nmap

CLI tool

Installation

sudo apt install -y nmap

nmap -T4 -A -v 192.168.1.0/24

Here is a sample of type of scan supported by nmap. WARNING: Most of these actions are very long to complete.

Quick scan to discover hosts.

nmap -sn 192.168.1.0/24

Result is the list of hosts that have been discovered (name if possible and IP address)

This scan is really slow, but root access is not required.

nmap -v -sT localhost           # for localhost
nmap -v -sT 192.168.1.0/24      # for network 192.168.1.0/24

Result is the list of open services on the network for each hosts.

SYN scanning algorithm is an alternative to connect scanning, that is quicker but require root access.

sudo nmap -v -sS localhost          # for localhost
sudo nmap -v -sS 192.168.1.0/24     # for network 192.168.1.0/24

Result is the list of open services on the network for each hosts.

Check FIN attack vulnerability (mostly for firewall).

sudo nmap -v -sF 192.168.1.0/24     # for network 192.168.1.0/24

This attack is pretty old, there is more modern check to do

sudo nmap --reason -n -Pn --packet-trace -g 80 -sO -p 6  192.168.1.0/24
sudo nmap --reason -n -Pn --packet-trace -g 80 -sA -p 80 192.168.1.0/24

Useful to see if firewall protecting against this kind of attack or not.

sudo nmap -v -sX localhost          # for localhost
sudo nmap -v -sX 192.168.1.0/24     # for network 192.168.1.0/24

Useful to see if firewall protecting against this kind attack or not.

sudo nmap -v -sN localhost          # for localhost
sudo nmap -v -sN 192.168.1.0/24     # for network 192.168.1.0/24

Scan more adapted for Windows network

sudo nmap -v -sW localhost          # for localhost
sudo nmap -v -sW 192.168.1.0/24     # for network 192.168.1.0/24

Probe open ports to determine service/version info. Allow you to find out what software version opening the port.

nmap -v -sV 192.168.1.0/24          # for network 192.168.1.0/24

Enable OS detection

sudo nmap -v -O 192.168.1.0/24      # for network 192.168.1.0/24