ~
~ ~

Zenmap
~ ~
Zenmap
Zenmap Nmap .
Nmap
.
Zenmap GUI
~ ~
Zenmap
:
Zenmap Zenmap Zenmap GUI
:
Zenmap Nmap :
:
apt-get install Zenmap
Debian/Ubuntu:
yum install Zenmap
Fedora/Red Hat/Cent OS:
Emerge Zenmap
Gentoo
)(Zenmap GUI
) (Zenmap Mac OS X .Nmap
~ ~
Zenmap
Zenmap .1,2,3
)(Zenmap GUI
: 1 ) (.
: 2 )( .
: 3 .
~ ~
Zenmap
.
) ( Zenmap .
)(Zenmap
: .
~ ~
) (Zenmap .
.
)(Zenmap
~ ~
). (Zenmap
) (profile ) CTRL+P (.
) (Zenmap .
.
.
.
~ ~
/ .
)(Ports/Hosts
)( ) ( )( )( ..
Zenmap
~ ~
Zenmap
) (Zenmap .
~ ~
) ( Zenmap .
)(Zenmap
) (Zenmap SVG,PDF,PNG
~ ~
) ( )(Host Details
) (Zenmap .
~ ~
)( ) (scans .
) (Zenmap
~ ~
Nmap Zenmap ).(Results

< ) (Results ) (CTRL + D .
)(Zenmap
) ( Zenmap .
XML ) .(130
.
~ ~
) (Zenmap ).(save scans

).(CTRL +S
Znmeap
~ ~
) (Nmap )(NSE
~ ~
Nmap NSE
: ) / ( )(Script/Scripts
) (NSE ) (nmap .
).(nmap
.
.
).(Nmap
: ) (NSE ).(Lua
) (Lua .
) (Lua http://www.lua.org
: ) (NSE ) (.
.
NSE
.
}--script {script
}--script {script1,script2,
)( --script
) .( --script
}--script {trace
--script-updatedb
~ ~
. NSE ( --script)
(nmap script {script.nse} {XXX} ) :
C:\Users\ABD>nmap --script whois.nse scanme.insecure.org

Nmap scan report for scanme.insecure.org (74.207.244.221)
PORT
STATE SERVICE
22/tcp open ssh

80/tcp open http
Host script results:
| whois: Record found at whois.arin.net
| netrange: 74.207.224.0 - 74.207.255.255
| netname: LINODE-US
| orgname: Linode
| orgid: LINOD
| country: US stateprov: NJ
|
| orgtechname: Linode Network Operations
|_orgtechemail: support@linode.com
C:\Users\ABD>
(NSE)
.(script host results) ( )

.whios.nse ( --script)
. IP ( ARIN)( whois.nse)
.( )
.(Nmap) NSE
(/http://nmap.org/nsedoc) ( Nmap)
~ ~
( NSE)
. ( Nmap)
(nmap script {script1,script2,script3} {expression} {XXXX} ) :

C:\Users\ABD>nmap --script "smtp*" altal.net
Nmap scan report for altal.net (72.29.72.224)
rDNS record for 72.29.72.224: quela.dizinc.com
PORT
STATE SERVICE
143/tcp open imap

443/tcp open https
465/tcp open smtps
| smtp-brute:
| Accounts
|
No valid accounts found
| Statistics
|
Performed 5 guesses in 13 seconds, average tps: 0
|_ ERROR: Too many retries, aborted ...

|_smtp-commands: Couldn't establish connection on port 465
SMTP
.SMTP )*(
.nmap --script script1,script2,script3:
. )*( :
"ftp*","smtp*","http*"
.(--script-args) ( Nmap) :

/http://nmap.org/nsedoc
~ ~
) (--script NSE /.
:
/
)(NSE
all
auth
default
Discovery
) (WHOIS
external
intrusive
Malware
safe
vuln
NSE
NSE .
.
: NSE
~ ~
.( --script)
(nmap script {default} {XXX} ) :

C:\Users\ABD>nmap --script default XX.XX.XXX
Nmap scan report for 241.XXXXXXXXXXXXXXXXXXXXXXX (XX.XX.XXX)
PORT
STATE SERVICE

21/tcp open ftp
| ssl-cert: Subject: commonName=XXXXXXXXXXX/organizationName=Unknown/s
tateOrProvinceName=Unknown/countryName=US
ER TOP UIDL PIPELINING
143/tcp open imap
|_imap-capabilities: STARTTLSA0001 completed THREAD=ORDEREDSUBJECT CAPABILITY OK
CHILDREN QUOTA ACL THREAD=REFERENCES ACL2=UNION IDLE IMAP4rev1 SORT NAMESPACE U
IDPLUS
. Nmap ( --script) ( 165 )

." "
.(--script default) ( -sC) :

. NSE
~ ~
:
.(nmap --script malware , vuln {XXX} ) :
.
) (malware ).(vuln
NSE ) (default ) (safe .
.(nmap script "default and safe" {XXX} ) :
) (and .
) (or .
(nmap scaript "default or safe" {XXX} ) :
.
) (not .
. (nmap script "not intrusive" {XXX} ) :
.
~ ~
.( --script-trace)
.(nmap script default --script-trace XXXX ) :
C:\Users\ABD>nmap --script default --script-trace XXXXXXX

NSOCK (37.9350s) EID 1353 error:00000000:lib(0):func(0):reason(0)
NSOCK (37.9350s) Callback: SSL-CONNECT ERROR [A system call has failed. (10107)
] for EID 1353 [66.63.184.241:443]
NSE: TCP 127.0.0.1:3885 > 66.63.184.241:443 | CONNECT
NSE: TCP 127.0.0.1:3885 > 66.63.184.241:443 | CLOSE
NSOCK (37.9530s) nsi_delete (IOD #63)
NSOCK (37.9530s) nsi_new (IOD #64)
NSOCK (37.9540s) TCP connection requested to 66.63.184.241:443 (IOD #64) EID 136
00000010: 2e 31 0d 0a 4f 72 69 67 69 6e 3a 20 65 78 61 6d .1 Origin: exam
00000020: 70 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d ple.com Access00000030: 43 6f 6e 74 72 6f 6c 2d 52 65 71 75 65 73 74 2d Control-Request00000040: 4d 65 74 68 6f 64 3a 20 54 52 41 43 45 0d 0a 43 Method: TRACE C
00000050: 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 onnection: close
00000080: 74 69 62 6c 65 3b 20 4e 6d 61 70 20 53 63 72 69 tible; Nmap Scri
C:\Users\ABD>
.
.( trace)
.
.(nmap script default {XXXX} --script-trace >trace.txt ) :
.
~ ~
) (--script-updatedb .
.(nmap --script-updatedb) :
C:\Users\ABD>nmap script-updatedb
NSE: Updating rule database.
NSE script database updated successfully.
Nmap .
./usr/share/nmap/scripts .
.C:\Program Files\Nmap\scripts.
.
).(--script-updatedb
~ ~
~ ~
Ndiff
~ ~
Ndiff :
Nmap .
) (Ndiff XML ) .(130
) (Ndiff GUI ) Zenmap .(159
Ndiff
)(Ndiff
-v
)(Ndiff
--xml
)(XML
~ ~
Ndiff
Ndiff ).(XML
.(ndiff { file1.xml file2.xml } ) :
C:\Users\ABD>ndiff scan1.xml scan2.xml

-Nmap 6.25 scan initiated Mon Feb 2013-04-9 10:46 as: nmap -oX scan1.xml --open XX.XX.XXX
+Nmap 6.25 scan initiated Mon Feb 2013-04-9 10:46 as: nmap -oX scan2.xml -T4 XX.XX.XXX
-241.XXXXXX3.XXXXXXXc.XXXXXXXcom (XXXXXXXXXX):
-Host is up.
-Not shown: 988 filtered ports, 4 closed ports
-PORT
-80/tcp open http

+Not shown: 987 filtered ports
VERSION
STATE SERVICE
+PORT
+20/tcp closed ftp-data
Ndiff )XML .(130

) (- .
) (+ ) (.
~ ~
)(Ndiff
) (-v Ndiff
.(Ndiff -v { file1.xml file2.xml } ) :
C:\Users\ABD>ndiff -v scan1.xml scan2.xml

-Nmap 6.25 scan initiated Mon Feb 2013-04-9 10:46 as: nmap -oX scan1.xml open XX.XX.XXX
+Nmap 6.25 scan initiated Mon Feb 11 06:10:58 2013 as: nmap -oX scan2.xml -T4 XX.XX.XXX
-Host is up.
-Not shown: 988 filtered ports, 4 closed ports
-PORT
-21/tcp open ftp

-80/tcp open http
-110/tcp open pop3
+Not shown: 987 filtered ports
VERSION
STATE SERVICE
+PORT
+20/tcp closed ftp-data

+21/tcp open ftp
) (Ndiff
XML .
.
)) (Ndiff (173 .
.
~ ~
XML
.(XML) ( Ndiff) ( --xml)
.(Ndiff xml {file1.xml file2.xml ) :
C:\Users\ABD>ndiff --xml scan1.xml scan2.xml

<?xml version="1.0" encoding="utf-8"?>
<nmapdiff version="1"><scandiff><a><nmaprun args="nmap -oX scan1.xml --open XX.XX.XXX
" scanner="nmap" start="1360591663" startstr="Mon Feb 11 06:07:43 2013"
version="6.25"/>
</a><b><nmaprun args="nmap -oX scan2.xml -T4 XX.XX.XXX" scanner="nmap" start=
"1360591858" startstr="Mon Feb 11 06:10:58 2013" version="6.25"/>
</b><hostdiff>
<a>
<host>
<status state="up"/>
<address addr="XX.XXX.XXX." addrtype="ipv4"/>
<hostnames>
<hostname name="241.XXXXX.XXXXXX.XXXXXX.XXXXXX"/>
</hostnames>
<ports>
<extraports count="988" state="filtered"/>
<extraports count="4" state="closed"/>
<port portid="21" protocol="tcp">
<state state="open"/>
<service name="ftp"/>
XML Ndiff
.(Ndiff) XML
.
. :
.(Ndiff xml scan1.xml scan.2.xml >Ndiff.xml ) :
.
~ ~
~ ~
~ ~
).(Nmap
) (Nmap .
179
180
181
182
183
)(wireshark
184
Scanme.Insecure.org
185
Nmap
~ ~
) ( Nmap .
(nmap {options} {XXX} ) :
C:\Users\ABD>nmap --reason -F --open -T3 -O XX.XX.XXX

)Nmap scan report for 241.XXXXXXXXXXXXXXXXXXXXXX (XX.XX.XXX
Host is up, received reset (0.13s latency).
Reason: 97 no-responses
STATE SERVICE REASON
syn-ack
syn-ack
PORT
80/tcp open http

110/tcp open pop3
443/tcp open https syn-ack

pen and 1 closed port
Device type: specialized|WAP|media device
Running: Crestron 2-Series, Netgear embedded, Western Digital embedded
>C:\Users\ABD
)(Nmap
. .
.
*C:\Users\ABD>nmap -PN -sP 10.10.10.1

Nmap scan report for 10.10.10.1Host is up.
>C:\Users\ABD
) (-PN Ping ) (-sP Ping.

.
) (Nmap .
.
~ ~
) (--interactive ) (SHELL ).(Nmap
.(nmap iteractive ) :
C:\Users\ABD>nmap --interactive
'nmap: unrecognized option `--interactive
) Nmap 6.25 ( http://nmap.org
}Usage: nmap [Scan Type(s)] [Options] {target specification
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
.
) (Nmap ).(Nmap
.
).(Nmap
) (5.00 .
).(--interactive
http://seclists.org/nmap-dev/2010/q1/1242
.
.
.
) .(181
~ ~
Nmap .
.
.

) (Nmap
.
).(Space
C:\Users\ABD>nmap -T2 192.168.10.4

Stats: 0:00:01 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
)Ping Scan Timing: About 12.50% done; ETC: 13:02 (0:00:14 remaining
Stats: 0:00:02 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
)Ping Scan Timing: About 12.50% done; ETC: 13:02 (0:00:21 remaining
>C:\Users\ABD

~ ~
Nmap )( Nmap .
.
/http://nmap.online-domain-tools.com
) (Nmap
: Nmap .
) (5 ) (IP
)(24 7 .

~ ~
Wireshark
Wireshark .
) ( . .
) (nmap .
.www.wireshark.org .
~ ~
Scanme.insecure.org
.
Nmap .
C:\Users\ABD>nmap -F scanme.insecure.org
STATE SERVICE
PORT
80/tcp open http

110/tcp closed pop3
443/tcp closed https
587/tcp closed submission
>C:\Users\ABD
) (scanme.inscure.org
: Nmap
.

~ ~
Nmap
:(fyodor's)
http://nmap.org/book/man.html
:(Nmap)
http://nmap.org/book/install.html
:(Nmap)
:(Zenmap)
http://nmap.org/book/zenmap.html
:(Nmap)
http://nmap.org/changelog.html
:(Nmap)
/http://seclists.org
:(Nmap)
/http://nmap.online-domain-tools.com
:(Nmap)
/http://sectools.org
:(Nmap)
http://www.nmap.org/fb
:(Nmap)
https://twitter.com/nmap
:(Nmap)
/http://nmapcookbook.blogspot.com
~ ~
~ ~
: 1

/http://nmapcookbook.blogspot.com
()

(IPv6)
nmap {XXX}
nmap {XXX1,XXX2,XXX3}
nmap iL {list.txt}
nmap ( (IP))
nmap {ip/255}
Nmap iR {number}
nmap {XXX} --exclude {XXX}
nmap {XXX} --excludefile {list.txt}
nmap A {XXX}
nmap -6 {XXX}
()
(Ping)
(ping)
TCP SYN Ping
TCP ACK Ping
UDP Ping
SCTP INIT Ping
ICMP Echo Ping
ICMP Ping
ICMP Ping
Ping (IP)
ARP Ping

DNS
DNS
DNS
DNS

nmap sP {XXX}
nmap PN {XXX}
nmap PS {XXX}
nmap PA {XXX}
nmap PU {XXX}
nmap PY {XXX}
nmap PE {XXX}
nmap PP {XXX}
nmap PM {XXX}
nmap PO {XXX}
nmap PR {XXX}
nmap traceroute {XXX}
nmap R {XXX}
nmap n {XXX}
nmap --system-dns {XXX}
nmap --dns-servers {XXX}
nmap sL {XXX}

TCP SYN
TCP
UDP
TCP NULL
TCP FIN
Xmas
TCP ACK
TCP
IP

(IP)
nmap sS {XXX}
nmap sT {XXX}
nmap sU {XXX}
nmap sN {XXX}
nmap sF {XXX}
nmap sX {XXX}
nmap sA {XXX}
nmap --scanflags {flags} {XXX}
nmap sO {XXX}
nmap --send-eth {XXX}
nmap send-ip {XXX}
~ ~
/
}nmap F {XXX
}nmap p { port{s} } {XXX
}nmap p { port name (s) } {XXX
}nmap sU sT p U:{ports} T:{ports} {XXX
}nmap p "*" {XXX
}nmap --top-ports {number} {XXX
}nmap r {XXX

}nmap O {XXX
/http://nmap.org/submit
}nmap O osscan-guess {XXX
}nmap sV {XXX
}nmap sV version-trace {XXX

TCP/IP

RPC

}nmap T {5-0} {XXX
}nmap --ttl {time} {XXX
}nmap --min-parallelism {number} {XXX
}nmap --max-parallelism {number} {XXX
}nmap --min-hostgroup {number} {XXX
}nmap max-hostgroup {number} {XXX
}nmap --initial-rtt-timeout {time} {XXX
}nmap --max-rtt {TTL} {XXX
}nmap --max-retries {number} {XXX
}nmap --host-timeout {time} {XXX
}nmap --scan-delay {time} {XXX
}nmap --max-scan-delay {time} {XXX
}nmap --min-rate {number} {XXX
}nmap --max-rate {number} {XXX
}nmap --defeat-rst-ratelimit {XXX

TTL

RTT
RTT

}nmap f {XXX
}nmap mtu {MTU} {XXX
}nmap D RND:{number} {XXX
}nmap sI {zombie} {XXX
}nmap --source-port {port} {XXX
}nmap --date-length {size} {XXX
}nmap --randomize-hosts {XXX
}nmap --spoof-mac {MAC} {XXX
}nmap --badsum {XXX

MTU
/

MAC
~ ~

XML
Grepable

133t
nmap -oN scan.txt {XXX}

nmap -oX scan.xml {XXX}
nmap -oG scan.txt {XXX}
nmap -oA filename {XXX}
nmap --stats-every {time} {XXX}
nmap -oS scan.txt {XXX}

Nmap

nmap -h
nmap -V
nmap -v {XXX}
nmap -d {XXX}
nmap --reason {XXX}
nmap --open {XXX}
nmap --packet-trace {XXX}
nmap --iflist
nmap -e {eth0} {XXX}
Nmap /

nmap --script {script.nse} {XXX}

nmap --script {scripts.nse} {XXX}
all, vuln ,malware, default, safe, discovery, external, auth.
nmap --script {XXX} {XXX}
nmap --script {XXX,XXX,XXX} {XXX}
nmap --script {script.nse} --script-trace {XXX}
nmap --script-updatedb
Ndiff
Ndiff

XML
ndiff scan1.xml scan2.xml

ndiff -v scan1.xml scan2.xml
ndiff --xml {scan1.xml} {scan2.xml}
~ ~
~ ~
: 2 / Nmap
: open/
/ .
: closed/
/ .
..
: filtred/
Nmap .
: unfiltered/
Nmap .
: open/filtered/
Nmap .
: closed /filtered/
Nmap .
~ ~
~ ~
: 3 CIDR
CIDR
/0
/1
/2
/3
/4
/5
/6
/7
/8
/9
/10
/11
/12
/13
/14
/15
/16
/17
/18
/19
/20
/21
/22
/23
/24
/25
/26
/27
/28
/29
/30
/31
/32
000.000.000.000
128.000.000.000
192.000.000.000
224.000.000.000
240.000.000.000
248.000.000.000
252.000.000.000
254.000.000.000
255.000.000.000
255.128.000.000
255.192.000.000
255.224.000.000
255.240.000.000
255.248.000.000
255.252.000.000
255.254.000.000
255.255.000.000
255.255.128.000
255.255.192.000
255.255.224.000
255.255.240.000
255.255.248.000
255.255.252.000
255.255.254.000
255.255.255.000
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252
255.255.255.254
255.255.255.255
~ ~
~ ~
TCP/IP : 4
20
21
22
23
25
42
53
67
68
69
80
110
119
123
135
137
138
139
143
161
162
389
443
445
636
873
993
995
1433
3306
3389
5800
5900
TCP
TCP
TCP:UDP
TCP
TCP
TCP:UDP
TCP:UDP
UDP
UDP
UDP
TCP:UDP
TCP
TCP
UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP:UDP
TCP
TCP:UDP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
FTP Data
FTP Control
secure shell {SSH}
Telnet
{SMTP}
Windows Internet Name Service {WINS}
Domain Name system {DNS}
DHCP server
DHCP Client
Trivial File Transfer Protocol {TFTP}
Hypertext Transfer Protocol {HTTP}
Post office Protocol 3 {POP3}
Network News Transfer {NTTP}
Network time Protocol {NTP}
Microsoft RPC
NetBIOS Service
NetBIOS Datagram service
NetBIOS Session Service
Internet massage Access Protocol {IMAP}
Simple Network Management Protocol {SNMP}
Simple Network Management Protocol {SNMP} Trap
Lightweight Directory Access Protocol{LDAP}

Hypertext Transfer Protocol over TLS/SSL{HTTPS}
server Massage Block {SMB}

Lightweight Directory Access Protocol over TLS/SSL {LDAPS}
Remote File Synchronization Protocol {rsync}

Internet Massage Access Protocol over SSL{IMAPS}
Post office Protocol 3 TSL/SSL{POP3S}

Microsoft SQL server Database
SQL Database
Microsoft Terminal Server/Remote Desktop Protocol {RDP}
Virtual Network Computing {VNC} web interface

Virtual Network Computing {VNC} Remote Desktop
~ ~

). (HECR.SYRIA

: } {

.

: )(HECR.SYRIA
" "
www.arhack.net
~ ~
~ ~
Nmap Arabic Network Scanning

Nmap
/ / ..
: Author : Abdallah Kurdi. /
2013/4/9

Nmap Arabic Network Scanning

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Nmap Arabic Network Scanning

Diunggah oleh

Hak Cipta:

Format Tersedia

~~

Nmap Arabic Network Scanning :

University of California, Berkeley CentOS is property of CentOS Ltd. .A

Nmap Nmap Nmap

$sudo nmap scanme.insecure.org

#nmap -T2 scanme.insecure.org

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 Pacific Standard Time

(Nmap scan report for scanme.insecure.org (74.207.244.221

tcp open ssh/

Nmap done: 1 IP address (1 host up) scanned in 8.16 seconds

Resolving nmap.org... 64.13.134.48

/usr/bin/install -c -d /usr/local/bin /usr/local/share/man/man1

2049/tcp open nfs

... Nmap (xxx) :

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 Pacific Standard Time

Nmap done: 1 IP address (1 host up) scanned in 23.10 seconds

Nmap ( XXX1 XXX2 ) :

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 Pacific Standard Time

Nmap scan report for 192.168.10.1

Nmap scan report for 192.168.10.100

Nmap done: 3 IP addresses (2 hosts up) scanned in 36.40 seconds

Nmap IP 192.168.10.1 .192.168.10.1,100

Nmap 192.168.10.1 (/) CIDR ) ( .

C:\Users\ABD>nmap -iL C:\Users\ABD\Desktop\list.txt.txt

Nmap XXX/24 --exclude XXX :

) (--exclude ) (IP . 192.168.1.10.000

192.168.10.1 192.168.10.100 192.168.10.101

Nmap ICMP " " .

TCP SYN Ping

Nmap )(-PN) (Ping

Ping Only Scan

C:\Users\ABD>nmap -sP 192.168.10.1/24

C:\Users\ABD>nmap -sP 192.168.1.100/24

TCP SYN Ping

Nmap PS port1,port2,port3, XXX :

22/tcp open ssh

)(-PS) SYN TCP (ping

) (SYN TCP) (ping SYN .

TCP ACK Ping

Nmap PA port1,port2,port3,port4 192.168.1.254 :

C:\Users\ABD>nmap -PA 192.168.1.1

443/tcp open https

)TCP ACK (Ping

) (Nmap)(-PA TCP ACK . SYN TCP

(UDP Ping) : ) (-PU

C:\Users\ABD>nmap -PU 69.68.182.258

21/tcp open ftp

SCTP INIT Ping

sxxC:\Users\ABD>nmap -PY 192.168.1.254

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-9 10:46 CDT

)(SCTP INIT Ping

ICMP Echo Ping

PE ) ICMP Echo Ping ( .

C:\Users\ABD>nmap -PE 192.168.1.1

443/tcp open https

) (-PE ICMP ) (Echo Ping .

ICMP Timestamp Ping

C:\Users\ABD>nmap -PP 192.168.1.254

ICMP Timestamp Ping:

ICMP Address Mask Ping

(-PM) ICMP Address Mask Ping

443/tcp open https

. ICMP ICMP (-PP )

) (IP Protocol Ping )(-PO