stefan
/
husk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
husk/build/enumeration/docs/nmap.html

337 lines
40 KiB
HTML
Raw Normal View History

init
2022-09-02 09:05:59 +02:00
<!doctype html>
<html lang="en">
<center>
<head>
<script src="https://cdn.jsdelivr.net/npm/fuse.js/dist/fuse.js"></script>
Added settings.toml
2022-09-09 15:41:05 +02:00
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="/static/js/auto-complete.js"></script>
<script type="text/javascript" src="/static/js/lunr.min.js"></script>
<script type="text/javascript" src="/static/js/search.js"></script>
init
2022-09-02 09:05:59 +02:00
<link rel="stylesheet" href="/static/stylesheet.css">
<link rel="stylesheet" href="/static/auto-complete.css">
<br>
Added settings.toml
2022-09-09 15:41:05 +02:00
<title>The Real Hugo</title>
init
2022-09-02 09:05:59 +02:00
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<!-- topmenu -->
<div class="menu">
Added settings.toml
2022-09-09 15:41:05 +02:00
<a href="/" style="text-decoration:none">Husk</a>
init
2022-09-02 09:05:59 +02:00
</div>
<div class="search-container">
<label for="search-by"><i class="fas fa-search"></i></label>
<input data-search-input="" id="search-by" type="search" placeholder="Search..." autocomplete="off">
<!--button type="submit"><i class="search"></i>&#128269;</button>-->
<span data-search-clear=""><i class="fas fa-times"></i></span>
</div>
</div>
<div class="menu">
</div>
<!--br><br-->
</center>
<p></p>
<div class="columns">
<!-- Sidebar -->
<div class="column column-1">
Added settings.toml
2022-09-09 15:41:05 +02:00
<ul><details id=enumeration ontoggle="linkClick(this); return false;" ><summary>Enumeration</summary><ul><details id=containers ontoggle="linkClick(this); return false;" ><summary>Containers</summary><ul></ul></details><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/enumeration/docs/aws.html">aws</a></li><li><a href="/enumeration/docs/cewl.html">cewl</a></li><li><a href="/enumeration/docs/dns.html">dns</a></li><li><a href="/enumeration/docs/docker_enumeration.html">docker_enumeration</a></li><li><a href="/enumeration/docs/ffuf.html">ffuf</a></li><li><a href="/enumeration/docs/gobuster.html">gobuster</a></li><li><a href="/enumeration/docs/kerberoast.html">kerberoast</a></li><li><a href="/enumeration/docs/kubectl.html">kubectl</a></li><li><a href="/enumeration/docs/ldap.html">ldap</a></li><li><a href="/enumeration/docs/linux_basics.html">linux_basics</a></li><li><a href="/enumeration/docs/microk8s.html">microk8s</a></li><li><a href="/enumeration/docs/nfs.html">nfs</a></li><li><a href="/enumeration/docs/nikto.html">nikto</a></li><li><a href="/enumeration/docs/nmap.html">nmap</a></li><li><a href="/enumeration/docs/port_knocking.html">port_knocking</a></li><li><a href="/enumeration/docs/rpcclient.html">rpcclient</a></li><li><a href="/enumeration/docs/rsync.html">rsync</a></li><li><a href="/enumeration/docs/rustscan.html">rustscan</a></li><li><a href="/enumeration/docs/shodan.html">shodan</a></li><details id=snmp ontoggle="linkClick(this); return false;" ><summary>Snmp</summary><ul><li><a href="/enumeration/docs/snmp/onesixtyone.html">onesixtyone</a></li><li><a href="/enumeration/docs/snmp/snmpcheck.html">snmpcheck</a></li></ul></details><li><a href="/enumeration/docs/websites.html">websites</a></li><li><a href="/enumeration/docs/wfuzz.html">wfuzz</a></li><li><a href="/enumeration/docs/wpscan.html">wpscan</a></li></ul></details><details id=network_scanners ontoggle="linkClick(this); return false;" ><summary>Network_scanners</summary><ul></ul></details><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/enumeration/windows/bloodhound.html">bloodhound</a></li><li><a href="/enumeration/windows/event_log.html">event_log</a></li><li><a href="/enumeration/windows/manual_enum.html">manual_enum</a></li><li><a href="/enumeration/windows/powershell.html">powershell</a></li><li><a href="/enumeration/windows/rpcclient.html">rpcclient</a></li><li><a href="/enumeration/windows/sysinternals.html">sysinternals</a></li><li><a href="/enumeration/windows/sysmon.html">sysmon</a></li><li><a href="/enumeration/windows/vss.html">vss</a></li></ul></details></ul></details><details id=exploit ontoggle="linkClick(this); return false;" ><summary>Exploit</summary><ul><details id=CPUs ontoggle="linkClick(this); return false;" ><summary>CPUs</summary><ul><li><a href="/exploit/CPUs/meltdown.html">meltdown</a></li></ul></details><details id=binaries ontoggle="linkClick(this); return false;" ><summary>Binaries</summary><ul><li><a href="/exploit/binaries/Shellcode.html">Shellcode</a></li><li><a href="/exploit/binaries/aslr.html">aslr</a></li><details id=buffer_overflow ontoggle="linkClick(this); return false;" ><summary>Buffer_overflow</summary><ul><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/exploit/binaries/buffer_overflow/docs/amd64.html">amd64</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/amd64_instructions.html">amd64_instructions</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/buffer_overflow.html">buffer_overflow</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/cut_stack_in_half.html">cut_stack_in_half</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/pwntools_specifics.html">pwntools_specifics</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/ret_address_reuse.html">ret_address_reuse</a></li></ul></details><li><a href="/exploit/binaries/buffer_overflow/ropping.html">ropping</a></li></ul></details><details id=canary_bypass ontoggle="l
init
2022-09-02 09:05:59 +02:00
</ul>
</div>
<div class="column column-2">
<span class="body">
<style>pre { line-height: 125%; }
td.linenos .normal { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
.codehilite .hll { background-color: #2C3B41 }
.codehilite .c { color: #546E7A; font-style: italic } /* Comment */
.codehilite .err { color: #FF5370 } /* Error */
.codehilite .esc { color: #89DDFF } /* Escape */
.codehilite .g { color: #EEFFFF } /* Generic */
.codehilite .k { color: #BB80B3 } /* Keyword */
.codehilite .l { color: #C3E88D } /* Literal */
.codehilite .n { color: #EEFFFF } /* Name */
.codehilite .o { color: #89DDFF } /* Operator */
.codehilite .p { color: #89DDFF } /* Punctuation */
.codehilite .ch { color: #546E7A; font-style: italic } /* Comment.Hashbang */
.codehilite .cm { color: #546E7A; font-style: italic } /* Comment.Multiline */
.codehilite .cp { color: #546E7A; font-style: italic } /* Comment.Preproc */
.codehilite .cpf { color: #546E7A; font-style: italic } /* Comment.PreprocFile */
.codehilite .c1 { color: #546E7A; font-style: italic } /* Comment.Single */
.codehilite .cs { color: #546E7A; font-style: italic } /* Comment.Special */
.codehilite .gd { color: #FF5370 } /* Generic.Deleted */
.codehilite .ge { color: #89DDFF } /* Generic.Emph */
.codehilite .gr { color: #FF5370 } /* Generic.Error */
.codehilite .gh { color: #C3E88D } /* Generic.Heading */
.codehilite .gi { color: #C3E88D } /* Generic.Inserted */
.codehilite .go { color: #546E7A } /* Generic.Output */
.codehilite .gp { color: #FFCB6B } /* Generic.Prompt */
.codehilite .gs { color: #FF5370 } /* Generic.Strong */
.codehilite .gu { color: #89DDFF } /* Generic.Subheading */
.codehilite .gt { color: #FF5370 } /* Generic.Traceback */
.codehilite .kc { color: #89DDFF } /* Keyword.Constant */
.codehilite .kd { color: #BB80B3 } /* Keyword.Declaration */
.codehilite .kn { color: #89DDFF; font-style: italic } /* Keyword.Namespace */
.codehilite .kp { color: #89DDFF } /* Keyword.Pseudo */
.codehilite .kr { color: #BB80B3 } /* Keyword.Reserved */
.codehilite .kt { color: #BB80B3 } /* Keyword.Type */
.codehilite .ld { color: #C3E88D } /* Literal.Date */
.codehilite .m { color: #F78C6C } /* Literal.Number */
.codehilite .s { color: #C3E88D } /* Literal.String */
.codehilite .na { color: #BB80B3 } /* Name.Attribute */
.codehilite .nb { color: #82AAFF } /* Name.Builtin */
.codehilite .nc { color: #FFCB6B } /* Name.Class */
.codehilite .no { color: #EEFFFF } /* Name.Constant */
.codehilite .nd { color: #82AAFF } /* Name.Decorator */
.codehilite .ni { color: #89DDFF } /* Name.Entity */
.codehilite .ne { color: #FFCB6B } /* Name.Exception */
.codehilite .nf { color: #82AAFF } /* Name.Function */
.codehilite .nl { color: #82AAFF } /* Name.Label */
.codehilite .nn { color: #FFCB6B } /* Name.Namespace */
.codehilite .nx { color: #EEFFFF } /* Name.Other */
.codehilite .py { color: #FFCB6B } /* Name.Property */
.codehilite .nt { color: #FF5370 } /* Name.Tag */
.codehilite .nv { color: #89DDFF } /* Name.Variable */
.codehilite .ow { color: #89DDFF; font-style: italic } /* Operator.Word */
.codehilite .w { color: #EEFFFF } /* Text.Whitespace */
.codehilite .mb { color: #F78C6C } /* Literal.Number.Bin */
.codehilite .mf { color: #F78C6C } /* Literal.Number.Float */
.codehilite .mh { color: #F78C6C } /* Literal.Number.Hex */
.codehilite .mi { color: #F78C6C } /* Literal.Number.Integer */
.codehilite .mo { color: #F78C6C } /* Literal.Number.Oct */
.codehilite .sa { color: #BB80B3 } /* Literal.String.Affix */
.codehilite .sb { color: #C3E88D } /* Literal.String.Backtick */
.codehilite .sc { color: #C3E88D } /* Literal.String.Char */
.codehilite .dl { color: #EEFFFF } /* Literal.String.Delimiter */
.codehilite .sd { color: #546E7A; font-style: italic } /* Literal.String.Doc */
.codehilite .s2 { color: #C3E88D } /* Literal.String.Double */
.codehilite .se { color: #EEFFFF } /* Literal.String.Escape */
.codehilite .sh { color: #C3E88D } /* Literal.String.Heredoc */
.codehilite .si { color: #89DDFF } /* Literal.String.Interpol */
.codehilite .sx { color: #C3E88D } /* Literal.String.Other */
.codehilite .sr { color: #89DDFF } /* Literal.String.Regex */
.codehilite .s1 { color: #C3E88D } /* Literal.String.Single */
.codehilite .ss { color: #89DDFF } /* Literal.String.Symbol */
.codehilite .bp { color: #89DDFF } /* Name.Builtin.Pseudo */
.codehilite .fm { color: #82AAFF } /* Name.Function.Magic */
.codehilite .vc { color: #89DDFF } /* Name.Variable.Class */
.codehilite .vg { color: #89DDFF } /* Name.Variable.Global */
.codehilite .vi { color: #89DDFF } /* Name.Variable.Instance */
.codehilite .vm { color: #82AAFF } /* Name.Variable.Magic */
.codehilite .il { color: #F78C6C } /* Literal.Number.Integer.Long */</style>
<div class="column column-3">
<ul>
<li><a href="#nmap">nmap</a><ul>
<li><a href="#scan-types">Scan Types</a></li>
<li><a href="#port-states">Port States</a></li>
<li><a href="#usage">Usage</a><ul>
<li><a href="#combo-with-searchsploit">combo with searchsploit</a></li>
<li><a href="#wordpress-enumeration">Wordpress Enumeration</a></li>
<li><a href="#use-list-of-hosts">Use List of Hosts</a></li>
<li><a href="#arp-scan-local-network">ARP Scan Local Network</a></li>
<li><a href="#icmp-scans">ICMP Scans</a></li>
<li><a href="#tcp-scans">TCP Scans</a><ul>
<li><a href="#tcp-scan-types">TCP Scan Types</a></li>
</ul>
</li>
<li><a href="#udp-scans">UDP SCans</a></li>
<li><a href="#dns-scan">DNS Scan</a></li>
<li><a href="#spoofing">Spoofing</a></li>
<li><a href="#service-detection">Service Detection</a></li>
</ul>
</li>
<li><a href="#scripts">Scripts</a></li>
<li><a href="#tips-tricks">Tips &amp; Tricks</a></li>
</ul>
</li>
</ul>
</div>
<h1 id="nmap">nmap</h1>
<h2 id="scan-types">Scan Types</h2>
<ul>
<li>ARP</li>
<li>ICMP</li>
<li>TCP</li>
<li>UDP</li>
</ul>
<h2 id="port-states">Port States</h2>
<ol>
<li>Open</li>
<li>Closed</li>
<li>Filtered</li>
<li>Unfiltered</li>
<li>Open|Filtered</li>
<li>Close|Filtered</li>
</ol>
<h2 id="usage">Usage</h2>
<div class="codehilite"><pre><span></span><code>nmap -oA nmap-full -Pn -sS -T4 -p- --defeat-rst-ratelimit &lt;IP&gt;
</code></pre></div>
<div class="codehilite"><pre><span></span><code>nmap -oA nmap-vuln -Pn -script vuln -p &lt;Port,Port,Port,...&gt; &lt;IP&gt;
</code></pre></div>
<h3 id="combo-with-searchsploit">combo with searchsploit</h3>
<ul>
<li>nmap-full scan</li>
</ul>
<div class="codehilite"><pre><span></span><code>sudo nmap -oA --nmap-full -sS -sC -sV -p- --defeat-rst-ratelimit &lt;target-IP&gt;
searchsploit --nmap ./nmap-full.xml --verbose
</code></pre></div>
<h3 id="wordpress-enumeration">Wordpress Enumeration</h3>
<div class="codehilite"><pre><span></span><code>nmap --script http-wordpress-enum --scripts-args check-latest<span class="o">=</span>true,search-limit<span class="o">=</span><span class="m">1500</span> -p <span class="m">80</span> test.com
</code></pre></div>
<h3 id="use-list-of-hosts">Use List of Hosts</h3>
<div class="codehilite"><pre><span></span><code>nmap -iL &lt;ListofHosts&gt;
</code></pre></div>
<ul>
<li>Show hosts, dns resolution included</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -sL -n <span class="m">10</span>.10.0.0/16
</code></pre></div>
<h3 id="arp-scan-local-network">ARP Scan Local Network</h3>
<div class="codehilite"><pre><span></span><code>nmap -PR -sn <span class="m">192</span>.168.0.0/24
</code></pre></div>
<h3 id="icmp-scans">ICMP Scans</h3>
<ul>
<li><strong>Type 8</strong> (Ping Request)</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -PE -sn <span class="m">10</span>.10.0.0/16
</code></pre></div>
<ul>
<li><strong>Type 13</strong> (Timestamp Request)</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -PP -sn <span class="m">10</span>.10.0.0/16
</code></pre></div>
<ul>
<li><strong>Type 17</strong> (Address Mask Queries)</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -PM -sn <span class="m">10</span>.10.0.0/16
</code></pre></div>
<h3 id="tcp-scans">TCP Scans</h3>
<ul>
<li><code>-PS23</code> Syn on port 23</li>
<li><code>-PA80-8080</code> ACK on port range 80-8080</li>
</ul>
<h4 id="tcp-scan-types">TCP Scan Types</h4>
<ul>
<li><strong>Null Scan</strong> <code>-sN</code>, port is open when there is no response. Otherwise the response is <code>RST/ACK</code></li>
<li><strong>FIN Scan</strong> <code>-sF</code> , same procedure as null scan.</li>
<li><strong>Xmas Scan</strong> <code>-sX</code>, <code>FIN/PSH/URG</code> is sent. <code>RST/ACK</code> when port is closed.</li>
<li><strong>Maimon Scan</strong> <code>-sM</code>, sends <code>FIN/ACK</code>. Packet is dropped when port is open. Only viable on old BSD networks.</li>
<li><strong>ACK Scan</strong> <code>-sA</code>, sends <code>ACK</code>. Receives <code>RST</code> regardless of the state of the port. May be used to explore firewall rules.</li>
<li><strong>Window Scan</strong> <code>-sW</code>, sends <code>ACK</code>, and receives <code>RST</code> as well. Inspects the window part of the response. Used to expose firewall rules.</li>
<li><strong>Custom Scan</strong> <code>--scanflags RSTACKFIN</code>, set flags randomly.</li>
</ul>
<h3 id="udp-scans">UDP SCans</h3>
<ul>
<li><code>-PU</code> </li>
<li>May be answered by ICMP Type 3 if the port is not reachable</li>
</ul>
<h3 id="dns-scan">DNS Scan</h3>
<ul>
<li>No lookup <code>-n</code></li>
<li>Reverse lookup for every host <code>-R</code> </li>
<li>Host discovery only <code>-sn</code></li>
</ul>
<h3 id="spoofing">Spoofing</h3>
<ul>
<li>IP <code>-S &lt;spoofed-IP&gt;</code></li>
<li>MAC <code>--spoof-mac &lt;spoofed-MAC&gt;</code></li>
<li>Disable ping scan <code>-Pn</code></li>
<li>Decoy addresses <code>-D &lt;decoy-IP&gt;,&lt;decoy-IP&gt;,&lt;decoy-IP&gt;,RND,RND,ME</code></li>
</ul>
<h3 id="service-detection">Service Detection</h3>
<ul>
<li><code>-sV</code></li>
<li><code>--version-intensity &lt;level 0-9&gt;</code></li>
<li>Intensity 2 <code>--version-light</code></li>
<li>Intensity 9 <code>--version-all</code></li>
</ul>
<h2 id="scripts">Scripts</h2>
<p>Installed at <code>/usr/share/nmap/scripts</code>
* <strong>auth</strong> Authentication related scripts
* <strong>broadcast</strong> Discover hosts by sending broadcast messages
* <strong>brute</strong> Performs brute-force password auditing against logins
* <strong>default</strong> Default scripts, same as -sC
* <strong>discovery</strong> Retrieve accessible information, such as database tables and DNS names
* <strong>dos Detects</strong> servers vulnerable to Denial of Service (DoS)
* <strong>exploit</strong> Attempts to exploit various vulnerable services
* <strong>external</strong> Checks using a third-party service, such as Geoplugin and Virustotal
* <strong>fuzzer</strong> Launch fuzzing attacks
* <strong>intrusive</strong> Intrusive scripts such as brute-force attacks and exploitation
* <strong>malware</strong> Scans for backdoors
* <strong>safe</strong> Safe scripts that wont crash the target
* <strong>version</strong> Retrieve service versions
* <strong>vuln</strong> Checks for vulnerabilities or exploit vulnerable services</p>
<h2 id="tips-tricks">Tips &amp; Tricks</h2>
<ul>
<li>Scan the 100 most interesting ports via <code>-F</code></li>
<li><code>--top-ports 100</code> </li>
<li>One probe every 5 minutes via <code>-T0</code></li>
<li>A closed port responds with <code>RST/ACK</code> to a initial <code>SYN</code></li>
<li>Scan ports iteratively by using <code>-r</code>, not random</li>
<li>Closed Port </li>
<li>Control packet rate via <code>--min-rate</code> and <code>--max-rate</code></li>
<li>Control parallel probes via <code>--min-parallelism</code> and <code>--max-parallelism</code></li>
<li>Fragment packets <code>-f</code> 8 bytes, <code>-ff</code> 16 bytes or <code>--mtu</code></li>
<li>Zombie Scan <code>-sI &lt;pwnd-device-IP&gt;</code> via pwnd host inside the targets network</li>
<li><code>--reason</code>, <code>-d</code>, <code>-vv</code></li>
<li><code>--traceroute</code></li>
</ul>
</span>
</div>
</div>
<div id="footer">
<p></p>
<center>
&copy; Stefan Friese
</center>
</div>
<script>
Added settings.toml
2022-09-09 15:41:05 +02:00
function linkClick(obj) {
init
2022-09-02 09:05:59 +02:00
if (obj.open) {
Added settings.toml
2022-09-09 15:41:05 +02:00
//console.log('open');
init
2022-09-02 09:05:59 +02:00
if (sessionStorage.getItem(obj.id) && !(sessionStorage.getItem(obj.id) === "open")) {
sessionStorage.removeItem(obj.id);
}
Added settings.toml
2022-09-09 15:41:05 +02:00
sessionStorage.setItem(obj.id,"open");
console.log(obj.id);
init
2022-09-02 09:05:59 +02:00
} else {
Added settings.toml
2022-09-09 15:41:05 +02:00
//console.log('closed');
sessionStorage.removeItem(obj.id);
}
}
init
2022-09-02 09:05:59 +02:00
Added settings.toml
2022-09-09 15:41:05 +02:00
let _keys = Object.keys(sessionStorage);
if (_keys) {
for ( let i = 0; i < _keys.length; i++ ) {
document.getElementById(_keys[i])['open'] = 'open';
}
}
init
2022-09-02 09:05:59 +02:00
</script>
Added settings.toml
2022-09-09 15:41:05 +02:00
<script async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML" type="text/javascript"></script>
init
2022-09-02 09:05:59 +02:00
<script type="text/x-mathjax-config">
Added settings.toml
2022-09-09 15:41:05 +02:00
MathJax.Hub.Config({
config: ["MMLorHTML.js"],
jax: ["input/TeX", "output/HTML-CSS", "output/NativeMML"],
extensions: ["MathMenu.js", "MathZoom.js"]
});
</script>
init
2022-09-02 09:05:59 +02:00
</body>
</html>