SlideShare a Scribd company logo

Target, Scan, and Service Detection Options

Arduino Aficionado
Arduino Aficionado

OS Reference

Technology
1 of 1
Download to read offline
SecurityByDefault.com Target specification IP address, hostnames, networks, etc Example: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL file input from list -iR n choose random targets, 0 never ending --exclude --excludefile file exclude host or list from file Port scanning techniques -sS tcp syn scan -sT tcp connect scan -sU udp scan -sY sctp init scan -sZ sctp cookie echo -sO ip protocol -sW tcp window -sN –sF -sX null, fin, xmas –sA tcp ack Port specification and scan order -p n-m range -p- all ports -p n,m,z individual -p U:n-m,z T:n,m U for udp T for tcp -F fast, common 100 --top-ports n scan the highest-ratio ports -r don’t randomize Host discovery -PS n tcp syn ping -PA n tcp ack ping -PU n udp ping -PM netmask req -PP timestamp req -PE echo req -sL list scan -PO protocol ping -PN no ping -n no DNS -R DNS resolution for all targets --traceroute: trace path to host (for topology map) -sP ping same as –PP –PM –PS443 –PA80 Service and version detection -sV: version detection --all-ports dont exclude ports --version-all try every single probe --version-trace trace version scan activity -O enable OS detection --fuzzy guess OS detection --max-os-tries set the maximum number of tries against a target Firewall/IDS evasion -f fragment packets -D d1,d2 cloak scan with decoys -S ip spoof source address –g source spoof source port --randomize-hosts order --spoof-mac mac change the src mac Timing and performance -T0 paranoid -T1 sneaky -T2 polite -T3 normal -T4 aggresive -T5 insane --min-hostgroup --max-hostgroup --min-rate --max-rate --min-parallelism --max-parallelism --min-rtt-timeout --max-rtt-timeout --initial-rtt-timeout --max-retries --host-timeout --scan-delay Output -oN normal -oX xml -oG grepable –oA all outputs Verbosity and debugging options -v Increase verbosity level --reason host and port reason -d (1-9) set debugging level --packet-trace trace packets Miscellaneous options --resume file resume aborted scan (from oN or oG output) -6 enable ipv6 scanning -A agressive same as -O -sV -sC --traceroute Interactive options v/V increase/decrease verbosity level d/D increase/decrease debugging level p/P turn on/off packet tracing Examples Quick scan nmap -T4 -F Fast scan (port80) nmap -T4 --max_rtt_timeout 200 --initial_rtt_timeout 150 --min_hostgroup 512 --max_retries 0 -n -P0 -p80 Pingscan nmap -sP -PE -PP -PS21,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 Slow comprehensive nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all Quick traceroute: nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute Scripts -sC perform scan with default scripts --script file run script (or all) --script-args n=v provide arguments --script-trace print incoming and outgoing communication

Recommended

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
How to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsHow to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsDigitalOcean
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
SIP URI @ fscons 2009
SIP URI @ fscons 2009SIP URI @ fscons 2009
SIP URI @ fscons 2009FSCONS
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20DefconRussia
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pubCassio Ramos
 
Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes Positive Hack Days
 

Recommended

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
How to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsHow to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsDigitalOcean
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
SIP URI @ fscons 2009
SIP URI @ fscons 2009SIP URI @ fscons 2009
SIP URI @ fscons 2009FSCONS
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20DefconRussia
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pubCassio Ramos
 
Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes Positive Hack Days
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 MarsRémi Dubois
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutionsVlad Garbuz
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commandsRishu Seth
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary ExploitationFlorian Müller
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attackSeth Wahle
 
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Cisco Russia
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловAnthony Marchenko
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Cisco Russia
 
Nmap
NmapNmap
NmapMegha Sahu
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in ActionAlexander Kachur
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
maXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialmaXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialMax Kleiner
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
Mac spoof avoider
Mac spoof avoiderMac spoof avoider
Mac spoof avoiderShailesh Maurya
 
IP/MAC Addressing
IP/MAC AddressingIP/MAC Addressing
IP/MAC AddressingAnkan Adhikari
 

More Related Content

What's hot

3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 MarsRémi Dubois
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutionsVlad Garbuz
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commandsRishu Seth
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary ExploitationFlorian Müller
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attackSeth Wahle
 
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Cisco Russia
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловAnthony Marchenko
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Cisco Russia
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in ActionAlexander Kachur
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
maXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialmaXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialMax Kleiner
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 

What's hot (20)

Tcpdump
TcpdumpTcpdump
Tcpdump
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attack
 
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
 
Nmap
NmapNmap
Nmap
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in Action
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
maXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialmaXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps Tutorial
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
 

Viewers also liked

Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreTop 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreGreat Bay Software
 
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6ELI KENDEL אלי קנדל
 
Wireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSWireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSMd Sohail Ahmad
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 

Viewers also liked (7)

Mac spoof avoider
Mac spoof avoiderMac spoof avoider
Mac spoof avoider
 
IP/MAC Addressing
IP/MAC AddressingIP/MAC Addressing
IP/MAC Addressing
 
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreTop 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
 
Wlan mac-spoof
Wlan mac-spoofWlan mac-spoof
Wlan mac-spoof
 
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
 
Wireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSWireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPS
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 

Similar to Target, Scan, and Service Detection Options

Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.pptVarunBehere1
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
Nmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumerationNmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumerationRobert Rowley
 
Using metasploit
Using metasploitUsing metasploit
Using metasploitCyberRad
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Pythondelimitry
 

Similar to Target, Scan, and Service Detection Options (20)

Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.ppt
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
NMap
NMapNMap
NMap
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Nmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumerationNmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumeration
 
Using metasploit
Using metasploitUsing metasploit
Using metasploit
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Python
 

More from Arduino Aficionado

Core c sharp and .net quick reference
Core c sharp and .net quick referenceCore c sharp and .net quick reference
Core c sharp and .net quick referenceArduino Aficionado
 

More from Arduino Aficionado (15)

Garagino doc
Garagino docGaragino doc
Garagino doc
 
Netfx4
Netfx4Netfx4
Netfx4
 
Ubunturef
UbunturefUbunturef
Ubunturef
 
Scala cheatsheet
Scala cheatsheetScala cheatsheet
Scala cheatsheet
 
Xm lquickref
Xm lquickrefXm lquickref
Xm lquickref
 
Html xhtml tag-sheet
Html xhtml tag-sheetHtml xhtml tag-sheet
Html xhtml tag-sheet
 
Unix command quickref
Unix command quickrefUnix command quickref
Unix command quickref
 
Ruby on rails_cheat_sheet
Ruby on rails_cheat_sheetRuby on rails_cheat_sheet
Ruby on rails_cheat_sheet
 
Pqrc 2.4-a4-latest
Pqrc 2.4-a4-latestPqrc 2.4-a4-latest
Pqrc 2.4-a4-latest
 
Matlab quickref
Matlab quickrefMatlab quickref
Matlab quickref
 
Java quickref
Java quickrefJava quickref
Java quickref
 
Eclipse emacskeybindings 3_1
Eclipse emacskeybindings 3_1Eclipse emacskeybindings 3_1
Eclipse emacskeybindings 3_1
 
Refcard en-a4
Refcard en-a4Refcard en-a4
Refcard en-a4
 
Cpp reference sheet
Cpp reference sheetCpp reference sheet
Cpp reference sheet
 
Core c sharp and .net quick reference
Core c sharp and .net quick referenceCore c sharp and .net quick reference
Core c sharp and .net quick reference
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Target, Scan, and Service Detection Options

  • 1. SecurityByDefault.com Target specification IP address, hostnames, networks, etc Example: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL file input from list -iR n choose random targets, 0 never ending --exclude --excludefile file exclude host or list from file Port scanning techniques -sS tcp syn scan -sT tcp connect scan -sU udp scan -sY sctp init scan -sZ sctp cookie echo -sO ip protocol -sW tcp window -sN –sF -sX null, fin, xmas –sA tcp ack Port specification and scan order -p n-m range -p- all ports -p n,m,z individual -p U:n-m,z T:n,m U for udp T for tcp -F fast, common 100 --top-ports n scan the highest-ratio ports -r don’t randomize Host discovery -PS n tcp syn ping -PA n tcp ack ping -PU n udp ping -PM netmask req -PP timestamp req -PE echo req -sL list scan -PO protocol ping -PN no ping -n no DNS -R DNS resolution for all targets --traceroute: trace path to host (for topology map) -sP ping same as –PP –PM –PS443 –PA80 Service and version detection -sV: version detection --all-ports dont exclude ports --version-all try every single probe --version-trace trace version scan activity -O enable OS detection --fuzzy guess OS detection --max-os-tries set the maximum number of tries against a target Firewall/IDS evasion -f fragment packets -D d1,d2 cloak scan with decoys -S ip spoof source address –g source spoof source port --randomize-hosts order --spoof-mac mac change the src mac Timing and performance -T0 paranoid -T1 sneaky -T2 polite -T3 normal -T4 aggresive -T5 insane --min-hostgroup --max-hostgroup --min-rate --max-rate --min-parallelism --max-parallelism --min-rtt-timeout --max-rtt-timeout --initial-rtt-timeout --max-retries --host-timeout --scan-delay Output -oN normal -oX xml -oG grepable –oA all outputs Verbosity and debugging options -v Increase verbosity level --reason host and port reason -d (1-9) set debugging level --packet-trace trace packets Miscellaneous options --resume file resume aborted scan (from oN or oG output) -6 enable ipv6 scanning -A agressive same as -O -sV -sC --traceroute Interactive options v/V increase/decrease verbosity level d/D increase/decrease debugging level p/P turn on/off packet tracing Examples Quick scan nmap -T4 -F Fast scan (port80) nmap -T4 --max_rtt_timeout 200 --initial_rtt_timeout 150 --min_hostgroup 512 --max_retries 0 -n -P0 -p80 Pingscan nmap -sP -PE -PP -PS21,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 Slow comprehensive nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all Quick traceroute: nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute Scripts -sC perform scan with default scripts --script file run script (or all) --script-args n=v provide arguments --script-trace print incoming and outgoing communication