Questions tagged [nmap]
A robust and open source security tool for network discovery and security auditing.
540 questions
0
votes
0
answers
61
views
Speeding up Nmap Scan when it shows all ports open
Dealing with a network that is reporting all ports open for all hosts. Sounds like the firewall is responding open for all ports, causing the service detection to slow to a crawl. I am restricted ...
2
votes
1
answer
1k
views
How to confirm the original server IP behind a CDN?
I am learning basic web security and reconnaissance.
When I try to find the original server IP of a website that uses a CDN (for example, CloudFront or another AWS-based CDN), I use tools like dig, ...
- 37
1
vote
0
answers
28
views
What options are there for live output of nmap scan results? [duplicate]
I need to do a lot of potentially really slow 65k port sweeps and UDP scans. The problem I have is that the XML output (open ports, service probe results) appears only when the entire scan is complete....
- 11
1
vote
1
answer
789
views
Windows RPC "ephemeral" ports
I am doing a cybersecurity review for a client's Windows system, based on documentation that was provided to me. Among other things, the client ran an nmap scan, which showed TCP ports 49664 - 49668 ...
- 153
1
vote
1
answer
323
views
NSE script not running in nmap [closed]
When executing the command nmap -p80 --script=http-enum <host IP>
I get no results back from the script "http-enum" as if I did not specify a script to run. I have been using the ...
2
votes
1
answer
174
views
NMAP scan from an input file with 100 hosts yields different results compared to scanning hosts individually
I'm trying to ascertain if TCP 8050 & 86 are open on various hosts so I run
nmap -sT -Pn -p 86,8050 -iL (location of input file) -oX (location of output file).xml
The results I receive are ...
- 21
0
votes
1
answer
223
views
ICMP port unreachable message stops NMAP on UDP scan but not always [closed]
I have two almost identical embedded hosts that I am scanning with NMAP on the specific UDP port 47808.
On host 192.168.2.12 NMAP returns after a while with:
while on 192.168.2.24 NMAP immediately ...
- 101
0
votes
0
answers
138
views
ncrack returning no results
I am attempting to perform basic pen testing, I successfully used hydra however I am having some issues with ncrack... To my knowledge the syntax is correct, as I do not encounter any errors however ...
1
vote
0
answers
101
views
Is the Appearance of Numerous Open Ports in Network Scans a Misconfiguration, Security Strategy, or Bad Practice? [duplicate]
While scanning networks, I have often come across a large number of open ports, or that’s the result returned by various tools like Nmap, Masscan, etc. Of course, this is false information...
But I’m ...
- 11
0
votes
1
answer
671
views
Nmap --disable-arp-ping [duplicate]
I was wondering what the option --disable-arp-ping is for? I have been doing HTB and sometimes I see them using it but I do not really know what is the purpose of this option.
5
votes
2
answers
790
views
Why does NMAP's Http-Method-Tampering Mark a Server's 405 Code as Vulnerable?
I recently tested a custom server with the http method tamper script from NMAP. It reported the server as being vulnerable with the following output:
nmap -p 8000 -sV --script http-method-tamper 192....
- 236
2
votes
0
answers
203
views
Why is every port open on every scan i do [duplicate]
I have been hired to do some tests on networks but however everytime i do a scan every port is open. This is using nmap and homemade tools. This has been a ongoing problem. I created a script to check ...
- 49
1
vote
1
answer
2k
views
nmap does not work through proxychains
Despite the already existing answers about this topic, I am still unable to use nmap through proxychains.
I would like to scan the port 80 of a machine I can connect using SSH. To do so, I enabled ...
- 133
0
votes
0
answers
1k
views
How to perform focused scan of public IP using nmap? [duplicate]
Scanning my router using the private IP address using nmap reveals the open ports:
Obtaining the public IP address of the router can be achieved by executing the command:
nslookup myip.opendns.com ...
- 101
2
votes
2
answers
223
views
Attack surface when no incoming port is open [closed]
Let's assume that the only attack to be feared on a computer is one via the network in which the machine is embedded.
What options does an attacker have if the machine has no open incoming ports?
(For ...
- 21