Tips and scan techniques with nmap and/or masscan

Since there are many ways to use nmap and masscan for host discovery and enumeration, wish do you would recommend?

There are mine:

nmap -sC -sV -oA host ip
nmap -v --open -sC -T4 -oA host ip
nmap -T4 -sC -sV -oO --open -v host ip

Security+

Hack The Box

Comments

  • I usually run:
    nmap -sS -sC -sV -Pn -p- -T4 -A host ip
    nmap -sV --script=smb* host ip <-- pending on what port is open obviously
    or
    rustscan host ip

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • I am lazy and nearly always default to:

    nmap -Pn -sC -sV -oA all_tcp -T4 --reason -vvvvvvvvvv -p- IP

    Occasionally I will run a UDP scan, but normally only if I am convinced it is needed.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    I am lazy and nearly always default to:

    nmap -Pn -sC -sV -oA all_tcp -T4 --reason -vvvvvvvvvv -p- IP

    Occasionally I will run a UDP scan, but normally only if I am convinced it is needed.

    There are moments where UDP scans spots some ports where TCP scan doesn't show anything. It's an good idea to run anything on the background always

    Security+

    Hack The Box

  • @kurogai said:

    Type your comment> @TazWake said:

    I am lazy and nearly always default to:

    nmap -Pn -sC -sV -oA all_tcp -T4 --reason -vvvvvvvvvv -p- IP

    Occasionally I will run a UDP scan, but normally only if I am convinced it is needed.

    There are moments where UDP scans spots some ports where TCP scan doesn't show anything. It's an good idea to run anything on the background always

    I agree it can be useful, but on 80% of HTB boxes, I've completed the box before the UDP scans finish.

    From memory, out of the last 20 retired boxes, only Quick and Intense needed UDP enumeration.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.