A bunch of nmap flags because I often forget.
Detection Link to heading
-A
- All the host detection stuff-sV
- Attempts to fingerprint services on ports-sn
- No port scanning, only discover hosts. Example command to discover hosts on the network:
nmap -sn ip_block/subnet
Ports Link to heading
-p-
- Scan all ports-p80,443
- Scan port 80 and 443-p1-100
- Scan ports 1 to 100F
- Scan the top 100 most popular ports (Nmap defaults to 1000)
Timing templates Link to heading
A flag to set underlying timeouts for stuff based on the network
https://nmap.org/book/performance-timing-templates.html
Defaults to -T3
, -T4
is often nice on a ~decent~ network and may result in some speed ups if it is.
Example network scan Link to heading
Get internal address
ifconfig
Scan for hosts
nmap -sn ip_block/subnet
Then scan hosts with either of the following
nmap -sV -p- ip
nmap -A -T4 -p- ip
Also can easily check for things like exposed internal panels by curling it
curl http://ip