Commands matching nmap (86)
-
"infix" version in bash (4.x+) Remove -v to make it silent. BTW: The OP forgot to use "cat" and "nmap" ;-) I had a good laugh though. Show Sample Output
0buf() { f=${1%%.*};e=${1/$f/};cp -v $1 $f-$(date +"%Y%m%d_%H%M%S")$e;} -
"sort_csn" is a function to sort a comma separated list of numbers. Define the the function with this: sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } Use the function like this: sort_csn 443,22,80,8200,1533,21,1723,1352,25 21,22,25,80,443,1352,1533,1723,8200 One example where this is useful is when port scanning with nmap and getting a list of open ports in random order. If you use Nessus, you may need to create a scan policy for that set of specific ports and it is clearer to read with the port numbers in ascending order (left to right). Caveat: no spaces in the comma separated list (just number1,number2,number3,etc). A variation of this to sort a comma separated list of strings: sort_css () { echo "${1}" | sed -e "s/,/\n/g"| sort -u | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } usage: sort_css apples,pears,grapes,melons,oranges apples,grapes,melons,oranges,pears Show Sample Output
0sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } -
Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output
0nmap -sT -PN -vv <target ip> -
0nmap -T Aggressive -A -v 127.0.0.1 -p 1-65000
-
Check to see if a port is open or closed on a given host. Show Sample Output
0checkport() { sudo nmap -sS -p $1 $2 } -
Often you want to nmap a list of IPs using the -iL flag. This is an easy way to generate a list of IPs that are online in a specific subnet or IP range (192.168.1.100-110). Show Sample Output
0nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}' -
0nmap -sT -p 80 --open 192.168.1.1/24
-
Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output
0nmap -sL 74.125.237.1/24 -
Does a ping scan on the local subnet and returns the IPs that are up Show Sample Output
0nmap -T4 -sn 192.168.1.0/24 -
This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the "-W" option as that's not available in older ping versions (I needed this for OS X 10.5)
0prefix="169.254" && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c "ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \"icmp\" &" ; done; done -
You can substitute 10.10.10.* by your own network. Or whatever nmap accepts, inlcluding submask. Show Sample Output
0nmap -n -sP -oG - 10.10.10.*/32 | grep ": Up" | cut -d' ' -f2 -
The command will make it easy to determine free IP ranges in a crowded sub-net. Show Sample Output
0SUBNET="192.168.41" ; diff -y <(nmap -sP -n ${SUBNET}.0/24 | grep ${SUBNET}. | awk '{print $5}' | sort -t"." -k4 -n) <(for i in $(seq 1 254); do echo ${SUBNET}.$i; done) -
0nmap -sP 192.168.0.* | grep Host | tr "(" ")" | cut -d\) -f2
-
you need to have nmap installed sudo apt-get install nmap -y sudo yum install nmap -y Show Sample Output
0nmap -sP 192.168.1.* -
In the field, I needed to script a process to scan a specific vendor devices in the network. With the help of nmap, I got all the devices of that particular vendor, and started a scripted netcat session to download configuration files from a tftp server. This is the nmap loop (part of the script). You can however, add another pipe with grep to filter the vendor/manufacturer devices only. If want to check the whole script, check in http://pastebin.com/ju7h4Xf4 Show Sample Output
0nmap -sP 10.0.0.0/8 | grep -v "Host" | tail -n +3 | tr '\n' ' ' | sed 's|Nmap|\nNmap|g' | grep "MAC Address" | cut -d " " -f5,8-15 -
0nmap -sP $(ip -o addr show | grep inet\ | grep eth | cut -d\ -f 7)
-
0nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>> test02
-
0nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>>
-
To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output
0nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g' -
0curl -Ls https://nmap.org/dist/ | sed -En '/nmap.*tgz/s@^.*href="([^"]+)".*$@https://nmap.org/dist/\1@p' | tail -n1
-
0nmap -sn --system-dns 192.168.0.1-253
-
0nmap -sP 192.168.0.1/24
-
0nmap -sS -p 22 192.168.1.0/24
-
0nmap -p 80 -T5 -n -min-parallelism 100 --open 192.168.1.0/24
-
0nmap -sL 192.168.3.0/24
- < 1 2 3 4 >
What's this?
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Check These Out
Stay in the loop…
- Follow the Tweets.
-
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10 - Subscribe to the feeds.
-
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for:
- » all commands
- » commands with 3 up-votes (commandlinefu3)
- » commands with 10 up-votes (commandlinefu10)
- » commands matching nmap