Nmap KUNGFU -lanjutan nmap

**iyan squid** · 08-29-2012, 01:36 AM

hi ketemu lagi sama ane facebooker galau iyan_squid, Cool

sebelumnya ane minta maaf kalo tread y ane buat ini sedikit gk berbobot, ato kalo kedapatan double post silahkan di hapus aja Smile

gk sengaja td ane selancar2 terus nemu ginian, lumayan buat bahan belajar Smile

, jadi ane pengen berbagi sama temen2 semua.

Code:
[color=#00BFFF]Basic Scanning Techniques[/color]

Quote:Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

Code:
[color=#00BFFF]Discovery Options[/color]

Quote:Perform a ping scan only —> nmap -sP [target]

Don’t ping —> nmap -PN [target]

TCP SYN Ping —> nmap -PS [target]

TCP ACK ping —-> nmap -PA [target]

UDP ping —-> nmap -PU [target]

SCTP Init Ping —> nmap -PY [target]

ICMP echo ping —-> nmap -PE [target]

ICMP Timestamp ping —> nmap -PP [target]

ICMP address mask ping —> nmap -PM [target]

IP protocol ping —-> nmap -PO [target]

ARP ping —> nmap -PR [target]

Traceroute —> nmap –traceroute [target]

Force reverse DNS resolution —> nmap -R [target]

Disable reverse DNS resolution —> nmap -n [target]

Alternative DNS lookup —> nmap –system-dns [target]

Manually specify DNS servers —> nmap –dns-servers [servers] [target]

Create a host list —-> nmap -sL [targets]

Code:
[color=#00BFFF]Advanced Scanning Options[/color]

Quote:TCP SYN Scan —> nmap -sS [target]

TCP connect scan —-> nmap -sT [target]

UDP scan —-> nmap -sU [target]

TCP Null scan —-> nmap -sN [target]

TCP Fin scan —> nmap -sF [target]

Xmas scan —-> nmap -sX [target]

TCP ACK scan —> nmap -sA [target]

Custom TCP scan —-> nmap –scanflags [flags] [target]

IP protocol scan —-> nmap -sO [target]

Send Raw Ethernet packets —-> nmap –send-eth [target]

Send IP packets —-> nmap –send-ip [target]

Code:
[color=#00BFFF]Port Scanning Options[/color]

Quote:Perform a fast scan —> nmap -F [target]

Scan specific ports —-> nmap -p [ports] [target]

Scan ports by name —-> nmap -p [port name] [target]

Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]

Scan all ports —-> nmap -p “*” [target]

Scan top ports —–> nmap –top-ports [number] [target]

Perform a sequential port scan —-> nmap -r [target]

Code:
[color=#00BFFF]Version Detection[/color]

Quote:Operating system detection —-> nmap -O [target]

Submit TCP/IP Fingerprints —-> www.nmap.org/submit/

Attempt to guess an unknown —-> nmap -O –osscan-guess [target]

Service version detection —-> nmap -sV [target]

Troubleshooting version scans —-> nmap -sV –version-trace [target]

Perform a RPC scan —-> nmap -sR [target]

Code:
[color=#00BFFF]Timing Options[/color]

Quote:Timing Templates —-> nmap -T [0-5] [target]

Set the packet TTL —-> nmap –ttl [time] [target]

Minimum of parallel connections —-> nmap –min-parallelism [number] [target]

Maximum of parallel connection —-> nmap –max-parallelism [number] [target]

Minimum host group size —–> nmap –min-hostgroup [number] [targets]

Maximum host group size —-> nmap –max-hostgroup [number] [targets]

Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target]

Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]

Maximum retries —-> nmap –max-retries [number] [target]

Host timeout —-> nmap –host-timeout [time] [target]

Minimum Scan delay —-> nmap –scan-delay [time] [target]

Maximum scan delay —-> nmap –max-scan-delay [time] [target]

Minimum packet rate —-> nmap –min-rate [number] [target]

Maximum packet rate —-> nmap –max-rate [number] [target]

Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]

Code:
[color=#00BFFF]Firewall Evasion Techniques[/color]

Quote:Fragment packets —-> nmap -f [target]

Specify a specific MTU —-> nmap –mtu [MTU] [target]

Use a decoy —-> nmap -D RND: [number] [target]

Idle zombie scan —> nmap -sI [zombie] [target]

Manually specify a source port —-> nmap –source-port [port] [target]

Append random data —-> nmap –data-length [size] [target]

Randomize target scan order —-> nmap –randomize-hosts [target]

Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]

Send bad checksums —-> nmap –badsum [target]

Code:
[color=#00BFFF]Output Options[/color]

Quote:Save output to a text file —-> nmap -oN [scan.txt] [target]

Save output to a xml file —> nmap -oX [scan.xml] [target]

Grepable output —-> nmap -oG [scan.txt] [target]

Output all supported file types —-> nmap -oA [path/filename] [target]

Periodically display statistics —-> nmap –stats-every [time] [target]

133t output —-> nmap -oS [scan.txt] [target]

Code:
[color=#00BFFF]Troubleshooting and debugging[/color]

Quote:Help —> nmap -h

Display Nmap version —-> nmap -V

Verbose output —-> nmap -v [target]

Debugging —-> nmap -d [target]

Display port state reason —-> nmap –reason [target]

Only display open ports —-> nmap –open [target]

Trace packets —> nmap –packet-trace [target]

Display host networking —> nmap –iflist

Specify a network interface —> nmap -e [interface] [target]

Code:
[color=#00BFFF]Nmap Scripting Engine[/color]

Quote:Execute individual scripts —> nmap –script [script.nse] [target]

Execute multiple scripts —-> nmap –script [expression] [target]

Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute scripts by category —-> nmap –script [category] [target]

Execute multiple scripts categories —-> nmap –script [category1,category2, etc]

Troubleshoot scripts —-> nmap –script [script] –script-trace [target]

Update the script database —-> nmap –script-updatedb

Code:
[color=#00BFFF]Ndiff[/color]

Quote:Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]

Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]

XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]

sumber

kelupaan ane ini juga lanjutan dari tread om NoseTrave ( Tambahan cara untuk menggunakan nmap ) http://forum.indonesianbacktrack.or.id/s...hp?tid=860

**Acenk90** · 08-29-2012, 04:55 AM

wah..., nice share om.., terus berbagi yoo..., Smile

_________________
Go IBTeam...!!!

**iyan squid** · 08-29-2012, 07:50 AM

(08-29-2012, 04:55 AM)Acenk90 Wrote: wah..., nice share om.., terus berbagi yoo...,

_________________
Go IBTeam...!!!

seep om.

**xsan-lahci** · 08-29-2012, 11:10 AM

om iyan kl ga salah kn nmap bisa scan web ada bugs sqli/ga Smile

perintahnya apa deh ane lupa hehe di tmbah juga yaa om +contoh Smile

tar ada ijo ijo ane tmbah hehe

**u5h4nt** · 08-29-2012, 05:55 PM

(08-29-2012, 11:10 AM)xsan-lahci Wrote: om iyan kl ga salah kn nmap bisa scan web ada bugs sqli/ga perintahnya apa deh ane lupa hehe di tmbah juga yaa om +contoh tar ada ijo ijo ane tmbah hehe

yang pake script engine yah om ?
klo gug salah nmap -sV --script=http-sql-injection <target> ??

**iyan squid** · 08-29-2012, 11:08 PM

(08-29-2012, 11:10 AM)xsan-lahci Wrote: om iyan kl ga salah kn nmap bisa scan web ada bugs sqli/ga perintahnya apa deh ane lupa hehe di tmbah juga yaa om +contoh tar ada ijo ijo ane tmbah hehe

oh oke om, ane juga lupa nambahin, hehehe Big Grin

ini ada beberapa lagi om

smb-check-vulns(pengecekan smb)
nmap --script smb-check-vulns.nse -p445 [target]
sudo nmap -sU -sS --script smb-check-vulns.nse -p U:137,T:139 [target]

mysql-vuln-cve2012-2122
nmap -sV --script=mysql-vuln-cve2012-2122 [target]

metode scan sql y lain bisa juga pakai perintah ini
nmap --script=sql-injection [target]

selain ini masih banyak script nmap, hanya saja saya pribadi belum sempat mengexplore, insyaallah dilain kesempatan saya mencoba membuat tutorial scanning juga bukan hanya show script Smile

sumber : http://nmap.org/nsedoc/scripts/

(08-29-2012, 05:55 PM)RR12 Wrote:
(08-29-2012, 11:10 AM)xsan-lahci Wrote: om iyan kl ga salah kn nmap bisa scan web ada bugs sqli/ga perintahnya apa deh ane lupa hehe di tmbah juga yaa om +contoh tar ada ijo ijo ane tmbah hehe

yang pake script engine yah om ?
klo gug salah nmap -sV --script=http-sql-injection <target> ??

iya om itu scripnya , dan masih banyak script2 pengecekan y lain Smile

makasih om RR12 udah tambahin Smile

**xsan-lahci** · 08-30-2012, 10:29 AM

makasih om iyan dan om RR12 Smile

**dracos-linux** · 08-30-2012, 01:53 PM

nice bro... lengkap deh ...

**iyan squid** · 08-30-2012, 04:14 PM

(08-30-2012, 10:29 AM)xsan-lahci Wrote: makasih om iyan dan om RR12

seep om sam-sama Smile

(08-30-2012, 01:53 PM)dracos-linux Wrote: nice bro... lengkap deh ...

alangkah lebih lengkapnya lagi om, kalo ad tutorial pakenya langsung apalagi plus video tambah mantap, tapi untuk awal ini dulu ya,, ane masih pelajari . mudah2an bisa buat video ato lanjutan dari nmap Smile

**Junior Riau** · 08-30-2012, 11:36 PM

nice thread om iyan,,
eh yang sqli itu tambahin | grep sqlspider biar terminal nda rame wkkw

cek lemari es om iyan,, ada cincau