nmap

nmap is a port scanner tool. By default it scan ports from 0-1000.

Scan all

You can pass the -A flag which enables OS detection, version detection, script scanning, and traceroute, however that is very easy to detect by an IDS/IPS system.

nmap -A <ip>

Service version detection

To enable only service version detection:

nmap -sV <ip>

-sV flag does scanning and prints service and version on the found open port

To specify the default set of scripts for version identification use -sC

nmap -sC <ip>

Scan all ports

To scan all the ports, we need to specify this flags:

namp -p- <ip>

Take into account that this operation will take a long time to complete.

--min-rate speeds up the process by sending packets not slower than X messages per second.

Firewall evasion

If nmap reports he has issues because could not determine if port open or closed. The machine might be protected by a firewall, instead of performing a TCP SYN scan, you can use a TCP FIN scan by providing the flag -sF

You can disable ping scan (blocked by firewalls) by disabling host discovery: -Pn.

Disable DNS resolution

You can disable DNS resolution with -n

Scan all​

Service version detection​

Scan all ports​

Firewall evasion​

Disable DNS resolution​

Scan all

Service version detection

Scan all ports

Firewall evasion

Disable DNS resolution