NMap Commands

 Computers and Networking
Feb 182010
 

Ping Sweep:
# nmap -sP 10.1.2.0/24

Produces this result:
Starting Nmap 4.60 ( http://insecure.org ) at 2010-02-17 10:01 EST
Host 10.1.2.1 appears to be up.
MAC Address: 00:06:31:7B:48:0C (Cisco Systems)
Host 10.1.2.2 appears to be up.
MAC Address: 00:03:BA:42:DE:49 (Sun Microsystems)
Host 10.1.2.3 appears to be up.
MAC Address: 00:03:BA:55:26:BA (Sun Microsystems)

List Scan:
# nmap -sL 10.1.2.0/24

Produces this result:
Starting Nmap 4.60 ( http://insecure.org ) at 2010-02-17 10:54 EST
Host server1 (10.1.2.1) not scanned
Host 10.1.2.2 not scanned
Host 10.1.2.3 not scanned
Host server4 (10.1.2.4) not scanned
Host server5 (10.1.2.5) not scanned
Host server6 (10.1.2.6) not scanned
Due to the “no impact” nature of these scans, particular the list scan, you needn’t be concerned that your gentle probing of network space is going to register as a problem.

Scan in Linux using NMAP from the command line.

 Computers and Networking
Jan 112010
 

scan() {
case $1 in
tcp)
sudo nmap -sS -O -PI -PT $2 &
;;
tcpport)
sudo nmap -sS -O -p $2 -PI -PT $3 &
;;
udp)
sudo nmap -sU -O -PI -PT $2 &
;;
udpport)
sudo nmap -sU -O -p $2 -PI -PT $3 &
;;
portrange)
sudo nmap -sS -O -p $2 -PI -PT $3 &
;;
wireless)
iwlist wlan0 scanning
;;
gui)
sudo nmapfe &
;;
pingsweep)
sudo nmap -sP -PI -PT $2
;;
*)
Message=”Usage: scan udp hostname | scan tcp 123.45.67.89 | scan gui | scan udpport 20 ipaddress | scan portrange 1-500 hostname | wireless |scan pingsweep 123.45.67.1-254″
echo $Message
;;
esac
}

Scan in Windows using NMAP from the command line.

 Computers and Networking
Jan 052010
 

@echo off
REM Author: Robert Holland
REM Purpose: Performs an NMAP scan based on user input arguments (requires NMap to be installed).
REM Takes two or three arguments: protocol and IP Address or Hostname.
REM Dumps results in a file on the users desktop and opens it in notepad. The filename will have the targetname and current timestamp.
REM Type “scan” without the quotes at the command prompt to see examples.

set DATESTAMP=None

for /F “tokens=2-4 delims=/ ” %%i in (‘date /t’) do set DATESTAMP=%%k%%i%%j
REM echo %DATESTAMP%

set TIMESTAMP1=None
set TIMESTAMP2=””
set TIMESTAMP3=””
set TIMESTAMP4=””
set TIMESTAMP5=None

for /F “tokens=5 delims=: ” %%i in (‘echo ^| time ^| find “current” ‘) do set TIMESTAMP2=%%i
for /F “tokens=6 delims=: ” %%i in (‘echo ^| time ^| find “current” ‘) do set TIMESTAMP3=%%i
for /F “tokens=7 delims=: ” %%i in (‘echo ^| time ^| find “current” ‘) do set TIMESTAMP4=%%i

set TIMESTAMP4=%TIMESTAMP4:.=%
set TIMESTAMP=%TIMESTAMP2%%TIMESTAMP3%%TIMESTAMP4%
REM echo > %DATESTAMP%%TIMESTAMP%.txt

if {“%1”} == {} goto :HelpMe
if {%1} == {^/^/} goto :HelpMe
if {%1} == {^/?} goto :HelpMe
if {%1} == {^/h} goto :HelpMe
if {%1} == {-h} goto :HelpMe

if {%1} == {xxx} (cls
)else if {%1} == {tcp} (nmap -sS -O -PI -PT %2 -oN “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt”
)else if {%1} == {tu} (nmap -sS -sU -O -PI -PT %2 -oN “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt”
)else if {%1} == {tcpport} (nmap -sS -O -p %2 -PI -PT %3 -oN “%UserProfile%\Desktop\%3.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%3.%DATESTAMP%%TIMESTAMP%.txt”
)else if {%1} == {udp} (nmap -sU -O -PI -PT %2 -oN “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt”
)else if {%1} == {udpport} (nmap -sU -O -p %2 -PI -PT %3 -oN “%UserProfile%\Desktop\%3.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%3.%DATESTAMP%%TIMESTAMP%.txt”
)else if {%1} == {portrange} (nmap -sS -sU -O -p %2 -PI -PT %3 -oN “%UserProfile%\Desktop\%3.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%3.%DATESTAMP%%TIMESTAMP%.txt”
)else if {%1} == {pingsweep} (nmap -sP -PI -PT %2 -oN “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt” & notepad “%UserProfile%\Desktop\%2.%DATESTAMP%%TIMESTAMP%.txt”
)else goto HelpMe
goto :eof

:HelpMe
@echo “Usage:
@echo. scan [tu, udp, tcp, udpport, tcpport [portname], portrange [begin-end], pingsweep [begin-end]] hostname
@echo. hostname is interchageable with IP address.
@echo.
@echo. Examples:
@echo. To scan open tcp and udp ports on a target type: scan tu hostname
@echo. To scan open udp ports on a target type: scan udp hostname
@echo. To scan open tcp ports on a target type: scan tcp 123.45.67.89
@echo. To scan a specific target on udp port 20 type: scan udpport 20 ipaddress
@echo. To scan a specific target on tcp port 20 type: scan tcpport 20 ipaddress
@echo. To scan a range of udp and tcp ports type: scan portrange 1-500 hostname
@echo. To scan a range of IP addresses to see if they are active type: scan pingsweep 123.45.67.1-254”