While preparing for OSCP i wanted to know about great enumeration tool for myself. After reading some article i started to use tool called NMAP. Everyone in cyber security must have heard about NMAP – Nmap is networking mapping tool which help you to know your network. You can find detailed information about any host using Nmap. I am going to discussion some of the flags i use more often while running Nmap.
When I do start enumerating any Host I first scan that host for first standard 1000 ports using following command
Nmap -sS -sV -T4 -Pn IP
In this command i am asking NMAP to scan for services its versions with speed of 4 using flag -T and am instructing nmap not to ping that host.
After knowing services and their respecting i will go to hunt operating system . For enumerating operating system we need to use -O flag.
so now our command will be
But how we can forgot about other ports than these standard 1000 ports. Now days system admins changing default ports to non-standard ports so always remember you need to scan all ports along with standard 1000 ports. To scan all ports we need to use flag -p-
nmap -sS -sV -T4 -p- IP
Now nmap will start scanning all ports for services running over them and their versions
Nmap have scripting engine which use nse scripts to scan host for more things like vulnerabilities, users and much more. To user nmap script we need to enable script flag –scripts. There are several script from enumerating http service, banner grabbing to vulnerability scanning. I always use all scripts to make sure every thing got scanned. I use following command to scan with script
nmap -sS -sV -p- –script all IP
There are several tools which help to automate all nmap scanning i use 2 of them.
- Nmapautomater : -https://github.com/21y4d/nmapAutomator
- Autorecon :- https://github.com/Tib3rius/AutoRecon
I have mentioned very simple commands i daily use, i suggest you to try various flags and various technique available in map
For more reference about flags and their usage follow given link
Thank you for reading my blog post