Technics
Network Sweeping
- nmap -v -sn xxx.xxx.xxx.xxx/xx -oN file # normal output
- nmap -v -sn xxx.xxx.xxx.xxx/xx -oX file # xml output
- nmap -v -sn xxx.xxx.xxx.xxx/xx -oG file # output to make easy grep handler
- The -Pn, tell to nmap that host is alive and not need verify it before the main operation
- -p 80 # Inspect port 80
- -p 80,81 # Inspect port 80 e 81
- -p- # Inspect all ports. 1 until 65535
- -iL file # Get a file with ips to inspect 1 by 1 (1 ip/line)
- --open # Return if specified ports is open
- -p http* # Looking for all services that use HTTP protocol
- --top-ports=X # Instead -p is possible use --top-ports with ports number you can (X the number of ports).
- -sV # Get the version services
- -A # Only -A (sem -s), to dectect the O.S, versions, (It's a script scan e traceroute)