Nmap

A bunch of nmap flags because I often forget.

Detection Link to heading

• -A - All the host detection stuff
• -sV - Attempts to fingerprint services on ports
• -sn - No port scanning, only discover hosts. Example command to discover hosts on the network:

nmap -sn ip_block/subnet

Ports Link to heading

• -p- - Scan all ports
• -p80,443 - Scan port 80 and 443
• -p1-100 - Scan ports 1 to 100
• F - Scan the top 100 most popular ports (Nmap defaults to 1000)

Timing templates Link to heading

A flag to set underlying timeouts for stuff based on the network

https://nmap.org/book/performance-timing-templates.html

Defaults to -T3, -T4 is often nice on a ~decent~ network and may result in some speed ups if it is.

Example network scan Link to heading

Get internal address

ifconfig

Scan for hosts

nmap -sn ip_block/subnet

Then scan hosts with either of the following

nmap -sV -p- ip
nmap -A -T4 -p- ip

Also can easily check for things like exposed internal panels by curling it

curl http://ip