Nmap è uno dei tool più usati per la scansione delle porte (port scanning).
-
-sU: UDP Scan
-
TIMING: -T<0-5>: Set timing template (higher is faster)
-
-A: Enable OS detection, version detection, script scanning, and traceroute
-
-sS scansione di tipo TCP SYN
-
-v: Increase verbosity level (use -vv or more for greater effect)
-
-sV: Probe open ports to determine service/version info
-
-O: Enable OS detection
-
-p port ranges Only scan specified ports
-
-Pn: Treat all hosts as online -- skip host discovery
-
--min-rate <number>: Send packets no slower than <number> per second
-
-sn: Ping Scan - disable port scan
TODO: spiegazione delle varie opzioni
-
ports =
$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$ //) -
nmap -sC -sV -p$ports 10.10.10
Suddividiamo in varie fasi:
- nmap -p- --min-rate=1000 -T4 10.10.10.27
nmap -p- --min-rate=1000 -T4 10.10.0.2
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-19 21:59 CEST
Nmap scan report for 10.10.0.2
Host is up (0.00036s latency).
Not shown: 65528 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
9090/tcp open zeus-admin
13337/tcp open unknown
22222/tcp open easyengine
60000/tcp open unknown
MAC Address: 08:00:27:BF:52:95 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 10.45 seconds- nmap -p- --min-rate=1000 -T4 10.10.0.2 | grep ^[0-9]
grep seleziona le righe che cominciano con numeri
nmap -p- --min-rate=1000 -T4 10.10.0.2 | grep ^[0-9]
21/tcp open ftp
22/tcp open ssh
80/tcp open http
9090/tcp open zeus-admin
13337/tcp open unknown
22222/tcp open easyengine
60000/tcp open unknown- nmap -p- --min-rate=1000 -T4 10.10.0.2 | grep ^[0-9] || cut -d '/' -f 1 |
cut taglia la stinga dove trova '/' e -f recupera il primo pezzo
21
22
80
9090
13337
22222
60000- nmap -p- --min-rate=1000 -T4 10.10.0.2 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ','
tr sostituisce il ritorno a capo con la ','
- Markdown-Cheatsheet Guida per scrtivere questo documento