Commands matching nmap (86)

  • How to check webserver by Nikto

    This is wonderful perl script to check the web server security and vulnerability .Get it from here :http://www.cirt.net/nikto2 Here are some key features of "Nikto": ? Uses rfp's LibWhisker as a base for all network funtionality ? Main scan database in CSV format for easy updates ? Determines "OK" vs "NOT FOUND" responses for each server, if possible ? Determines CGI directories for each server, if possible ? Switch HTTP versions as needed so that the server understands requests properly ? SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL) ? Output to file in plain text, HTML or CSV ? Generic and "server type" specific checks ? Plugin support (standard PERL) ? Checks for outdated server software ? Proxy support (with authentication) ? Host authentication (Basic) ? Watches for "bogus" OK responses ? Attempts to perform educated guesses for Authentication realms ? Captures/prints any Cookies received ? Mutate mode to "go fishing" on web servers for odd items ? Builds Mutate checks based on robots.txt entries (if present) ? Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available) ? Multiple IDS evasion techniques ? Users can add a custom scan database ? Supports automatic code/check updates (with web access) ? Multiple host/port scanning (scan list files) ? Username guessing plugin via the cgiwrap program and Apache ~user methods Show Sample Output


    0
    nikto.pl -h yourwebserver
    unixbhaskar · 2009-08-29 04:54:43 8
  • Backup a file with a date-time stamp

    "infix" version in bash (4.x+) Remove -v to make it silent. BTW: The OP forgot to use "cat" and "nmap" ;-) I had a good laugh though. Show Sample Output


    0
    buf() { f=${1%%.*};e=${1/$f/};cp -v $1 $f-$(date +"%Y%m%d_%H%M%S")$e;}
    unefunge · 2010-12-15 09:50:04 3
  • sort a list of comma separated numbers: sort_csn

    "sort_csn" is a function to sort a comma separated list of numbers. Define the the function with this: sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } Use the function like this: sort_csn 443,22,80,8200,1533,21,1723,1352,25 21,22,25,80,443,1352,1533,1723,8200 One example where this is useful is when port scanning with nmap and getting a list of open ports in random order. If you use Nessus, you may need to create a scan policy for that set of specific ports and it is clearer to read with the port numbers in ascending order (left to right). Caveat: no spaces in the comma separated list (just number1,number2,number3,etc). A variation of this to sort a comma separated list of strings: sort_css () { echo "${1}" | sed -e "s/,/\n/g"| sort -u | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } usage: sort_css apples,pears,grapes,melons,oranges apples,grapes,melons,oranges,pears Show Sample Output


    0
    sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; }
    mpb · 2011-01-26 15:18:08 5
  • Nmap find open TCP/IP ports for a target that is blocking ping

    Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output


    0
    nmap -sT -PN -vv <target ip>
    Richie086 · 2011-07-22 02:37:19 8
  • List services running on each open port


    0
    nmap -T Aggressive -A -v 127.0.0.1 -p 1-65000
    nzimas · 2011-10-30 15:16:35 3
  • Check a port's state on a given host

    Check to see if a port is open or closed on a given host. Show Sample Output


    0
    checkport() { sudo nmap -sS -p $1 $2 }
    peterRepeater · 2011-12-13 11:46:15 7
  • A list of IPs (only) that are online in a specific subnet.

    Often you want to nmap a list of IPs using the -iL flag. This is an easy way to generate a list of IPs that are online in a specific subnet or IP range (192.168.1.100-110). Show Sample Output


    0
    nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}'
    cantormath · 2011-12-31 15:50:22 3
  • Get list of servers with a specific port open


    0
    nmap -sT -p 80 --open 192.168.1.1/24
    smiles · 2012-03-13 01:43:59 3
  • Find resolvable hosts in subnet

    Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output


    0
    nmap -sL 74.125.237.1/24
    the_wanderer · 2012-05-30 00:51:20 4
  • scan subnet for used IPs

    Does a ping scan on the local subnet and returns the IPs that are up Show Sample Output


    0
    nmap -T4 -sn 192.168.1.0/24
    drewbled · 2012-06-19 17:07:24 3
  • Ping sweep without NMAP

    This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the "-W" option as that's not available in older ping versions (I needed this for OS X 10.5)


    0
    prefix="169.254" && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c "ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \"icmp\" &" ; done; done
    tempelorg · 2012-07-25 12:07:15 3
  • Getting a list of active addresses in your own network.

    You can substitute 10.10.10.* by your own network. Or whatever nmap accepts, inlcluding submask. Show Sample Output


    0
    nmap -n -sP -oG - 10.10.10.*/32 | grep ": Up" | cut -d' ' -f2
    insaneisnotfree · 2012-08-13 15:37:21 11
  • Look for free ip's in a given /24 subnet.

    The command will make it easy to determine free IP ranges in a crowded sub-net. Show Sample Output


    0
    SUBNET="192.168.41" ; diff -y <(nmap -sP -n ${SUBNET}.0/24 | grep ${SUBNET}. | awk '{print $5}' | sort -t"." -k4 -n) <(for i in $(seq 1 254); do echo ${SUBNET}.$i; done)
    michel_p · 2012-08-28 09:11:18 4
  • Show alive host on network


    0
    nmap -sP 192.168.0.* | grep Host | tr "(" ")" | cut -d\) -f2
    szimbaro · 2013-02-27 12:40:45 4
  • Get a list of all valid ip address in a local network?

    you need to have nmap installed sudo apt-get install nmap -y sudo yum install nmap -y Show Sample Output


    0
    nmap -sP 192.168.1.*
    narven · 2014-07-08 08:39:14 8
  • nmap scan hosts for IP, MAC Address and device Vendor/Manufacturer

    In the field, I needed to script a process to scan a specific vendor devices in the network. With the help of nmap, I got all the devices of that particular vendor, and started a scripted netcat session to download configuration files from a tftp server. This is the nmap loop (part of the script). You can however, add another pipe with grep to filter the vendor/manufacturer devices only. If want to check the whole script, check in http://pastebin.com/ju7h4Xf4 Show Sample Output


    0
    nmap -sP 10.0.0.0/8 | grep -v "Host" | tail -n +3 | tr '\n' ' ' | sed 's|Nmap|\nNmap|g' | grep "MAC Address" | cut -d " " -f5,8-15
    jaimerosario · 2014-12-26 18:31:53 13
  • Scan all available IP addresses on network


    0
    nmap -sP $(ip -o addr show | grep inet\ | grep eth | cut -d\ -f 7)
    richihiatus · 2015-04-03 21:29:59 9
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>> test02
    h_kaur2 · 2015-11-13 13:28:35 11
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>>
    h_kaur2 · 2015-11-13 13:31:14 10
  • Dump top 10 ports tcp/udp from nmap

    To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output


    0
    nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'
    operat0r · 2020-02-06 12:59:24 94
  • Get newest Nmap source code tarball URL.


    0
    curl -Ls https://nmap.org/dist/ | sed -En '/nmap.*tgz/s@^.*href="([^"]+)".*$@https://nmap.org/dist/\1@p' | tail -n1
    akanehara · 2017-02-10 05:46:27 20
  • nmap check alivr hosts


    0
    nmap -sP 192.168.0.1/24
    aysadk · 2017-06-07 09:52:11 17
  • scan local network for SSH-able computers


    0
    nmap -sS -p 22 192.168.1.0/24
    aysadk · 2017-07-18 12:34:20 18
  • nmap discorvery network on port 80


    0
    nmap -p 80 -T5 -n -min-parallelism 100 --open 192.168.1.0/24
    aysadk · 2017-07-18 12:40:52 16
  • nmap get ip and hostname of scanned networks


    0
    nmap -sL 192.168.3.0/24
    aysadk · 2017-07-18 13:15:19 18
  •  < 1 2 3 4 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Adding Prefix to File name
Adding course name prefix to lecture pdfs

Rename all subtitles files with the same name of mp4 files in same folder
Use this command if you want to rename all subtitles for them to have the same name as the mp4 files. NOTE: The order of "ls -1 *.mp4" must match the order of "ls -1 *.srt", run the command bellow to make sure the *.srt files will really match the movies after run this command: paste -d:

Convert seconds to [DD:][HH:]MM:SS
Converts any number of seconds into days, hours, minutes and seconds. sec2dhms() { declare -i SS="$1" D=$(( SS / 86400 )) H=$(( SS % 86400 / 3600 )) M=$(( SS % 3600 / 60 )) S=$(( SS % 60 )) [ "$D" -gt 0 ] && echo -n "${D}:" [ "$H" -gt 0 ] && printf "%02g:" "$H" printf "%02g:%02g\n" "$M" "$S" }

Google Translate
$ translate [output-language] [source-language] 1) "some phrase" should be in quotes 2) [output-language] - optional (default: English) 3) [source-language] - optional (default: auto) $ translate "bonjour petit lapin" hello little rabbit $ translate "bonjour petit lapin" en hello little rabbit $ translate "bonjour petit lapin" en fr hello little rabbit

Calculate days on which Friday the 13th occurs (inspired from the work of the user justsomeguy)
Friday is the 5th day of the week, monday is the 1st. Output may be affected by locale.

Check if the LHC has destroyed the world
This says if the LHC has destroyed the world. Run it in a loop to monitor the state of Earth. Might not work reliable, if the world has actually been destroyed.

Use socat to emulate an SMTP mail SERVER
Lots of scripts show you how to use socat to send an email to an SMTP server; this command actually emulates an SMTP server! It assumes the client is only sending to one recipient, and it's not at all smart, but it'll capture the email into a log file and the client will stop retrying. I used this to diagnose what emails were being sent by cron and subsequently discarded, but you can use it for all sorts of things.

find the rpm package name that provides a specific file
For Linux distributions using rpm (eg Mandriva), this command will find the rpm package name that provides a file.

Redirect STDIN
Several times, I find myself hitting my up arrow, and changing the search term. Unfortunately, I find myself wasting too much time typing: $ grep kernel /var/log/messages Redirecting STDIN allows me to put the search term at the end so I less cursor movement to change what I'm searching for: $ < /var/log/messages grep kernel If you're using the emacs keyboard binding, then after you press your up arrow, press CTRL+w to erase the word. If this has already been submitted, I couldn't find it with the search utility.

dd with progress bar and statistics
Will automatically take the size of the file but longer, usefull only if in an function.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: