Friday, January 5, 2018

Useful nmap Tips


OS Fingerprint Scanning

Sometimes there is a question about what OS is running on a server. There are advanced options from –help, but usually running nmap with -A is enough to tell you exactly what OS is running on the server in question.

Simple nmap scan, which includes OS detection:

nmap -v -A $s

Find an Available IP

Note that your company may have another system of record, so check there for the final authoritative answer.
A quick way to find an IP that is not in DNS, and not responding to ping, or ssh, is to run an nmap scan of the subnet.

Use nmap to find available IPs

 net=10.1.1.0;p=24;nmap -v -R -sn ${net}/${p} -o /tmp/subnet-${net}-${p}.txt
Note: This may scan a large number of IPs, so it may be more convenient to write to a file to analyze later, rather tthan running the scan multiple times.
An available IP would be one that shows an IP address with no DNS name, and also “host down.”

No comments: