

Nmap

Establish the variable

export ip=192.168.1.100

Typical Nmap scan

nmap -sV -sC -O -oA scan $ip

Nmap stealth scan using SYN

nmap -sS $ip

Nmap stealth scan using FIN

nmap -sF $ip

Nmap Banner Grabbing

nmap -sV -sT $ip

Nmap OS Fingerprinting

nmap -O $ip

Nmap Regular Scan:

nmap $ip/24

Enumeration Scan All Ports TCP / UDP and output to a txt file

nmap -oN scan.txt -v -sU -sS -p- -A -T4 $ip

Nmap output to a file:

nmap -oN scan.txt -p 1-65535 -sV -sS -A -T4 $ip/24

Quick Scan:

nmap -T4 -F $ip/24

Quick Scan Plus:

nmap -sV -T4 -O -F --version-light $ip/24

Quick traceroute

nmap -sn --traceroute $ip

All TCP and UDP Ports

nmap -v -sU -sS -p- -A -T4 $ip

Intense Scan:

nmap -T4 -A -v $ip

Intense Scan Plus UDP

nmap -sS -sU -T4 -A -v $ip/24

Intense Scan ALL TCP Ports

nmap -p 1-65535 -T4 -A -v $ip/24

Intense Scan - No Ping

nmap -T4 -A -v -Pn $ip/24

Ping scan

nmap -sn $ip/24

Slow Comprehensive Scan

nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" $ip/24

Scan with Active connect in order to weed out any spoofed ports designed to troll you

nmap -p1-65535 -A -T5 -sT $ip