Commands matching nmap (86)

  • How to check webserver by Nikto

    This is wonderful perl script to check the web server security and vulnerability .Get it from here :http://www.cirt.net/nikto2 Here are some key features of "Nikto": ? Uses rfp's LibWhisker as a base for all network funtionality ? Main scan database in CSV format for easy updates ? Determines "OK" vs "NOT FOUND" responses for each server, if possible ? Determines CGI directories for each server, if possible ? Switch HTTP versions as needed so that the server understands requests properly ? SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL) ? Output to file in plain text, HTML or CSV ? Generic and "server type" specific checks ? Plugin support (standard PERL) ? Checks for outdated server software ? Proxy support (with authentication) ? Host authentication (Basic) ? Watches for "bogus" OK responses ? Attempts to perform educated guesses for Authentication realms ? Captures/prints any Cookies received ? Mutate mode to "go fishing" on web servers for odd items ? Builds Mutate checks based on robots.txt entries (if present) ? Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available) ? Multiple IDS evasion techniques ? Users can add a custom scan database ? Supports automatic code/check updates (with web access) ? Multiple host/port scanning (scan list files) ? Username guessing plugin via the cgiwrap program and Apache ~user methods Show Sample Output


    0
    nikto.pl -h yourwebserver
    unixbhaskar · 2009-08-29 04:54:43 8
  • Backup a file with a date-time stamp

    "infix" version in bash (4.x+) Remove -v to make it silent. BTW: The OP forgot to use "cat" and "nmap" ;-) I had a good laugh though. Show Sample Output


    0
    buf() { f=${1%%.*};e=${1/$f/};cp -v $1 $f-$(date +"%Y%m%d_%H%M%S")$e;}
    unefunge · 2010-12-15 09:50:04 3
  • sort a list of comma separated numbers: sort_csn

    "sort_csn" is a function to sort a comma separated list of numbers. Define the the function with this: sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } Use the function like this: sort_csn 443,22,80,8200,1533,21,1723,1352,25 21,22,25,80,443,1352,1533,1723,8200 One example where this is useful is when port scanning with nmap and getting a list of open ports in random order. If you use Nessus, you may need to create a scan policy for that set of specific ports and it is clearer to read with the port numbers in ascending order (left to right). Caveat: no spaces in the comma separated list (just number1,number2,number3,etc). A variation of this to sort a comma separated list of strings: sort_css () { echo "${1}" | sed -e "s/,/\n/g"| sort -u | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } usage: sort_css apples,pears,grapes,melons,oranges apples,grapes,melons,oranges,pears Show Sample Output


    0
    sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; }
    mpb · 2011-01-26 15:18:08 5
  • Nmap find open TCP/IP ports for a target that is blocking ping

    Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output


    0
    nmap -sT -PN -vv <target ip>
    Richie086 · 2011-07-22 02:37:19 8
  • List services running on each open port


    0
    nmap -T Aggressive -A -v 127.0.0.1 -p 1-65000
    nzimas · 2011-10-30 15:16:35 3
  • Check a port's state on a given host

    Check to see if a port is open or closed on a given host. Show Sample Output


    0
    checkport() { sudo nmap -sS -p $1 $2 }
    peterRepeater · 2011-12-13 11:46:15 7
  • A list of IPs (only) that are online in a specific subnet.

    Often you want to nmap a list of IPs using the -iL flag. This is an easy way to generate a list of IPs that are online in a specific subnet or IP range (192.168.1.100-110). Show Sample Output


    0
    nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}'
    cantormath · 2011-12-31 15:50:22 3
  • Get list of servers with a specific port open


    0
    nmap -sT -p 80 --open 192.168.1.1/24
    smiles · 2012-03-13 01:43:59 3
  • Find resolvable hosts in subnet

    Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output


    0
    nmap -sL 74.125.237.1/24
    the_wanderer · 2012-05-30 00:51:20 4
  • scan subnet for used IPs

    Does a ping scan on the local subnet and returns the IPs that are up Show Sample Output


    0
    nmap -T4 -sn 192.168.1.0/24
    drewbled · 2012-06-19 17:07:24 3
  • Ping sweep without NMAP

    This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the "-W" option as that's not available in older ping versions (I needed this for OS X 10.5)


    0
    prefix="169.254" && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c "ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \"icmp\" &" ; done; done
    tempelorg · 2012-07-25 12:07:15 3
  • Getting a list of active addresses in your own network.

    You can substitute 10.10.10.* by your own network. Or whatever nmap accepts, inlcluding submask. Show Sample Output


    0
    nmap -n -sP -oG - 10.10.10.*/32 | grep ": Up" | cut -d' ' -f2
    insaneisnotfree · 2012-08-13 15:37:21 11
  • Look for free ip's in a given /24 subnet.

    The command will make it easy to determine free IP ranges in a crowded sub-net. Show Sample Output


    0
    SUBNET="192.168.41" ; diff -y <(nmap -sP -n ${SUBNET}.0/24 | grep ${SUBNET}. | awk '{print $5}' | sort -t"." -k4 -n) <(for i in $(seq 1 254); do echo ${SUBNET}.$i; done)
    michel_p · 2012-08-28 09:11:18 4
  • Show alive host on network


    0
    nmap -sP 192.168.0.* | grep Host | tr "(" ")" | cut -d\) -f2
    szimbaro · 2013-02-27 12:40:45 4
  • Get a list of all valid ip address in a local network?

    you need to have nmap installed sudo apt-get install nmap -y sudo yum install nmap -y Show Sample Output


    0
    nmap -sP 192.168.1.*
    narven · 2014-07-08 08:39:14 8
  • nmap scan hosts for IP, MAC Address and device Vendor/Manufacturer

    In the field, I needed to script a process to scan a specific vendor devices in the network. With the help of nmap, I got all the devices of that particular vendor, and started a scripted netcat session to download configuration files from a tftp server. This is the nmap loop (part of the script). You can however, add another pipe with grep to filter the vendor/manufacturer devices only. If want to check the whole script, check in http://pastebin.com/ju7h4Xf4 Show Sample Output


    0
    nmap -sP 10.0.0.0/8 | grep -v "Host" | tail -n +3 | tr '\n' ' ' | sed 's|Nmap|\nNmap|g' | grep "MAC Address" | cut -d " " -f5,8-15
    jaimerosario · 2014-12-26 18:31:53 13
  • Scan all available IP addresses on network


    0
    nmap -sP $(ip -o addr show | grep inet\ | grep eth | cut -d\ -f 7)
    richihiatus · 2015-04-03 21:29:59 9
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>> test02
    h_kaur2 · 2015-11-13 13:28:35 11
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>>
    h_kaur2 · 2015-11-13 13:31:14 10
  • Dump top 10 ports tcp/udp from nmap

    To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output


    0
    nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'
    operat0r · 2020-02-06 12:59:24 94
  • Get newest Nmap source code tarball URL.


    0
    curl -Ls https://nmap.org/dist/ | sed -En '/nmap.*tgz/s@^.*href="([^"]+)".*$@https://nmap.org/dist/\1@p' | tail -n1
    akanehara · 2017-02-10 05:46:27 20
  • nmap check alivr hosts


    0
    nmap -sP 192.168.0.1/24
    aysadk · 2017-06-07 09:52:11 17
  • scan local network for SSH-able computers


    0
    nmap -sS -p 22 192.168.1.0/24
    aysadk · 2017-07-18 12:34:20 18
  • nmap discorvery network on port 80


    0
    nmap -p 80 -T5 -n -min-parallelism 100 --open 192.168.1.0/24
    aysadk · 2017-07-18 12:40:52 16
  • nmap get ip and hostname of scanned networks


    0
    nmap -sL 192.168.3.0/24
    aysadk · 2017-07-18 13:15:19 18
  •  < 1 2 3 4 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Transfer SSH public key to another machine in one step
This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account's ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.

Write comments to your history.
A null operation with the name 'comment', allowing comments to be written to HISTFILE. Prepending '#' to a command will *not* write the command to the history file, although it will be available for the current session, thus '#' is not useful for keeping track of comments past the current session.

Read aloud a text file in Mac OS X

Count number of files in a directory
Just want to post a Perl alternative. Does not count hidden files ('.' ones).

Download all PDFs from an authenificated website
Replace *** with the appropiate values

Multi-thread any command
For instance: $ find . -type f -name '*.wav' -print0 |xargs -0 -P 3 -n 1 flac -V8 will encode all .wav files into FLAC in parallel. Explanation of xargs flags: -P [max-procs]: Max number of invocations to run at once. Set to 0 to run all at once [potentially dangerous re: excessive RAM usage]. -n [max-args]: Max number of arguments from the list to send to each invocation. -0: Stdin is a null-terminated list. I use xargs to build parallel-processing frameworks into my scripts like the one here: http://pastebin.com/1GvcifYa

disable caps lock
a quick one-line way to disable caps lock while running X.

Image to color palette generator
Extract a color palette from a image useful for designers. Example usage: $extract-palette myawesomeimage.jpg 4 Where the first argument is the image you want to extract a palette from. The second argument is the number of colors you want. It may be the case where you want to change the search space. In that case, change the -resize argument to a bigger or smaller result. See the ImageMagick documentation for the -resize argument.

Setting reserved blocks percentage to 1%
According to tune2fs manual, reserved blocks are designed to keep your system from failing when you run out of space. Its reserves space for privileged processes such as daemons (like syslogd, for ex.) and other root level processes; also the reserved space can prevent the filesystem from fragmenting as it fills up. By default this is 5% regardless of the size of the partition. http://www.ducea.com/2008/03/04/ext3-reserved-blocks-percentage/

Show apps that use internet connection at the moment.
show only the name of the apps that are using internet

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: