nmap is a usefull tool for network scanning or discovery of open ports and vulnerabilities. can be used for scanning internal and external Networks.
Man page: https://linux.die.net/man/1/nmap
Project Page: https://nmap.org/
Usefull options:
-A: Enable OS detection, version detection, script scanning, and traceroute -sV: Version Detect. Probe open ports to determine service/version info -sC: same as --script=default. executes default script for scan. can be detected as intrusive --script=: use a script for scanning -T<0-5>: Set timing template (higher is faster). can speedup scans -iL <Filename>: input a list file to scan -iR: nmap generates random IPs for scanning. usefull for research -Pn: no Ping. skips host discovery -n: no DNS lookup. can speedup scan -sS: TCP Syn Scan. only checks for SYN. not full TCP handshake -sT: TCP Scan -sU: UDP Scan. scanns for UDP Ports of widely known Services like port 53 dns -p-: scans all ports from 1-65535 -p <port range>: define port range for scanning ex. 1-255
Examples:
-sV
$ nmap -sV blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:28 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.012s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
25/tcp closed smtp
80/tcp open http OpenResty web app server
443/tcp open ssl/http OpenResty web app server
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.41 seconds
-sC
$ nmap -sC blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:33 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.020s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
25/tcp closed smtp
80/tcp open http
|_http-title: Site doesn't have a title (application/octet-stream).
443/tcp open https
|_http-title: Site doesn't have a title (application/octet-stream).
| tls-nextprotoneg:
| h2
|_ http/1.1
| tls-alpn:
| h2
|_ http/1.1
| ssl-cert: Subject: commonName=blubb.fish
| Subject Alternative Name: DNS:blubb.fish, DNS:www.blubb.fish
| Not valid before: 2022-03-23T08:19:37
|_Not valid after: 2022-06-21T08:19:36
|_ssl-date: TLS randomness does not represent time
Nmap done: 1 IP address (1 host up) scanned in 6.04 seconds
-p
$ nmap -p 79-85 blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:31 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.012s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
PORT STATE SERVICE
79/tcp filtered finger
80/tcp open http
81/tcp filtered hosts2-ns
82/tcp filtered xfer
83/tcp filtered mit-ml-dev
84/tcp filtered ctf
85/tcp filtered mit-ml-dev
Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds
-A (much much output)
$ nmap -A blubb.fish
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-23 14:15 UTC
Nmap scan report for blubb.fish (149.126.4.100)
Host is up (0.018s latency).
Other addresses for blubb.fish (not scanned): 2a01:ab20:0:4::100
rDNS record for 149.126.4.100: s091.cyon.net
Not shown: 983 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
20/tcp closed ftp-data
21/tcp open ftp Pure-FTPd
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
25/tcp closed smtp
53/tcp closed domain
80/tcp open http openresty
|_http-server-header: openresty
| fingerprint-strings:
| GetRequest, HTTPOptions:
| HTTP/1.0 200 OK
| Connection: close
| content-type: text/html; charset=UTF-8
| content-length: 880
| date: Wed, 23 Mar 2022 14:15:56 GMT
| x-robots-tag: noindex, nofollow
| <!DOCTYPE html>
| <html style="height:100%">
| <head><title>Domain nicht eingerichtet
| </title>
| <meta charset="utf-8"></head>
| <body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
| <div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
| style="margin-top:20px;font-size: 30px;">
| Domain nicht eingerichtet</h1>
| <p>Die gew
| nschte Domain ist auf diesem Server nicht konfiguriert und kann deshalb nicht angezeigt werden.</p>
|_ <p>Weitere Informationen finden Sie in unserem Supportcenter:<br><a href="https://www.cyon.ch/support/a/fehler-beim-aufruf
|_http-title: Site doesn't have a title (application/octet-stream).
110/tcp open pop3 Dovecot pop3d
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_pop3-capabilities: RESP-CODES PIPELINING STLS SASL(PLAIN LOGIN) CAPA USER AUTH-RESP-CODE TOP UIDL
|_sslv2: ERROR: Script execution failed (use -d to debug)
143/tcp open imap Dovecot imapd
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_imap-capabilities: XLIST Pre-login IDLE listed LITERAL+ SASL-IR STARTTLS ENABLE +NAMESPACE LOGIN-REFERRALS ID OK AUTH=LOGINA0001 more have post-login AUTH=PLAIN capabilities IMAP4rev1
|_sslv2: ERROR: Script execution failed (use -d to debug)
443/tcp open ssl/https openresty
|_ssl-date: TLS randomness does not represent time
| tls-nextprotoneg:
| h2
|_ http/1.1
|_http-server-header: openresty
| ssl-cert: Subject: commonName=blubb.fish
| Subject Alternative Name: DNS:blubb.fish, DNS:www.blubb.fish
| Not valid before: 2022-03-23T08:19:37
|_Not valid after: 2022-06-21T08:19:36
| tls-alpn:
| h2
|_ http/1.1
| fingerprint-strings:
| GetRequest, HTTPOptions:
| HTTP/1.0 200 OK
| Connection: close
| content-type: text/html; charset=UTF-8
| content-length: 880
| date: Wed, 23 Mar 2022 14:16:02 GMT
| x-robots-tag: noindex, nofollow
| <!DOCTYPE html>
| <html style="height:100%">
| <head><title>Domain nicht eingerichtet
| </title>
| <meta charset="utf-8"></head>
| <body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
| <div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
| style="margin-top:20px;font-size: 30px;">
| Domain nicht eingerichtet</h1>
| <p>Die gew
| nschte Domain ist auf diesem Server nicht konfiguriert und kann deshalb nicht angezeigt werden.</p>
|_ <p>Weitere Informationen finden Sie in unserem Supportcenter:<br><a href="https://www.cyon.ch/support/a/fehler-beim-aufruf
|_http-title: Site doesn't have a title (application/octet-stream).
465/tcp open ssl/nagios-nsca Nagios NSCA
|_smtp-commands: s091.cyon.net Hello blubb.fish [91.92.201.158], SIZE 52428800, 8BITMIME, PIPELINING, PIPE_CONNECT, AUTH PLAIN LOGIN, HELP
587/tcp open nagios-nsca Nagios NSCA
|_smtp-ntlm-info: ERROR: Script execution failed (use -d to debug)
| smtp-commands: s091.cyon.net Hello blubb.fish [91.92.201.158], SIZE 52428800, 8BITMIME, PIPELINING, PIPE_CONNECT, AUTH PLAIN LOGIN, STARTTLS, HELP
|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
|_pop3-capabilities: RESP-CODES PIPELINING SASL(PLAIN LOGIN) AUTH-RESP-CODE USER CAPA UIDL TOP
2196/tcp closed unknown
3306/tcp open mysql MySQL 5.7.26-log-cll-lve
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_sslv2: ERROR: Script execution failed (use -d to debug)
| mysql-info:
| Protocol: 10
| Version: 5.7.26-log-cll-lve
| Thread ID: 133486537
| Capabilities flags: 63487
| Some Capabilities: Support41Auth, FoundRows, LongColumnFlag, Speaks41ProtocolOld, SupportsTransactions, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, ODBCClient, InteractiveClient, Speaks41ProtocolNew, SupportsCompression, SupportsLoadDataLocal, DontAllowDatabaseTableColumn, LongPassword, ConnectWithDatabase, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
| Status: Autocommit
| Salt: \x1C\x1CVnCYghs(.J\x1Bx[)#\x081\x10
|_ Auth Plugin Name: mysql_native_password
8888/tcp closed sun-answerbook
30000/tcp closed ndmps
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.92%I=7%D=3/23%Time=623B2B9C%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,419,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\ncontent-t
SF:ype:\x20text/html;\x20charset=UTF-8\r\ncontent-length:\x20880\r\ndate:\
SF:x20Wed,\x2023\x20Mar\x202022\x2014:15:56\x20GMT\r\nx-robots-tag:\x20noi
SF:ndex,\x20nofollow\r\n\r\n<!DOCTYPE\x20html>\n<html\x20style=\"height:10
SF:0%\">\n<head><title>Domain\x20nicht\x20eingerichtet\n</title>\n<meta\x2
SF:0charset=\"utf-8\"></head>\n<body\x20style=\"color:\x20#444;\x20margin:
SF:0;font:\x20normal\x2014px/20px\x20Arial,\x20Helvetica,\x20sans-serif;\x
SF:20height:100%;\x20background-color:\x20#fff;\">\n<div\x20style=\"height
SF::auto;\x20min-height:100%;\x20\">\x20\x20\x20\x20\x20<div\x20style=\"te
SF:xt-align:\x20center;\x20width:800px;\x20margin-left:\x20-400px;\x20posi
SF:tion:absolute;\x20top:\x2030%;\x20left:50%;\">\n\x20\x20\x20\x20\x20\x2
SF:0\x20\x20<h1\x20style=\"margin-top:20px;font-size:\x2030px;\">\n\x20\x2
SF:0\x20\x20\x20\x20\x20\x20Domain\x20nicht\x20eingerichtet</h1>\n<p>Die\x
SF:20gew\xc3\xbcnschte\x20Domain\x20ist\x20auf\x20diesem\x20Server\x20nich
SF:t\x20konfiguriert\x20und\x20kann\x20deshalb\x20nicht\x20angezeigt\x20we
SF:rden\.</p>\n<p>Weitere\x20Informationen\x20finden\x20Sie\x20in\x20unser
SF:em\x20Supportcenter:<br><a\x20href=\"https://www\.cyon\.ch/support/a/fe
SF:hler-beim-aufruf")%r(HTTPOptions,419,"HTTP/1\.0\x20200\x20OK\r\nConnect
SF:ion:\x20close\r\ncontent-type:\x20text/html;\x20charset=UTF-8\r\nconten
SF:t-length:\x20880\r\ndate:\x20Wed,\x2023\x20Mar\x202022\x2014:15:56\x20G
SF:MT\r\nx-robots-tag:\x20noindex,\x20nofollow\r\n\r\n<!DOCTYPE\x20html>\n
SF:<html\x20style=\"height:100%\">\n<head><title>Domain\x20nicht\x20einger
SF:ichtet\n</title>\n<meta\x20charset=\"utf-8\"></head>\n<body\x20style=\"
SF:color:\x20#444;\x20margin:0;font:\x20normal\x2014px/20px\x20Arial,\x20H
SF:elvetica,\x20sans-serif;\x20height:100%;\x20background-color:\x20#fff;\
SF:">\n<div\x20style=\"height:auto;\x20min-height:100%;\x20\">\x20\x20\x20
SF:\x20\x20<div\x20style=\"text-align:\x20center;\x20width:800px;\x20margi
SF:n-left:\x20-400px;\x20position:absolute;\x20top:\x2030%;\x20left:50%;\"
SF:>\n\x20\x20\x20\x20\x20\x20\x20\x20<h1\x20style=\"margin-top:20px;font-
SF:size:\x2030px;\">\n\x20\x20\x20\x20\x20\x20\x20\x20Domain\x20nicht\x20e
SF:ingerichtet</h1>\n<p>Die\x20gew\xc3\xbcnschte\x20Domain\x20ist\x20auf\x
SF:20diesem\x20Server\x20nicht\x20konfiguriert\x20und\x20kann\x20deshalb\x
SF:20nicht\x20angezeigt\x20werden\.</p>\n<p>Weitere\x20Informationen\x20fi
SF:nden\x20Sie\x20in\x20unserem\x20Supportcenter:<br><a\x20href=\"https://
SF:www\.cyon\.ch/support/a/fehler-beim-aufruf");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.92%T=SSL%I=7%D=3/23%Time=623B2BA2%P=x86_64-pc-linux-gnu
SF:%r(GetRequest,419,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\nco
SF:ntent-type:\x20text/html;\x20charset=UTF-8\r\ncontent-length:\x20880\r\
SF:ndate:\x20Wed,\x2023\x20Mar\x202022\x2014:16:02\x20GMT\r\nx-robots-tag:
SF:\x20noindex,\x20nofollow\r\n\r\n<!DOCTYPE\x20html>\n<html\x20style=\"he
SF:ight:100%\">\n<head><title>Domain\x20nicht\x20eingerichtet\n</title>\n<
SF:meta\x20charset=\"utf-8\"></head>\n<body\x20style=\"color:\x20#444;\x20
SF:margin:0;font:\x20normal\x2014px/20px\x20Arial,\x20Helvetica,\x20sans-s
SF:erif;\x20height:100%;\x20background-color:\x20#fff;\">\n<div\x20style=\
SF:"height:auto;\x20min-height:100%;\x20\">\x20\x20\x20\x20\x20<div\x20sty
SF:le=\"text-align:\x20center;\x20width:800px;\x20margin-left:\x20-400px;\
SF:x20position:absolute;\x20top:\x2030%;\x20left:50%;\">\n\x20\x20\x20\x20
SF:\x20\x20\x20\x20<h1\x20style=\"margin-top:20px;font-size:\x2030px;\">\n
SF:\x20\x20\x20\x20\x20\x20\x20\x20Domain\x20nicht\x20eingerichtet</h1>\n<
SF:p>Die\x20gew\xc3\xbcnschte\x20Domain\x20ist\x20auf\x20diesem\x20Server\
SF:x20nicht\x20konfiguriert\x20und\x20kann\x20deshalb\x20nicht\x20angezeig
SF:t\x20werden\.</p>\n<p>Weitere\x20Informationen\x20finden\x20Sie\x20in\x
SF:20unserem\x20Supportcenter:<br><a\x20href=\"https://www\.cyon\.ch/suppo
SF:rt/a/fehler-beim-aufruf")%r(HTTPOptions,419,"HTTP/1\.0\x20200\x20OK\r\n
SF:Connection:\x20close\r\ncontent-type:\x20text/html;\x20charset=UTF-8\r\
SF:ncontent-length:\x20880\r\ndate:\x20Wed,\x2023\x20Mar\x202022\x2014:16:
SF:02\x20GMT\r\nx-robots-tag:\x20noindex,\x20nofollow\r\n\r\n<!DOCTYPE\x20
SF:html>\n<html\x20style=\"height:100%\">\n<head><title>Domain\x20nicht\x2
SF:0eingerichtet\n</title>\n<meta\x20charset=\"utf-8\"></head>\n<body\x20s
SF:tyle=\"color:\x20#444;\x20margin:0;font:\x20normal\x2014px/20px\x20Aria
SF:l,\x20Helvetica,\x20sans-serif;\x20height:100%;\x20background-color:\x2
SF:0#fff;\">\n<div\x20style=\"height:auto;\x20min-height:100%;\x20\">\x20\
SF:x20\x20\x20\x20<div\x20style=\"text-align:\x20center;\x20width:800px;\x
SF:20margin-left:\x20-400px;\x20position:absolute;\x20top:\x2030%;\x20left
SF::50%;\">\n\x20\x20\x20\x20\x20\x20\x20\x20<h1\x20style=\"margin-top:20p
SF:x;font-size:\x2030px;\">\n\x20\x20\x20\x20\x20\x20\x20\x20Domain\x20nic
SF:ht\x20eingerichtet</h1>\n<p>Die\x20gew\xc3\xbcnschte\x20Domain\x20ist\x
SF:20auf\x20diesem\x20Server\x20nicht\x20konfiguriert\x20und\x20kann\x20de
SF:shalb\x20nicht\x20angezeigt\x20werden\.</p>\n<p>Weitere\x20Informatione
SF:n\x20finden\x20Sie\x20in\x20unserem\x20Supportcenter:<br><a\x20href=\"h
SF:ttps://www\.cyon\.ch/support/a/fehler-beim-aufruf");
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 763.41 seconds