Posts tagged nmap

nmap: show available ssl ciphers of a server

posted on 2016-01-04 19:39:00


nmap --script ssl-enum-ciphers -p <PORT> <URL>


Starting Nmap 6.47 ( ) at 2016-01-04 15:37 CET
Nmap scan report for (
Host is up (0.0047s latency).
rDNS record for
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 30.54 seconds

nmap: examples

posted on 2015-03-05 11:08:48

Here is a list of nmap examples which I intend to have a much closer look at (with the manpage right beside me). It was stolen from here:

# Save output to a text file
nmap > output.txt
nmap -oN output.txt

# Scan a single ip address or hostname
nmap <ip or hostname>

# Scan an IP range and exclude ips
nmap --exclude,

# OS and version detection scanning
nmap -v -A

# Discover if a host/network is protected by a firewall
nmap -sA

# Scan a host when protected by the firewall
nmap -PN

# Scan an IPv6 host/address
nmap -6 <IPv6 address>

# Scan a network and discover which servers and devices are up and running
nmap -sP

# Fast scan
nmap -F

# Display the reason a port is in a particular state
nmap --reason

# Only show open (or possibly open) ports
nmap --open

# Show all packets sent and received
nmap --packet-trace

# Show host interfaces and routes
nmap --iflist

# Scan TCP port 80
nmap -p T:80

# Scan UDP port 53
nmap -p U:53

# Scan top ports i.e. scan <number> of most common ports
nmap --top-ports 5

# Fastest method of scanning all your devices/computers for open ports
nmap -T5

# Identify a remote host apps and OS
nmap -O  --osscan-guess

# Detect remote services (server / daemon) version numbers
nmap -sV

# Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PS

# Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PA

# Scan a host using IP protocol ping
nmap -PO

# Scan a host using UDP ping, bypasses firewalls and filters that only screen TCP
nmap -PU

# Stealth scan
nmap -sS

# Discover the most commonly used TCP ports using, TCP connect scan (not stealth scan)
nmap -sT

# Discover the most commonly used TCP ports using TCP ACK scan
nmap -sA

# Discover the most commonly used TCP ports using TCP Window scan
nmap -sW

# Discover the most commonly used TCP ports using TCP Maimon scan
nmap -sM

# Discover UDP services:
nmap -sU

# Scan for IP protocol
nmap -sO

# TCP Null Scan to fool a firewall to generate a response, Does not set any bits (TCP flag header is 0)
nmap -sN

# TCP Fin scan to check firewall, Sets just the TCP FIN bit
nmap -sF

# TCP Xmas scan to check firewall, Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree
nmap -sX

# Scan a firewall with packet fragments to make it harder for packet filters, intrusion detection systems to detect what you are doing
nmap -f
# Set your own offset size
nmap --mtu 32

# Cloak a scan with decoys
nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip

# Spoof your MAC address
nmap --spoof-mac MAC-ADDRESS-HERE
# Add other options
nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE

# Use a random MAC address
nmap -v -sT -PN --spoof-mac 0

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas