Commands tagged nmap (19)

  • scan whole specific network for active online ips Show Sample Output


    8
    nmap -n -sn 192.168.1.0/24 -oG - | awk '/Up$/{print $2}'
    aysadk · 2019-09-04 13:31:53 239
  • nmap for windows and other platforms is available on developer's site: http://nmap.org/download.html nmap is robust tool with many options and has various output modes - is the best (imho) tool out there.. from nmap 5.21 man page: -oN/-oX/-oS/-oG : Output scan in normal, XML, s| Show Sample Output


    6
    nmap -v -sP 192.168.0.0/16 10.0.0.0/8
    anapsix · 2010-07-14 19:53:02 4
  • Using NMAP to check to see if port 22(SSH) is open on servers and network devices. Show Sample Output


    6
    nmap -oG - -T4 -p22 -v 192.168.0.254 | grep ssh
    SeeFor · 2011-01-11 16:12:23 5

  • 6
    nmap --iflist
    bandie91 · 2013-06-22 10:50:43 10
  • This command uses nmap to perform reverse DNS lookups on a subnet. It produces a list of IP addresses with the corresponding PTR record for a given subnet. You can enter the subnet in CDIR notation (i.e. /24 for a Class C)). You could add "--dns-servers x.x.x.x" after the "-sL" if you need the lookups to be performed on a specific DNS server. On some installations nmap needs sudo I believe. Also I hope awk is standard on most distros. Show Sample Output


    4
    nmap -R -sL 209.85.229.99/27 | awk '{if($3=="not")print"("$2") no PTR";else print$3" is "$2}' | grep '('
    netsaint · 2009-09-02 16:33:15 5
  • Shows how many Windows and Linux devices are on your network. May add support for others, but that's all that are on my network right now. Show Sample Output


    3
    sudo nmap -F -O 192.168.1.1-255 | grep "Running: " > /tmp/os; echo "$(cat /tmp/os | grep Linux | wc -l) Linux device(s)"; echo "$(cat /tmp/os | grep Windows | wc -l) Window(s) devices"
    matthewbauer · 2010-01-10 03:09:56 6

  • 3
    nmap -sP 192.168.1.0/24
    harpo · 2014-11-07 12:15:06 8

  • 2
    nmap -sn 192.168.1.0/24
    pdxdoughnut · 2014-01-28 23:32:18 13
  • Will report back IP address's of all hosts that are UP. Show Sample Output


    2
    fping -ga 192.168.1.0/24 2> /dev/null
    netaxiz · 2014-01-31 19:19:19 12

  • 2
    nmap -sP 192.168.0.0/24
    snaguber · 2021-04-25 19:48:43 161
  • populate the auth.hosts file with a list of IP addresses that are authorized to be in use and when you run this command it will return the addresses that are pingable and not in the authorized list. Can be combined with the "Command line Twitter" command to tweet unauthorized access. Show Sample Output


    1
    diff <(nmap -sP 192.168.1.0/24 | grep ^Host | sed 's/.appears to be up.//g' | sed 's/Host //g') auth.hosts | sed 's/[0-9][a-z,A-Z][0-9]$//' | sed 's/</UNAUTHORIZED IP -/g'
    bandit36 · 2009-03-12 05:28:08 9
  • TCP Connect scanning for localhost and network 192.168.0.0/24 Show Sample Output


    1
    nmap -v -sT 192.168.0.0/24
    Dhinesh · 2011-11-19 07:06:52 20
  • the command for the impatient sysadmin: simply checks every five secs, if a host or a specific service running on it is up. ideal for hosts that are configured not to respond on pings. Show Sample Output


    0
    while true; do clear; nmap ${hostname} -PN -p ${hostport}; sleep 5; done
    flokra · 2009-08-14 20:19:59 3
  • Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output


    0
    nmap -sT -PN -vv <target ip>
    Richie086 · 2011-07-22 02:37:19 9
  • Check to see if a port is open or closed on a given host. Show Sample Output


    0
    checkport() { sudo nmap -sS -p $1 $2 }
    peterRepeater · 2011-12-13 11:46:15 8
  • Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output


    0
    nmap -sL 74.125.237.1/24
    the_wanderer · 2012-05-30 00:51:20 5

  • 0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>> test02
    h_kaur2 · 2015-11-13 13:28:35 11

  • 0
    nmap -n 10.0.0.50 | grep udp | cut -d":"-f3>>
    h_kaur2 · 2015-11-13 13:31:14 10
  • Displays live hosts on the same network as the local machine with their hostnames and IP addresses. This command is IPv6 and multiple network adapter safe and does not rely on awk or sed, however it requires the "nmap" package installed. Might not work on OSX. Example alias for shell startup file: alias livehosts='nmap -sP "$(ip -4 -o route get 1 | cut -d " " -f 7)"/24 | grep report | cut -d " " -f 5-' Show Sample Output


    -2
    nmap -sP "$(ip -4 -o route get 1 | cut -d ' ' -f 7)"/24 | grep report | cut -d ' ' -f 5-
    lordtoran · 2019-02-01 03:52:02 33

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

shell function which allows you to tag files by creating symbolic links directories in a 'tags' folder.
shell function which allows you to tag files by creating symbolic links directories in a 'tags' folder. The tag function takes a tag name as its first argument, then a list of files which take that tag. The directory $HOME/tags/tagname will then hold symbolic links to each of the tagged files. This function was modified from bartonski's (http://www.commandlinefu.com/commands/view/10216) inspired by tmsu (found at https://bitbucket.org/oniony/tmsu/wiki/Home) with readlink function by flxndn (http://www.commandlinefu.com/commands/view/10222). Example: $ tag dog airedale.txt .shizturc weimeraner.pl This will create $HOME/tags/dog which contains symbolic links to airedale.txt .shizturc and weimeraner.pl

TCPDUMP & Save Capture to Remote Server w/ GZIP
NOTE: When opening the files you might need to strip the very top line with notepad++ as its a mistake header This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 "cat - | gzip > /tmp/eth0.pcap.gz" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/eth0-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1

List all active access_logs for currently running Apache or Lighttpd process
Ever logged into a *nix box and needed to know which webserver is running and where all the current access_log files are? Run this one liner to find out. Works for Apache or Lighttpd as long as CustomLog name is somewhat standard. HINT: works great as input into for loop, like this: $ for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ; do echo $i; done Very useful for triage on unfamiliar servers!

Do quick arithmetic on numbers from STDIN with any formatting using a perl one liner.
Good for summing the numbers embedded in text - a food journal entry for example with calories listed per food where you want the total calories. Use this to monitor and keep a total on anything that ouputs numbers.

list block devices
Shows all block devices in a tree with descruptions of what they are.

Get the Last tweet (Better than Twitter feed rrs)
I was using some twitter bots and twitter bloks my IP. Now im using some proxys and i use these command to validate the tweet was published.

Create named LUKS encrypted volume
You need to be root to do this. So check the command before running it. You enter the same password for Enter LUKS passphrase: Verify passphrase: Enter passphrase for /dev/loopn: ___ You can then copy the .img file to somewhere else. Loop it it with losetup -f IMAGENAME.img and then mount it with a file manager (eg nemo) or run mount /dev/loopn /media/mountfolder Acts similar to a mounted flash drive

grep (or anything else) many files with multiprocessor power
Parallel does not suffer from the risk of mixing of output that xargs suffers from. -j+0 will run as many jobs in parallel as you have cores. With parallel you only need -0 (and -print0) if your filenames contain a '\n'. Parallel is from https://savannah.nongnu.org/projects/parallel/

list block devices
Shows all block devices in a tree with descruptions of what they are.

Find the package that installed a command


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: