Scanning tools Cheatsheat

  1. Nmap

Scan all ports

nmap -p-

Enumerate running services

nmap -sV

Faster scan with aggressive scan and on all ports (best of CTFs)

nmap -T5 -A -p- --min-rate=500

Useful Flags

  • -v to show the current results with scan

  • -A Enables OS detection, version detection, script scanning, and traceroute

  • -sV Probe open ports to determine service/version info

  • -sC Default script sets

  • --script vuln To test for vulnerabilities

  • -sU UDP scan

2. Nmap scripts

Enumerating OS details with nmap script over smb

sudo nmap --script smb-os-discovery.nse

Enumerate NetBios

nmap -sV -v --script nbstat.nse

DNS service discovery

nmap --script=broadcast-dns-service-discovery

DNS brute force

nmap -T5 -p 53 --script dns-brute

common services DNS records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain=''"

Last updated