Reconnaissance

Host discovery

nmap -sn 10.10.10.0/24

arp-scan -I <interface> --localnet --ignoredups

nmap -p- -sSVC -n -Pn --min-rate 10000 -T3 -v <target>

nmap --top-ports 1000 -sU -n -Pn --min-rate 10000 <target>

nmap -p <ports> -sCV -n -Pn <target>

nmap -p <ports> --script <script> <target>

Scripts usage

You can list all available Nmap scripts using the following commands:

 # List nmap nse scripts
 ls /usr/share/nmap/scripts | grep <service>
 # Get info about a script
 nmap --script-help <script>

Last updated 1 month ago