Host Scanning
nmap
# Fast simple scan
nmap 10.11.1.111
# Nmap ultra fast
nmap 10.11.1.111 --max-retries 1 --min-rate 1000
# Get open ports
nmap -p - -Pn -n 10.10.10.10
# Comprehensive fast and accurate
nmap --top-ports 200 -sV -n --max-retries 2 -Pn --open -iL ips.txt -oA portscan_active
# Get sV from ports
nmap -pXX,XX,XX,XX,XX -Pn -sV -n 10.10.10.10
# Full complete slow scan with output
nmap -v -A -p- -Pn --script vuln -oA full 10.11.1.111
# Network filtering evasion
nmap --source-port 53 -p 5555 10.11.1.111
# If work, set IPTABLES to bind this port
iptables -t nat -A POSTROUTING -d 10.11.1.111 -p tcp -j SNAT --to :53
# Scan for UDP
nmap 10.11.1.111 -sU
nmap -sU -F -Pn -v -d -sC -sV --open --reason -T5 10.11.1.111
# FW evasion
nmap -f <IP>
nmap --mtu 24 <IP>
nmap --data-length 30 <IP>
nmap --source-port 53 <IP>
# Nmap better speed flags
--max-rtt-timeout: Time response per probe
--script-timeout: Time response per script
--host-timeout: Time response for host
--open: Avoid detection if filtered or closed
--min-rate
shodan
# https://cli.shodan.io/
shodan host 151.101.1.68
![](https://cyb3r.gitbook.io/~gitbook/image?url=https%3A%2F%2F3869391553-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FDMM6SCLTDlo5fkDXCdeU%252Fuploads%252Fgit-blob-3c025c7065923d6a6c207312369bfe836d684e65%252Fimage%2520%2827%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=86266a95&sv=2)
![](https://cyb3r.gitbook.io/~gitbook/image?url=https%3A%2F%2F3869391553-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FDMM6SCLTDlo5fkDXCdeU%252Fuploads%252Fgit-blob-615c18bdf1500bbdf37bdc36fb8a23cbfdca0248%252Fimage%2520%2844%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=279fb566&sv=2)
Last updated