cf7/ittavern.com
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

DEL HTML anchors from posts as they are going to be added automaticly with new ssg

Browse source
This commit is contained in:
Caffeine Fueled 2025-10-27 20:20:04 +01:00
parent 3484b45045
commit 3d28d5eee9
Signed by: cf7
GPG key ID: CA295D643074C68C
26 changed files with 263 additions and 263 deletions
Download patch file Download diff file Expand all files Collapse all files

20
items/2022-12-12_long_getting-started-with-nmap.md
View file

@ -15,7 +15,7 @@ I'll show you the basics of nmap in this post. This is more than enough to get s
**Important**: I recommend using nmap as **root** since not all scans are available for non-root users. The kernel constrain standard users from using all functions of the NIC.
## Specify the hosts or networks to scan <a href="#target" id="target">#</a>
## Specify the hosts or networks to scan
You'll start by defining the range of the scan. This is mandatory and there are multiple ways to do it.
@ -44,7 +44,7 @@ Nmap would scan 3 hosts.
Choose a random number of hosts within a chosen range:
: `nmap 10.10.10.0/24 -iR 5`
#### Exclude hosts and networks from scans <a href="#target-exclusion" id="target-exclusion">#</a>
#### Exclude hosts and networks from scans
Choose hosts or networks that should be excluded:
: `nmap 192.168.0.0/24 --exclude 192.168.0.2`
@ -52,7 +52,7 @@ Choose hosts or networks that should be excluded:
Use a file with a list of exclusions:
: `nmap 10.10.10.0/24 --excludefile /path/to/file.txt`
## SPECIFIC PORT RANGES <a href="#ports" id="ports">#</a>
## SPECIFIC PORT RANGES
**Side note**: Without a flag, it runs the 1000 common TCP ports by default. [Source](https://nmap.org/book/port-scanning.html)
@ -88,7 +88,7 @@ If you only want to scan UDP ports, use the `-sU` flag to do so.
I am not familiar with it, but you can work with protocol names like this:
: `nmap 10.10.10.0/24 -p smtp` *# Thanks to k3vinw*
#### Exlude ports from scan <a href="#ports-exclusion" id="ports-explusion">#</a>
#### Exlude ports from scan
Simply us the `--exlude-ports` option and the ports / port range:
: `nmap 10.10.10.1 -p 1-100 --exlude-ports 22,53`
@ -99,7 +99,7 @@ Simply us the `--exlude-ports` option and the ports / port range:
Use the `-g` flag to specify the source port of the scan:
: `nmap 10.10.10.1 -g 12345`
## Save output to file <a href="#output" id="output">#</a>
## Save output to file
There are 3 formats you can pick between:
@ -117,7 +117,7 @@ Saves output of ALL 3 formats:
If you want to append the results to a file, simply add the `--append-output` option to the command.
## Port states <a href="#port-states" id="port-states">#</a>
## Port states
Nmap distinguishes the state of the port in six categories. This section is copied from the [official documentation](https://nmap.org/book/man-port-scanning-basics.html) since it is explained really well.
@ -145,7 +145,7 @@ Nmap distinguishes the state of the port in six categories. This section is copi
> This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
## Scan timing / timing templates <a href="#scan-timing" id="scan-timing">#</a>
## Scan timing / timing templates
With these timing templates, you can decide how aggressively and fast you want to scan your targets. The lower the number, the slower scan and vice versa. You can choose them with the `-T` flag like this:
: `-T0` paranoid
@ -159,7 +159,7 @@ With these timing templates, you can decide how aggressively and fast you want t
A detailed table of differences can be found in the [official documentation](https://nmap.org/book/performance-timing-templates.html)
## Scripts <a href="#scripts" id="scripts">#</a>
## Scripts
**Disclaimer + Important:** Scripts are not run in a sandbox and thus could accidentally or maliciously damage your system or invade your privacy. Never run scripts from third parties unless you trust the authors or have carefully audited the scripts yourself.
@ -177,7 +177,7 @@ Often enough scripts are used to find vulnerabilities. One example can be found
For more information about scripts for nmap, check out the following blog post: [Getting started with nmap scripts](https://ittavern.com/getting-started-with-nmap-scripts/)
## Helpful additional scan options <a href="#more-options" id="more-options">#</a>
## Helpful additional scan options
Verbosity of the scan:
: `-v` / `-vv` / `-vvv`
@ -246,7 +246,7 @@ TCP ACK Ping use
: *Port 40125 is the default, if no port entered*
#### IDS/ FW Evasion <a href="#evasion" id="evasion">#</a>
#### IDS/ FW Evasion
This is a topic for another time and unnecessary for beginners, but just some IDS/FW evasion methods.