Commands matching nmap (86)

  • How to check webserver by Nikto

    This is wonderful perl script to check the web server security and vulnerability .Get it from here :http://www.cirt.net/nikto2 Here are some key features of "Nikto": ? Uses rfp's LibWhisker as a base for all network funtionality ? Main scan database in CSV format for easy updates ? Determines "OK" vs "NOT FOUND" responses for each server, if possible ? Determines CGI directories for each server, if possible ? Switch HTTP versions as needed so that the server understands requests properly ? SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL) ? Output to file in plain text, HTML or CSV ? Generic and "server type" specific checks ? Plugin support (standard PERL) ? Checks for outdated server software ? Proxy support (with authentication) ? Host authentication (Basic) ? Watches for "bogus" OK responses ? Attempts to perform educated guesses for Authentication realms ? Captures/prints any Cookies received ? Mutate mode to "go fishing" on web servers for odd items ? Builds Mutate checks based on robots.txt entries (if present) ? Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available) ? Multiple IDS evasion techniques ? Users can add a custom scan database ? Supports automatic code/check updates (with web access) ? Multiple host/port scanning (scan list files) ? Username guessing plugin via the cgiwrap program and Apache ~user methods Show Sample Output


    0
    nikto.pl -h yourwebserver
    unixbhaskar · 2009-08-29 04:54:43 8
  • Backup a file with a date-time stamp

    "infix" version in bash (4.x+) Remove -v to make it silent. BTW: The OP forgot to use "cat" and "nmap" ;-) I had a good laugh though. Show Sample Output


    0
    buf() { f=${1%%.*};e=${1/$f/};cp -v $1 $f-$(date +"%Y%m%d_%H%M%S")$e;}
    unefunge · 2010-12-15 09:50:04 3
  • sort a list of comma separated numbers: sort_csn

    "sort_csn" is a function to sort a comma separated list of numbers. Define the the function with this: sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } Use the function like this: sort_csn 443,22,80,8200,1533,21,1723,1352,25 21,22,25,80,443,1352,1533,1723,8200 One example where this is useful is when port scanning with nmap and getting a list of open ports in random order. If you use Nessus, you may need to create a scan policy for that set of specific ports and it is clearer to read with the port numbers in ascending order (left to right). Caveat: no spaces in the comma separated list (just number1,number2,number3,etc). A variation of this to sort a comma separated list of strings: sort_css () { echo "${1}" | sed -e "s/,/\n/g"| sort -u | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; } usage: sort_css apples,pears,grapes,melons,oranges apples,grapes,melons,oranges,pears Show Sample Output


    0
    sort_csn () { echo "${1}" | sed -e "s/,/\n/g"| sort -nu | awk '{printf("%s,",$0)} END {printf("\n")}' | sed -e "s/,$//"; }
    mpb · 2011-01-26 15:18:08 5
  • Nmap find open TCP/IP ports for a target that is blocking ping

    Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output


    0
    nmap -sT -PN -vv <target ip>
    Richie086 · 2011-07-22 02:37:19 8
  • List services running on each open port


    0
    nmap -T Aggressive -A -v 127.0.0.1 -p 1-65000
    nzimas · 2011-10-30 15:16:35 3
  • Check a port's state on a given host

    Check to see if a port is open or closed on a given host. Show Sample Output


    0
    checkport() { sudo nmap -sS -p $1 $2 }
    peterRepeater · 2011-12-13 11:46:15 7
  • A list of IPs (only) that are online in a specific subnet.

    Often you want to nmap a list of IPs using the -iL flag. This is an easy way to generate a list of IPs that are online in a specific subnet or IP range (192.168.1.100-110). Show Sample Output


    0
    nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}'
    cantormath · 2011-12-31 15:50:22 3
  • Get list of servers with a specific port open


    0
    nmap -sT -p 80 --open 192.168.1.1/24
    smiles · 2012-03-13 01:43:59 3
  • Find resolvable hosts in subnet

    Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output


    0
    nmap -sL 74.125.237.1/24
    the_wanderer · 2012-05-30 00:51:20 4
  • scan subnet for used IPs

    Does a ping scan on the local subnet and returns the IPs that are up Show Sample Output


    0
    nmap -T4 -sn 192.168.1.0/24
    drewbled · 2012-06-19 17:07:24 3
  • Ping sweep without NMAP

    This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the "-W" option as that's not available in older ping versions (I needed this for OS X 10.5)


    0
    prefix="169.254" && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c "ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \"icmp\" &" ; done; done
    tempelorg · 2012-07-25 12:07:15 3
  • Getting a list of active addresses in your own network.

    You can substitute 10.10.10.* by your own network. Or whatever nmap accepts, inlcluding submask. Show Sample Output


    0
    nmap -n -sP -oG - 10.10.10.*/32 | grep ": Up" | cut -d' ' -f2
    insaneisnotfree · 2012-08-13 15:37:21 11
  • Look for free ip's in a given /24 subnet.

    The command will make it easy to determine free IP ranges in a crowded sub-net. Show Sample Output


    0
    SUBNET="192.168.41" ; diff -y <(nmap -sP -n ${SUBNET}.0/24 | grep ${SUBNET}. | awk '{print $5}' | sort -t"." -k4 -n) <(for i in $(seq 1 254); do echo ${SUBNET}.$i; done)
    michel_p · 2012-08-28 09:11:18 4
  • Show alive host on network


    0
    nmap -sP 192.168.0.* | grep Host | tr "(" ")" | cut -d\) -f2
    szimbaro · 2013-02-27 12:40:45 4
  • Get a list of all valid ip address in a local network?

    you need to have nmap installed sudo apt-get install nmap -y sudo yum install nmap -y Show Sample Output


    0
    nmap -sP 192.168.1.*
    narven · 2014-07-08 08:39:14 8
  • nmap scan hosts for IP, MAC Address and device Vendor/Manufacturer

    In the field, I needed to script a process to scan a specific vendor devices in the network. With the help of nmap, I got all the devices of that particular vendor, and started a scripted netcat session to download configuration files from a tftp server. This is the nmap loop (part of the script). You can however, add another pipe with grep to filter the vendor/manufacturer devices only. If want to check the whole script, check in http://pastebin.com/ju7h4Xf4 Show Sample Output


    0
    nmap -sP 10.0.0.0/8 | grep -v "Host" | tail -n +3 | tr '\n' ' ' | sed 's|Nmap|\nNmap|g' | grep "MAC Address" | cut -d " " -f5,8-15
    jaimerosario · 2014-12-26 18:31:53 13
  • Scan all available IP addresses on network


    0
    nmap -sP $(ip -o addr show | grep inet\ | grep eth | cut -d\ -f 7)
    richihiatus · 2015-04-03 21:29:59 9
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>> test02
    h_kaur2 · 2015-11-13 13:28:35 11
  • Using NMAP to check if a port is open or close


    0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>>
    h_kaur2 · 2015-11-13 13:31:14 10
  • Dump top 10 ports tcp/udp from nmap

    To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output


    0
    nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'
    operat0r · 2020-02-06 12:59:24 94
  • Get newest Nmap source code tarball URL.


    0
    curl -Ls https://nmap.org/dist/ | sed -En '/nmap.*tgz/s@^.*href="([^"]+)".*$@https://nmap.org/dist/\1@p' | tail -n1
    akanehara · 2017-02-10 05:46:27 20
  • nmap check alivr hosts


    0
    nmap -sP 192.168.0.1/24
    aysadk · 2017-06-07 09:52:11 17
  • scan local network for SSH-able computers


    0
    nmap -sS -p 22 192.168.1.0/24
    aysadk · 2017-07-18 12:34:20 18
  • nmap discorvery network on port 80


    0
    nmap -p 80 -T5 -n -min-parallelism 100 --open 192.168.1.0/24
    aysadk · 2017-07-18 12:40:52 16
  • nmap get ip and hostname of scanned networks


    0
    nmap -sL 192.168.3.0/24
    aysadk · 2017-07-18 13:15:19 18
  •  < 1 2 3 4 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Backup with versioning
Apart from an exact copy of your recent contents, also keep all earlier versions of files and folders that were modified or deleted. Inspired by EVACopy http://evacopy.sourceforge.net

Unlock your KDE4 session remotely (for boxes locked by KDE lock utility)
Do the unlock KDE screen saver locked session with lightdm display manager used in Kubuntu 12.10 +

Determine next available UID
Typical usage would be in a script that would want the next open UID in a range (in this case 500-600)

Find name of package which installed a given shell command
Some command names are very different from the name of the package that installed them. Sometimes, you may want to find out the name of the package that provided a command on a system, so that you can install it on another system.

old man's advice

Sort installed rpms in alphabetic order with their size.

Check Ram Speed and Type in Linux
from http://maysayadkaba.blogspot.com/2008/08/linux-check-ram-speed-and-type.html

Show CPU usage for EACH cores

Normalize volume in your mp3 library
This normalizes volume in your mp3 library, but uses mp3gain's "album" mode. This applies a gain change to all files from each directory (which are presumed to be from the same album) - so their volume relative to one another is changed, while the average album volume is normalized. This is done because if one track from an album is quieter or louder than the others, it was probably meant to be that way.

batch convert Nikon RAW (nef) images to JPG
converts RAW files from a Nikon DSLR to jpg for easy viewing etc. requires ufraw package

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: