nmap


nmap is a usefull tool for network scanning or discovery of open ports and vulnerabilities. can be used for scanning internal and external Networks.

Man page: https://linux.die.net/man/1/nmap

Project Page: https://nmap.org/

Usefull options:

-A: Enable OS detection, version detection, script scanning, and traceroute
-sV: Version Detect. Probe open ports to determine service/version info
-sC: same as --script=default. executes default script for scan. can be detected as intrusive
--script=: use a script for scanning
-T<0-5>: Set timing template (higher is faster). can speedup scans
-iL <Filename>: input a list file to scan
-iR: nmap generates random IPs for scanning. usefull for research
-Pn: no Ping. skips host discovery
-n: no DNS lookup. can speedup scan
-sS: TCP Syn Scan. only checks for SYN. not full TCP handshake
-sT: TCP Scan
-sU: UDP Scan. scanns for UDP Ports of widely known Services like port 53 dns
-p-: scans all ports from 1-65535
-p <port range>: define port range for scanning ex. 1-255

Examples:

-sV

$ nmap -sV blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:28 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.012s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE  SERVICE  VERSION
25/tcp  closed smtp
80/tcp  open   http     OpenResty web app server
443/tcp open   ssl/http OpenResty web app server

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.41 seconds

-sC

$ nmap -sC blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:33 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.020s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE  SERVICE
25/tcp  closed smtp
80/tcp  open   http
|_http-title: Site doesn't have a title (application/octet-stream).
443/tcp open   https
|_http-title: Site doesn't have a title (application/octet-stream).
| tls-nextprotoneg: 
|   h2
|_  http/1.1
| tls-alpn: 
|   h2
|_  http/1.1
| ssl-cert: Subject: commonName=blubb.fish
| Subject Alternative Name: DNS:blubb.fish, DNS:www.blubb.fish
| Not valid before: 2022-03-23T08:19:37
|_Not valid after:  2022-06-21T08:19:36
|_ssl-date: TLS randomness does not represent time

Nmap done: 1 IP address (1 host up) scanned in 6.04 seconds

-p

$ nmap -p 79-85 blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:31 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.012s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net

PORT   STATE    SERVICE
79/tcp filtered finger
80/tcp open     http
81/tcp filtered hosts2-ns
82/tcp filtered xfer
83/tcp filtered mit-ml-dev
84/tcp filtered ctf
85/tcp filtered mit-ml-dev

Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds

-A (much much output)

$ nmap -A blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:15 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.018s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
Not shown: 983 filtered tcp ports (no-response)
PORT      STATE  SERVICE         VERSION
20/tcp    closed ftp-data
21/tcp    open   ftp             Pure-FTPd
22/tcp    open   ssh             OpenSSH 7.4 (protocol 2.0)
25/tcp    closed smtp
53/tcp    closed domain
80/tcp    open   http            openresty
|_http-server-header: openresty
| fingerprint-strings: 
|   GetRequest, HTTPOptions: 
|     HTTP/1.0 200 OK
|     Connection: close
|     content-type: text/html; charset=UTF-8
|     content-length: 880
|     date: Wed, 23 Mar 2022 14:15:56 GMT
|     x-robots-tag: noindex, nofollow
|     <!DOCTYPE html>
|     <html style="height:100%">
|     <head><title>Domain nicht eingerichtet
|     </title>
|     <meta charset="utf-8"></head>
|     <body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
|     <div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
|     style="margin-top:20px;font-size: 30px;">
|     Domain nicht eingerichtet</h1>
|     <p>Die gew
|     nschte Domain ist auf diesem Server nicht konfiguriert und kann deshalb nicht angezeigt werden.</p>
|_    <p>Weitere Informationen finden Sie in unserem Supportcenter:<br><a href="https://www.cyon.ch/support/a/fehler-beim-aufruf
|_http-title: Site doesn't have a title (application/octet-stream).
110/tcp   open   pop3            Dovecot pop3d
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_pop3-capabilities: RESP-CODES PIPELINING STLS SASL(PLAIN LOGIN) CAPA USER AUTH-RESP-CODE TOP UIDL
|_sslv2: ERROR: Script execution failed (use -d to debug)
143/tcp   open   imap            Dovecot imapd
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_imap-capabilities: XLIST Pre-login IDLE listed LITERAL+ SASL-IR STARTTLS ENABLE +NAMESPACE LOGIN-REFERRALS ID OK AUTH=LOGINA0001 more have post-login AUTH=PLAIN capabilities IMAP4rev1
|_sslv2: ERROR: Script execution failed (use -d to debug)
443/tcp   open   ssl/https       openresty
|_ssl-date: TLS randomness does not represent time
| tls-nextprotoneg: 
|   h2
|_  http/1.1
|_http-server-header: openresty
| ssl-cert: Subject: commonName=blubb.fish
| Subject Alternative Name: DNS:blubb.fish, DNS:www.blubb.fish
| Not valid before: 2022-03-23T08:19:37
|_Not valid after:  2022-06-21T08:19:36
| tls-alpn: 
|   h2
|_  http/1.1
| fingerprint-strings: 
|   GetRequest, HTTPOptions: 
|     HTTP/1.0 200 OK
|     Connection: close
|     content-type: text/html; charset=UTF-8
|     content-length: 880
|     date: Wed, 23 Mar 2022 14:16:02 GMT
|     x-robots-tag: noindex, nofollow
|     <!DOCTYPE html>
|     <html style="height:100%">
|     <head><title>Domain nicht eingerichtet
|     </title>
|     <meta charset="utf-8"></head>
|     <body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
|     <div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
|     style="margin-top:20px;font-size: 30px;">
|     Domain nicht eingerichtet</h1>
|     <p>Die gew
|     nschte Domain ist auf diesem Server nicht konfiguriert und kann deshalb nicht angezeigt werden.</p>
|_    <p>Weitere Informationen finden Sie in unserem Supportcenter:<br><a href="https://www.cyon.ch/support/a/fehler-beim-aufruf
|_http-title: Site doesn't have a title (application/octet-stream).
465/tcp   open   ssl/nagios-nsca Nagios NSCA
|_smtp-commands: s091.cyon.net Hello blubb.fish [91.92.201.158], SIZE 52428800, 8BITMIME, PIPELINING, PIPE_CONNECT, AUTH PLAIN LOGIN, HELP
587/tcp   open   nagios-nsca     Nagios NSCA
|_smtp-ntlm-info: ERROR: Script execution failed (use -d to debug)
| smtp-commands: s091.cyon.net Hello blubb.fish [91.92.201.158], SIZE 52428800, 8BITMIME, PIPELINING, PIPE_CONNECT, AUTH PLAIN LOGIN, STARTTLS, HELP
|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
993/tcp   open   ssl/imap        Dovecot imapd
995/tcp   open   ssl/pop3        Dovecot pop3d
|_pop3-capabilities: RESP-CODES PIPELINING SASL(PLAIN LOGIN) AUTH-RESP-CODE USER CAPA UIDL TOP
2196/tcp  closed unknown
3306/tcp  open   mysql           MySQL 5.7.26-log-cll-lve
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_sslv2: ERROR: Script execution failed (use -d to debug)
| mysql-info: 
|   Protocol: 10
|   Version: 5.7.26-log-cll-lve
|   Thread ID: 133486537
|   Capabilities flags: 63487
|   Some Capabilities: Support41Auth, FoundRows, LongColumnFlag, Speaks41ProtocolOld, SupportsTransactions, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, ODBCClient, InteractiveClient, Speaks41ProtocolNew, SupportsCompression, SupportsLoadDataLocal, DontAllowDatabaseTableColumn, LongPassword, ConnectWithDatabase, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
|   Status: Autocommit
|   Salt: \x1C\x1CVnCYghs(.J\x1Bx[)#\x081\x10
|_  Auth Plugin Name: mysql_native_password
8888/tcp  closed sun-answerbook
30000/tcp closed ndmps
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.92%I=7%D=3/23%Time=623B2B9C%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,419,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\ncontent-t
SF:ype:\x20text/html;\x20charset=UTF-8\r\ncontent-length:\x20880\r\ndate:\
SF:x20Wed,\x2023\x20Mar\x202022\x2014:15:56\x20GMT\r\nx-robots-tag:\x20noi
SF:ndex,\x20nofollow\r\n\r\n<!DOCTYPE\x20html>\n<html\x20style=\"height:10
SF:0%\">\n<head><title>Domain\x20nicht\x20eingerichtet\n</title>\n<meta\x2
SF:0charset=\"utf-8\"></head>\n<body\x20style=\"color:\x20#444;\x20margin:
SF:0;font:\x20normal\x2014px/20px\x20Arial,\x20Helvetica,\x20sans-serif;\x
SF:20height:100%;\x20background-color:\x20#fff;\">\n<div\x20style=\"height
SF::auto;\x20min-height:100%;\x20\">\x20\x20\x20\x20\x20<div\x20style=\"te
SF:xt-align:\x20center;\x20width:800px;\x20margin-left:\x20-400px;\x20posi
SF:tion:absolute;\x20top:\x2030%;\x20left:50%;\">\n\x20\x20\x20\x20\x20\x2
SF:0\x20\x20<h1\x20style=\"margin-top:20px;font-size:\x2030px;\">\n\x20\x2
SF:0\x20\x20\x20\x20\x20\x20Domain\x20nicht\x20eingerichtet</h1>\n<p>Die\x
SF:20gew\xc3\xbcnschte\x20Domain\x20ist\x20auf\x20diesem\x20Server\x20nich
SF:t\x20konfiguriert\x20und\x20kann\x20deshalb\x20nicht\x20angezeigt\x20we
SF:rden\.</p>\n<p>Weitere\x20Informationen\x20finden\x20Sie\x20in\x20unser
SF:em\x20Supportcenter:<br><a\x20href=\"https://www\.cyon\.ch/support/a/fe
SF:hler-beim-aufruf")%r(HTTPOptions,419,"HTTP/1\.0\x20200\x20OK\r\nConnect
SF:ion:\x20close\r\ncontent-type:\x20text/html;\x20charset=UTF-8\r\nconten
SF:t-length:\x20880\r\ndate:\x20Wed,\x2023\x20Mar\x202022\x2014:15:56\x20G
SF:MT\r\nx-robots-tag:\x20noindex,\x20nofollow\r\n\r\n<!DOCTYPE\x20html>\n
SF:<html\x20style=\"height:100%\">\n<head><title>Domain\x20nicht\x20einger
SF:ichtet\n</title>\n<meta\x20charset=\"utf-8\"></head>\n<body\x20style=\"
SF:color:\x20#444;\x20margin:0;font:\x20normal\x2014px/20px\x20Arial,\x20H
SF:elvetica,\x20sans-serif;\x20height:100%;\x20background-color:\x20#fff;\
SF:">\n<div\x20style=\"height:auto;\x20min-height:100%;\x20\">\x20\x20\x20
SF:\x20\x20<div\x20style=\"text-align:\x20center;\x20width:800px;\x20margi
SF:n-left:\x20-400px;\x20position:absolute;\x20top:\x2030%;\x20left:50%;\"
SF:>\n\x20\x20\x20\x20\x20\x20\x20\x20<h1\x20style=\"margin-top:20px;font-
SF:size:\x2030px;\">\n\x20\x20\x20\x20\x20\x20\x20\x20Domain\x20nicht\x20e
SF:ingerichtet</h1>\n<p>Die\x20gew\xc3\xbcnschte\x20Domain\x20ist\x20auf\x
SF:20diesem\x20Server\x20nicht\x20konfiguriert\x20und\x20kann\x20deshalb\x
SF:20nicht\x20angezeigt\x20werden\.</p>\n<p>Weitere\x20Informationen\x20fi
SF:nden\x20Sie\x20in\x20unserem\x20Supportcenter:<br><a\x20href=\"https://
SF:www\.cyon\.ch/support/a/fehler-beim-aufruf");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.92%T=SSL%I=7%D=3/23%Time=623B2BA2%P=x86_64-pc-linux-gnu
SF:%r(GetRequest,419,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\nco
SF:ntent-type:\x20text/html;\x20charset=UTF-8\r\ncontent-length:\x20880\r\
SF:ndate:\x20Wed,\x2023\x20Mar\x202022\x2014:16:02\x20GMT\r\nx-robots-tag:
SF:\x20noindex,\x20nofollow\r\n\r\n<!DOCTYPE\x20html>\n<html\x20style=\"he
SF:ight:100%\">\n<head><title>Domain\x20nicht\x20eingerichtet\n</title>\n<
SF:meta\x20charset=\"utf-8\"></head>\n<body\x20style=\"color:\x20#444;\x20
SF:margin:0;font:\x20normal\x2014px/20px\x20Arial,\x20Helvetica,\x20sans-s
SF:erif;\x20height:100%;\x20background-color:\x20#fff;\">\n<div\x20style=\
SF:"height:auto;\x20min-height:100%;\x20\">\x20\x20\x20\x20\x20<div\x20sty
SF:le=\"text-align:\x20center;\x20width:800px;\x20margin-left:\x20-400px;\
SF:x20position:absolute;\x20top:\x2030%;\x20left:50%;\">\n\x20\x20\x20\x20
SF:\x20\x20\x20\x20<h1\x20style=\"margin-top:20px;font-size:\x2030px;\">\n
SF:\x20\x20\x20\x20\x20\x20\x20\x20Domain\x20nicht\x20eingerichtet</h1>\n<
SF:p>Die\x20gew\xc3\xbcnschte\x20Domain\x20ist\x20auf\x20diesem\x20Server\
SF:x20nicht\x20konfiguriert\x20und\x20kann\x20deshalb\x20nicht\x20angezeig
SF:t\x20werden\.</p>\n<p>Weitere\x20Informationen\x20finden\x20Sie\x20in\x
SF:20unserem\x20Supportcenter:<br><a\x20href=\"https://www\.cyon\.ch/suppo
SF:rt/a/fehler-beim-aufruf")%r(HTTPOptions,419,"HTTP/1\.0\x20200\x20OK\r\n
SF:Connection:\x20close\r\ncontent-type:\x20text/html;\x20charset=UTF-8\r\
SF:ncontent-length:\x20880\r\ndate:\x20Wed,\x2023\x20Mar\x202022\x2014:16:
SF:02\x20GMT\r\nx-robots-tag:\x20noindex,\x20nofollow\r\n\r\n<!DOCTYPE\x20
SF:html>\n<html\x20style=\"height:100%\">\n<head><title>Domain\x20nicht\x2
SF:0eingerichtet\n</title>\n<meta\x20charset=\"utf-8\"></head>\n<body\x20s
SF:tyle=\"color:\x20#444;\x20margin:0;font:\x20normal\x2014px/20px\x20Aria
SF:l,\x20Helvetica,\x20sans-serif;\x20height:100%;\x20background-color:\x2
SF:0#fff;\">\n<div\x20style=\"height:auto;\x20min-height:100%;\x20\">\x20\
SF:x20\x20\x20\x20<div\x20style=\"text-align:\x20center;\x20width:800px;\x
SF:20margin-left:\x20-400px;\x20position:absolute;\x20top:\x2030%;\x20left
SF::50%;\">\n\x20\x20\x20\x20\x20\x20\x20\x20<h1\x20style=\"margin-top:20p
SF:x;font-size:\x2030px;\">\n\x20\x20\x20\x20\x20\x20\x20\x20Domain\x20nic
SF:ht\x20eingerichtet</h1>\n<p>Die\x20gew\xc3\xbcnschte\x20Domain\x20ist\x
SF:20auf\x20diesem\x20Server\x20nicht\x20konfiguriert\x20und\x20kann\x20de
SF:shalb\x20nicht\x20angezeigt\x20werden\.</p>\n<p>Weitere\x20Informatione
SF:n\x20finden\x20Sie\x20in\x20unserem\x20Supportcenter:<br><a\x20href=\"h
SF:ttps://www\.cyon\.ch/support/a/fehler-beim-aufruf");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 763.41 seconds
,

Leave a Reply

Your email address will not be published. Required fields are marked *