Penetration Testing with Kali Linux OffSec
nmap -v -sn 192.168.50.1-253 -oG ping-sweep.txt
|
|
nmap -v -sn 192.168.50.1-253 -oG ping-sweep.txt
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 03:21 EST Initiating Ping Scan at 03:21 ... Read data files from: /usr/bin/../share/nmap Nmap done: 254 IP addresses (13 hosts up) scanned in 3.74 seconds ... kali@kali:~$ grep Up ping-sweep.txt | cut -d " " -f 2 192.168.50.6 192.168.50.8 192.168.50.9 ... Listing 63 - Using nmap to perform a network sweep and then using grep to find live hosts We can also sweep for specific TCP or UDP ports across the network, probing for common services and ports in an attempt to locate systems that may be useful or have known vulnerabilities. This scan tends to be more accurate than a ping sweep. kali@kali:~$ nmap -p 80 192.168.50.1-253 -oG web-sweep.txt Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 03:50 EST Nmap scan report for 192.168.50.6 Host is up (0.11s latency). PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.50.8 Host is up (0.11s latency). PORT STATE SERVICE 80/tcp closed http ... kali@kali:~$ grep open web-sweep.txt | cut -d" " -f2 192.168.50.6 192.168.50.20 192.168.50.21 Listing 64 - Using nmap to scan for web servers using port 80 To save time and network resources, we can also scan multiple IPs, probing for a short list of common ports. For example, let’s conduct a TCP connect scan for the top 20 TCP ports with the -- top-ports option and enable OS version detection, script scanning, and traceroute with -A. kali@kali:~$ nmap -sT -A --top-ports=20 192.168.50.1-253 -oG top-port-sweep.txt Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 04:04 EST Nmap scan report for 192.168.50.6 Host is up (0.12s latency). PORT STATE SERVICE VERSION Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 148 21/tcp closed ftp 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 56:57:11:b5:dc:f1:13:d3:50:88:b8:ab:a9:83:e2:29 (RSA) | 256 4f:1d:f2:55:cb:40:e0:76:b4:36:90:19:a2:ba:f0:44 (ECDSA) |_ 256 67:46:b3:97:26:a9:e3:a8:4d:eb:20:b3:9b:8d:7a:32 (ED25519) 23/tcp closed telnet 25/tcp closed smtp 53/tcp closed domain 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-server-header: Apache/2.4.41 (Ubuntu) |_http-title: Under Construction 110/tcp closed pop3 111/tcp closed rpcbind ... Listing 65 - Using nmap to perform a top twenty port scan, saving the output in greppable format The top 20 nmap ports are determined using the /usr/share/nmap/nmap-services file, which uses a simple format of three whitespace-separated columns. The first is the name of the service, the second contains the port number and protocol, and the third is the “port frequency”. Everything after the third column is ignored, but is typically used for comments as shown by the use of the pound sign (#). The port frequency is based on how often the port was found open during periodic research scans of the internet. 263 kali@kali:~$ Yüklə Dostları ilə paylaş:
|