-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3623 from uberspot/nmap_feat
Add nmap plugin with some aliases for scan modes
- Loading branch information
Showing
2 changed files
with
60 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Nmap aliases plugin | ||
|
||
Adds some useful aliases for nmap similar to the profiles in zenmap. | ||
|
||
Nmap options are: | ||
* -sS - TCP SYN scan | ||
* -v - verbose | ||
* -T1 - timing of scan. Options are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5) | ||
* -sF - FIN scan (can sneak through non-stateful firewalls) | ||
* -PE - ICMP echo discovery probe | ||
* -PP - timestamp discovery probe | ||
* -PY - SCTP init ping | ||
* -g - use given number as source port | ||
* -A - enable OS detection, version detection, script scanning, and traceroute (aggressive) | ||
* -O - enable OS detection | ||
* -sA - TCP ACK scan | ||
* -F - fast scan | ||
* --script=vulscan - also access vulnerabilities in target | ||
|
||
## Aliases explained | ||
|
||
* nmap_open_ports - scan for open ports on target | ||
* nmap_list_interfaces - list all network interfaces on host where the command runs | ||
* nmap_slow - slow scan that avoids to spam the targets logs | ||
* nmap_fin - scan to see if hosts are up with TCP FIN scan | ||
* nmap_full - aggressive full scan that scans all ports, tries to determine OS and service versions | ||
* nmap_check_for_firewall - TCP ACK scan to check for firewall existence | ||
* nmap_ping_through_firewall - Host discovery with SYN and ACK probes instead of just pings to avoid firewall | ||
restrictions | ||
* nmap_fast - Fast scan of the top 300 popular ports | ||
* nmap_detect_versions - detects versions of services and OS, runs on all ports | ||
* nmap_check_for_vulns - uses vulscan script to check target services for vulnerabilities |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Some useful nmap aliases for scan modes | ||
|
||
# Nmap options are: | ||
# -sS - TCP SYN scan | ||
# -v - verbose | ||
# -T1 - timing of scan. Options are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5) | ||
# -sF - FIN scan (can sneak through non-stateful firewalls) | ||
# -PE - ICMP echo discovery probe | ||
# -PP - timestamp discovery probe | ||
# -PY - SCTP init ping | ||
# -g - use given number as source port | ||
# -A - enable OS detection, version detection, script scanning, and traceroute (aggressive) | ||
# -O - enable OS detection | ||
# -sA - TCP ACK scan | ||
# -F - fast scan | ||
# --script=vulscan - also access vulnerabilities in target | ||
|
||
alias nmap_open_ports="nmap --open" | ||
alias nmap_list_interfaces="nmap --iflist" | ||
alias nmap_slow="nmap -sS -v -T1" | ||
alias nmap_fin="nmap -sF -v" | ||
alias nmap_full="nmap -sS -T4 -PE -PP -PS80,443 -PY -g 53 -A -p1-65535 -v" | ||
alias nmap_check_for_firewall="nmap -sA -p1-65535 -v -T4" | ||
alias nmap_ping_through_firewall="nmap -PS -PA" | ||
alias nmap_fast="nmap -F -T5 --top-ports 300" | ||
alias nmap_detect_versions="nmap -sV -p1-65535 -O --osscan-guess -T4 -Pn" | ||
alias nmap_check_for_vulns="nmap --script=vulscan" | ||
|