Nmap

Nmap is a very useful and effective port-scanner / network enumeration tool. Here are some fun things you can do with it:

Good opsec

Do not forget to use the following flag when stealth is important.

--script-args http.useragent="CUSTOM_AGENT"

Port Scans

Host Discovery (ping sweep)

nmap -sn <ip>/<cidr>

Aggressive Scan a single port

nmap -p<port> -A <ip>

Syn Scan for all open ports

nmap -p- -sS <ip>

Fuck you tell me scans (can be loud)

nmap -p- -v -T4 <ip>
nmap -p<ports> -sV -sC -T4 -Pn -oA <ip> <ip>

Threader3000

Threader3000 has quickly became my go to port scanning tool. It can be used to quickly scan all ports on a host, then perform a verbose Nmap scan on only the discovered ports. The speed and thoroughness of this tool just cant be beat

https://github.com/dievus/threader3000

pip install threader3000
threader3000

Enumeration

SMB Enumeration

nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>

RPC Enumeration

nmap -p 111 --script=nds-la,nfs-statfs,nfs-showmount <ip>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nmap.md

nmap.md

Nmap

Good opsec

Port Scans

Host Discovery (ping sweep)

Aggressive Scan a single port

Syn Scan for all open ports

Fuck you tell me scans (can be loud)

Threader3000

Enumeration

SMB Enumeration

RPC Enumeration

Files

nmap.md

Latest commit

History

nmap.md

File metadata and controls

Nmap

Good opsec

Port Scans

Host Discovery (ping sweep)

Aggressive Scan a single port

Syn Scan for all open ports

Fuck you tell me scans (can be loud)

Threader3000

Enumeration

SMB Enumeration

RPC Enumeration