Questions tagged [nmap]
A robust and open source security tool for network discovery and security auditing.
539 questions
1
vote
0
answers
25
views
What options are there for live output of nmap scan results? [duplicate]
I need to do a lot of potentially really slow 65k port sweeps and UDP scans. The problem I have is that the XML output (open ports, service probe results) appears only when the entire scan is complete....
- 11
1
vote
1
answer
362
views
Windows RPC "ephemeral" ports
I am doing a cybersecurity review for a client's Windows system, based on documentation that was provided to me. Among other things, the client ran an nmap scan, which showed TCP ports 49664 - 49668 ...
- 153
1
vote
1
answer
206
views
NSE script not running in nmap [closed]
When executing the command nmap -p80 --script=http-enum <host IP>
I get no results back from the script "http-enum" as if I did not specify a script to run. I have been using the ...
2
votes
1
answer
129
views
NMAP scan from an input file with 100 hosts yields different results compared to scanning hosts individually
I'm trying to ascertain if TCP 8050 & 86 are open on various hosts so I run
nmap -sT -Pn -p 86,8050 -iL (location of input file) -oX (location of output file).xml
The results I receive are ...
- 21
0
votes
1
answer
135
views
ICMP port unreachable message stops NMAP on UDP scan but not always [closed]
I have two almost identical embedded hosts that I am scanning with NMAP on the specific UDP port 47808.
On host 192.168.2.12 NMAP returns after a while with:
while on 192.168.2.24 NMAP immediately ...
- 101
0
votes
0
answers
112
views
ncrack returning no results
I am attempting to perform basic pen testing, I successfully used hydra however I am having some issues with ncrack... To my knowledge the syntax is correct, as I do not encounter any errors however ...
1
vote
0
answers
80
views
Is the Appearance of Numerous Open Ports in Network Scans a Misconfiguration, Security Strategy, or Bad Practice? [duplicate]
While scanning networks, I have often come across a large number of open ports, or that’s the result returned by various tools like Nmap, Masscan, etc. Of course, this is false information...
But I’m ...
- 11
0
votes
1
answer
479
views
Nmap --disable-arp-ping [duplicate]
I was wondering what the option --disable-arp-ping is for? I have been doing HTB and sometimes I see them using it but I do not really know what is the purpose of this option.
5
votes
2
answers
735
views
Why does NMAP's Http-Method-Tampering Mark a Server's 405 Code as Vulnerable?
I recently tested a custom server with the http method tamper script from NMAP. It reported the server as being vulnerable with the following output:
nmap -p 8000 -sV --script http-method-tamper 192....
- 236
2
votes
0
answers
166
views
Why is every port open on every scan i do [duplicate]
I have been hired to do some tests on networks but however everytime i do a scan every port is open. This is using nmap and homemade tools. This has been a ongoing problem. I created a script to check ...
- 49
1
vote
1
answer
2k
views
nmap does not work through proxychains
Despite the already existing answers about this topic, I am still unable to use nmap through proxychains.
I would like to scan the port 80 of a machine I can connect using SSH. To do so, I enabled ...
- 133
0
votes
0
answers
1k
views
How to perform focused scan of public IP using nmap? [duplicate]
Scanning my router using the private IP address using nmap reveals the open ports:
Obtaining the public IP address of the router can be achieved by executing the command:
nslookup myip.opendns.com ...
- 101
2
votes
2
answers
199
views
Attack surface when no incoming port is open [closed]
Let's assume that the only attack to be feared on a computer is one via the network in which the machine is embedded.
What options does an attacker have if the machine has no open incoming ports?
(For ...
- 21
0
votes
0
answers
137
views
Default nmap script execution when specifying --script banner
I have a subscription for a NSE scripts feed for nmap. There are some of those scripts which have the default category (among others)
I am running nmap in the following way
nmap --privileged -oX - -T3 ...
1
vote
0
answers
362
views
NMAP sending ARP request to destination IP instead of default gateway [closed]
I am doing an NMAP port scan to a remote IP present in a different subnet. NMAP initiates an ARP request first to the remote IP instead of the default gateway(even if the ARP entry is present in the ...
