opexxx

nmap_cmd

Jul 16th, 2014 (edited)
444
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Ping a subnet:
  2. nmap -n -sP 172.16.0.0/16 -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> 172.16.txt
  3.  
  4. From a target list:
  5. nmap -n -sP -iL HQWorkstations.txt -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> HQWork.txt
  6.  
  7. For a specific port or ports:
  8. nmap -p445 -Pn 192.168.1.1/24 -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt
  9.  
  10. Get a number of live systems when using -Pn
  11. cat FileName.gnmap | grep "Status: Up" | cut -d' ' -f2 | wc -l
  12.  
  13. nmap -p445 -Pn 192.168.1.1/24 -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt
  14.  
  15. nmap -n -sT -p445 --script=smb-enum-shares.nse -script-args=smbuser=USER,smbhash=e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c,smbtype=v1,smbdomain=DOMAIN  -oN SMB-User.txt 10.110.10.1/24 --open -vv
  16.  
  17. To test using the local user password hashes, use "smbdomain=."
Add Comment
Please, Sign In to add comment