Commands matching nmap (86)

  • How to check webserver by Nikto

    This is wonderful perl script to check the web server security and vulnerability .Get it from here :http://www.cirt.net/nikto2 Here are some key features of "Nikto": ? Uses rfp's LibWhisker as a base for all network funtionality ? Main scan database in CSV format for easy updates ? Determines "OK" vs "NOT FOUND" responses for each server, if possible ? Determines CGI directories for each server, if possible ? Switch HTTP versions as needed so that the server understands requests properly ? SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL) ? Output to file in plain text, HTML or CSV ? Generic and "server type" specific checks ? Plugin support (standard PERL) ? Checks for outdated server software ? Proxy support (with authentication) ? Host authentication (Basic) ? Watches for "bogus" OK responses ? Attempts to perform educated guesses for Authentication realms ? Captures/prints any Cookies received ? Mutate mode to "go fishing" on web servers for odd items ? Builds Mutate checks based on robots.txt entries (if present) ? Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available) ? Multiple IDS evasion techniques ? Users can add a custom scan database ? Supports automatic code/check updates (with web access) ? Multiple host/port scanning (scan list files) ? Username guessing plugin via the cgiwrap program and Apache ~user methods Show Sample Output


    0
    nikto.pl -h yourwebserver
    unixbhaskar · 2009-08-29 04:54:43 8
  • Backup a file with a date-time stamp

    "infix" version in bash (4.x+) Remove -v to make it silent. BTW: The OP forgot to use "cat" and "nmap" ;-) I had a good laugh though. Show Sample Output


    0
    buf() { f=${1%%.*};e=${1/$f/};cp -v $1 $f-$(date +"%Y%m%d_%H%M%S")$e;}
    unefunge · 2010-12-15 09:50:04 3
  • sort a list of comma separated numbers: sort_csn

    "sort_csn" is a function to sort a comma separated list of numbers. Define the the function with this: sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } Use the function like this: sort_csn 443,22,80,8200,1533,21,1723,1352,25 21,22,25,80,443,1352,1533,1723,8200 One example where this is useful is when port scanning with nmap and getting a list of open ports in random order. If you use Nessus, you may need to create a scan policy for that set of specific ports and it is clearer to read with the port numbers in ascending order (left to right). Caveat: no spaces in the comma separated list (just number1,number2,number3,etc). A variation of this to sort a comma separated list of strings: sort_css () { echo "${1}" | sed -e "s/,/\n/g"| sort -u | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } usage: sort_css apples,pears,grapes,melons,oranges apples,grapes,melons,oranges,pears Show Sample Output


    0
    sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; }
    mpb · 2011-01-26 15:18:08 5
  • Nmap find open TCP/IP ports for a target that is blocking ping

    Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output


    0
    nmap -sT -PN -vv <target ip>
    Richie086 · 2011-07-22 02:37:19 8
  • List services running on each open port


    0
    nmap -T Aggressive -A -v 127.0.0.1 -p 1-65000
    nzimas · 2011-10-30 15:16:35 3
  • Check a port's state on a given host

    Check to see if a port is open or closed on a given host. Show Sample Output


    0
    checkport() { sudo nmap -sS -p $1 $2 }
    peterRepeater · 2011-12-13 11:46:15 7
  • A list of IPs (only) that are online in a specific subnet.

    Often you want to nmap a list of IPs using the -iL flag. This is an easy way to generate a list of IPs that are online in a specific subnet or IP range (192.168.1.100-110). Show Sample Output


    0
    nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}'
    cantormath · 2011-12-31 15:50:22 3
  • Get list of servers with a specific port open


    0
    nmap -sT -p 80 --open 192.168.1.1/24
    smiles · 2012-03-13 01:43:59 3
  • Find resolvable hosts in subnet

    Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output


    0
    nmap -sL 74.125.237.1/24
    the_wanderer · 2012-05-30 00:51:20 4
  • scan subnet for used IPs

    Does a ping scan on the local subnet and returns the IPs that are up Show Sample Output


    0
    nmap -T4 -sn 192.168.1.0/24
    drewbled · 2012-06-19 17:07:24 3
  • Ping sweep without NMAP

    This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the "-W" option as that's not available in older ping versions (I needed this for OS X 10.5)


    0
    prefix="169.254" && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c "ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \"icmp\" &" ; done; done
    tempelorg · 2012-07-25 12:07:15 3
  • Getting a list of active addresses in your own network.

    You can substitute 10.10.10.* by your own network. Or whatever nmap accepts, inlcluding submask. Show Sample Output


    0
    nmap -n -sP -oG - 10.10.10.*/32 | grep ": Up" | cut -d' ' -f2
    insaneisnotfree · 2012-08-13 15:37:21 11
  • Look for free ip's in a given /24 subnet.

    The command will make it easy to determine free IP ranges in a crowded sub-net. Show Sample Output


    0
    SUBNET="192.168.41" ; diff -y <(nmap -sP -n ${SUBNET}.0/24 | grep ${SUBNET}. | awk '{print $5}' | sort -t"." -k4 -n) <(for i in $(seq 1 254); do echo ${SUBNET}.$i; done)
    michel_p · 2012-08-28 09:11:18 4
  • Show alive host on network


    0
    nmap -sP 192.168.0.* | grep Host | tr "(" ")" | cut -d\) -f2
    szimbaro · 2013-02-27 12:40:45 4
  • Get a list of all valid ip address in a local network?

    you need to have nmap installed sudo apt-get install nmap -y sudo yum install nmap -y Show Sample Output


    0
    nmap -sP 192.168.1.*
    narven · 2014-07-08 08:39:14 8
  • nmap scan hosts for IP, MAC Address and device Vendor/Manufacturer

    In the field, I needed to script a process to scan a specific vendor devices in the network. With the help of nmap, I got all the devices of that particular vendor, and started a scripted netcat session to download configuration files from a tftp server. This is the nmap loop (part of the script). You can however, add another pipe with grep to filter the vendor/manufacturer devices only. If want to check the whole script, check in http://pastebin.com/ju7h4Xf4 Show Sample Output


    0
    nmap -sP 10.0.0.0/8 | grep -v "Host" | tail -n +3 | tr '\n' ' ' | sed 's|Nmap|\nNmap|g' | grep "MAC Address" | cut -d " " -f5,8-15
    jaimerosario · 2014-12-26 18:31:53 13
  • Scan all available IP addresses on network


    0
    nmap -sP $(ip -o addr show | grep inet\ | grep eth | cut -d\ -f 7)
    richihiatus · 2015-04-03 21:29:59 9
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>> test02
    h_kaur2 · 2015-11-13 13:28:35 11
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>>
    h_kaur2 · 2015-11-13 13:31:14 10
  • Dump top 10 ports tcp/udp from nmap

    To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output


    0
    nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'
    operat0r · 2020-02-06 12:59:24 94
  • Get newest Nmap source code tarball URL.


    0
    curl -Ls https://nmap.org/dist/ | sed -En '/nmap.*tgz/s@^.*href="([^"]+)".*$@https://nmap.org/dist/\1@p' | tail -n1
    akanehara · 2017-02-10 05:46:27 20
  • nmap check alivr hosts


    0
    nmap -sP 192.168.0.1/24
    aysadk · 2017-06-07 09:52:11 17
  • scan local network for SSH-able computers


    0
    nmap -sS -p 22 192.168.1.0/24
    aysadk · 2017-07-18 12:34:20 18
  • nmap discorvery network on port 80


    0
    nmap -p 80 -T5 -n -min-parallelism 100 --open 192.168.1.0/24
    aysadk · 2017-07-18 12:40:52 16
  • nmap get ip and hostname of scanned networks


    0
    nmap -sL 192.168.3.0/24
    aysadk · 2017-07-18 13:15:19 18
  •  < 1 2 3 4 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Adding a startup script to be run at bootup Ubuntu
This script will run each time you boot up.The script must be in /etc/init.d directory.

Find the location of the currently loaded php.ini file
Quick and easy way to find out which php.ini file is being used. Especially useful if you just need to find the location of the file for editing purposes.

Assign top-level JSON entries to shell variables
A recursive version might be useful too. /dev/tty is used to show which shell variables just got defined.

extract audio from flv to mp3

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

Copy history from one terminal to another
Or just do history -w before opening another terminal.

Install pip with Proxy
Installs pip packages defining a proxy

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Place the argument of the most recent command on the shell
This works if your terminal is in Vi mode

Simple addicting bash game.
hold period (or whatever character) and hit enter after a second. You need to make the next line of periods the same length as the previous line... score starts at 0 and increase each time length of line is same.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: