Usage masscan : substitute for Nmap

AAT Team — Mon, 30 Oct 2017 09:58:43 +0000

Masscan is called as fastest TCP port scanner. It is similar to Nmap, a popular network scanner. Below is the list of commands that help you in using masscan. Click Here if you are interested in Most Asked Nmap Interview Questions asked by Big Companies.

1. Display help

#masscan -h

2. Scan

#masscan -p 0-65535 192.168.0.101

3. Capture output in grep (-oG), xml (-oX) etc

#masscan -p 0-65535 192.168.0.0/24 -oG test

4. Increase scan speed using ‘–rate’

#masscan -p 80 192.0.0.0/8 --rate 10000

5. Exclude and include host for scan in file

#masscan -p 80 453.43.4.1/24 --excludefile ExcFile
#masscan -p 80 453.43.4.1/24 --includefile IncFile

6. Put all commands in .conf file and scan with ‘-c’ command

Example:

Conclusion

Masscan is an awesome tool and the only single tool that is capable to replace Nmap. It is recommended to learn both tools in great detail as it helps you to identify more vulnerabilities in IT system.

The post Usage masscan : substitute for Nmap first appeared on All About Testing.

Nmap Cheat Sheet

AAT Team — Fri, 15 Sep 2017 09:22:54 +0000

Nmap stands for Network Mapper. It is used for scanning networks, finding hosts available in the network, finding ports that are open, firewall configurations, and other characteristics. Click Here if you are interested in Most Asked Nmap Interview Questions and Answers.

Nmap output gives information about scanned targets which includes whether the host is up or down, the state of ports (it may be open, filtered, closed, or unfiltered), OS versions, etc. Here is the list of important Nmap commands. It is advisable to use the Wireshark tool to see the behavior of the scan. Click Here if you are interested in learning How we can install Nmap on Windows machines.

Base Syntax

#nmap [ScanType] [Options] {Targets}

1. Scan a target

Target	Syntax/Example
Scan a Single IP	#nmap
Scan a multiple IPs	#nmap 192.168.1.104,108
Scan a Host	#nmap
Scan a range of IPs	#nmap 192.168.1.0-255
Scan using wildcard	#nmap 192.168.0.*
Scan a subnet	#nmap 192.168.0.1/24
Scan target from text file	#nmap -iL IPList.txt

2. Target Ports

Option Description	Syntax/Example
Scan a single port	#nmap -p 22
Scan a range of ports	#nmap -p 100-500
Scan multiple ports	#nmap -p 23,443
Scan 100 most popular ports	#nmap -F
Scan n most popular ports	#nmap --top-ports
Scan all 65535 ports	#nmap -p-
Leaving off end port in range makes Nmap scan through port 65535	#nmap -p0-
Scan linearly i.e. do not randomize ports	#nmap -r

3. Scan Types options

Scan Types Description	Syntax/Example
Syn Scan	#nmap -sS
TCP Connect Scan	#nmap -sT
UDP Scan	#nmap -sU
Version Scan	#nmap -sV
OS Detection	#nmap -O
Set custom list of TCP using “URGACKPSHRSTSYNFIN” in any order and combination	#nmap `--`scanflags URGSYN

4. Probing Options

Description	Syntax/Example
Don’t probe i.e. assuming all hosts are up	#nmap -Pn
Default probe (TCP, 80, 443 & ICMP)	#nmap -PB
Check whether targets are up by probing TCP ports	#nmap -PS
Use ICMP Echo Request	#nmap -PE
Use ICMP TimeStamp Request	#nmap -PP
Use ICMP Network Request	#nmap -PM

5. Aggregate Timing Options

Option Description	Syntax/Example
Very Slow, used for evasion from network administrator	#nmap -T0
Quite Slow, used for evasion from network administrator	#nmap -T1
Polite, use less bandwidth	#nmap -T2
Normal: Default	#nmap -T3
Aggressive: fast	#nmap -T4
Insane: Very Aggressive, may miss open ports	#nmap -T5

6. Output Formats

Option Description	Syntax/Example
Standard Nmap output	#nmap -oN
Greppable format	#nmap -oG
XML format	#nmap -oX
Generate Nmap, Greppable, and XML output files using basename	#nmap -oA

You can view generated output file by using the below command
#cat

7. Misc Options

Option Description	Syntax/Examples
Disable reverse IP address lookup	#nmap -n
Use IPv6	#nmap -6
Use for OS detection, Version detection, Script Scanning and traceroot	#nmap -A
Display reason Nmap thinks port is open, closed or filtered	#nmap --reason

8. Advanced Scripts

TCP syn scan(-sS) all ports (-p-) with speed (-T3) and results save in tcpscan.txt

#nmap -vv -Pn -sS -T3 -p- -oN /root/tcpscan.txt

UDP scan(-sU) all ports (-p-) with speed (-T3) and results save in udpscan.txt

#nmap -Pn --top-ports 1000 -sU -T3 -p- -oN /root/udpscan.txt

Nmap Scripting Engine

You can use different scripts available in the Nmap scripting engine to do various networking tasks. Below the Nmap command run all available scripts against the target IP.

#cd /usr/share/nmap/scripts
#nmap -vv -p 137 --script=all

Conclusion

NMap is considered the most powerful and reliable tool for vulnerability assessment and penetration testing. We have discussed many commands and scripts which help you to gain intensive knowledge of the target. The more you use Nmap, the more you will know the true potential of this tool.

The post Nmap Cheat Sheet first appeared on All About Testing.

nmap | All About Testing

Usage masscan : substitute for Nmap

1. Display help

2. Scan

3. Capture output in grep (-oG), xml (-oX) etc

4. Increase scan speed using ‘–rate’

5. Exclude and include host for scan in file

6. Put all commands in .conf file and scan with ‘-c’ command

Conclusion

Nmap Cheat Sheet

Base Syntax

1. Scan a target

2. Target Ports

3. Scan Types options

4. Probing Options

5. Aggregate Timing Options

6. Output Formats

7. Misc Options

8. Advanced Scripts

Nmap Scripting Engine

Conclusion