Uma pequena coleção de comandos do Nmap “para todas as ocasiões”

Regular Scan:
nmap -R -Pn -sC -sV –version-all -T5 -p- –open -v -oN %y%m%d-target-name <target>

Fast Full Host Discovery:
nmap –min-rate=400 –min-parallelism=512 -p22,445,3389,80,443 -Pn -R -PS -oA %y%m%d-Full <target>

Check HTTP Methods:
nmap –script=http-methods <target> -n -p 80

HTTP Base Auth Brute:
nmap –script http-brute -p 80 –script-args=”[http-brute.hostname=<target>],http-brute.method=GET,http-brute.path=[/path],brute.firstonly=true,userdb=[Users.txt],passdb=[Passwords.txt]” -v –system-dns <target>

HTTP Auth Form Brute:
nmap –script http-form-brute -p 80 –script-args=”[brute.firstonly=true],http-form-brute.path=[/path],http-form-brute.onfailure=’Error message.’,http-form-brute.passvar=[password],http-form-brute.uservar=[username],http-form-brute.method=POST,[brute.emptypass=true]” <target>

POP3 Brute:
nmap -sV –script=pop3-brute –script-args=’passdb=[file_with_pass],userdb=[file_with_names],brute.emptypass[,brute.firstonly][,brute.threads]’ <target>

SMB Checks:
nmap -p 139,445 –script smb-os-discovery,smb-enum-shares,smb-system-info <target> #smb-vuln-ms17-010

SSH Brute:
nmap -p 22 –script ssh-brute –script-args user=root,passdb=pass.lst –script-args ssh-brute.timeout=4s <target>

LDAP Search:
nmap –script ldap-search –T4 –o nmap.ldap_search <target>

SNMP Scan:
nmap -P0 -v -sU -p 161 -oA snmp_scan <target>

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.