nmap -F 192.168.1.xx // Fast scan nmap -v 192.168.1.xx // Scan with verbose mode on nmap -vv 192.168.1.xx // Scan with very verbose mode on nmap 192.168.1.xx -p 21,22,23 // Specific port scan nmap 192.168.1.xx -sU -p 53 // Scan UDP port 53 nmap 192.168.1.xx --top-ports X // Scan top X port nmap -A 192.168.1.xx // OS & Software version nmap -O --osscan-guess 192.168.1.xx // OS Guess nmap -PN 192.168.1.xx // Scan a host when protected by the firewall nmap -PA 192.168.1.xx // Scan a host using TCP ACK nmap -PS 192.168.1.xx // Scan a host using TCP SYN nmap -PO 192.168.1.xx // Scan a host using IP protocol ping nmap -PU 192.168.1.xx // Scan a host using UDP ping nmap -6 ::1 // Scan a IPv6 host nmap -sU 192.168.1.xx // Scan UDP ports nmap -sV 192.168.1.xx // Detect softwares & versions on each port nmap -sP 192.168.1.0/24 // Scanner un réseau pour voir quels hosts répondent au ping nmap --spoof-mac <MAC-ADDRESS> 192.168.1.xx // Spoof de mac-address
Montre tout les postes actifs sur le LAN, tout du moins si ils ont un nom d'hôte sur l'IP.
#!/bin/bash NETWORK="192.168.0.0/24" #Output formatting BOLD="\033[1m" WHITE_ON_GREY="\033[100;97m" RESET="\033[0m" sudo nmap -sn -PO "$NETWORK" | grep -oE "[a-zA-Z0-9\.\-]+\s\(([0-9]{1,3}\.){3}[0-9]{1,3}\)" | sed 's/[)(]//g' | awk -v bold="$BOLD" -v fg="$WHITE_ON_GREY" -v reset="$RESET" -f <(cat - <<-'EOD' BEGIN{ OFS="\t"; } { print $2,$1; } END{ print bold fg NR" Hosts are up" reset; } EOD )