Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network.
Questions tagged [nmap]
255 questions
1
vote
2 answers
nmap - get ssl expiration from fqdn
lets say i have the following url:
www.domain.com:4567/blabla/index.html
I'm trying to get its' ssl expiration date.
There's this:
nmap --script=ssl-cert.nse -p 9194 www.domain.com
but it doesnt quite work.
I'm unable to find the right argument…
JustAGuy
- 639
- 3
- 23
- 38
1
vote
1 answer
Scan IP range for SSL/TLS versions and vulnerabilities with legible/greppable output
I'm looking to find computers on the network that are using older versions of tls/ssl.
So far I've been using nmap's ssl-enum-ciphers and ssl-poodle scripts but the output isn't helpful as it shows every cipher available, eg :
Nmap scan report for…
rambetherleu
- 21
- 1
- 5
1
vote
1 answer
Discover IPMI IP address by scanning all possible direct LAN addresses
I have a Supermicro server board that powers on but wont post.
I have connected a LAN cable to the dedicated IPMI LAN port on the board and am trying to discover what the IPMI IP address of the board is.
I have tried scanning the local network…
proximacentauri
- 121
- 1
- 4
1
vote
2 answers
nmap host discovery to get MAC Address
I notice that nmap -sn is no longer provide the MAC address for remote host as discussed in Can I use nmap to discover IPs and mac addresses?
I would like to get something like netdiscover output. Just IP & MAC Address only.
Nmap version…
Wolf
- 201
- 5
- 11
1
vote
1 answer
Scan a list/range of IP addresses to find out which SSL Certificates each one is using
I have a list of internal IP addresses 1000+ strong, most of which I suspect are running services on port 443 and therefore will have a certificate installed on the server. These ips all exist on three seperate /24 subnets. My goal is to find out…
rambetherleu
- 21
- 1
- 5
1
vote
0 answers
Azure SQL Database firewall allows TCP connections when they should be blocked
I am looking at a particular Azure SQL Database that has Server level firewall rules. I am told there are no database level firewall rules. Nmap reported open ports on the database even though the IP address i ran it from was not allowed according…
M6rk
- 63
- 5
0
votes
1 answer
nmap - get detailed output for requests?
Update 2: pf already defaults to drop. What causes nmap to notice the server? What does 'received reset' mean?
Update 1:
Maybe I misinterpreted my findings. When run with -v2, nmap tells me that "Host is up, received reset ttl 52". Does this mean…
loopend
- 11
- 3
0
votes
1 answer
why same nmap command behaves different at server than local machine?
I am running this nmap command on local machine (Windows 10 with nmap https://nmap.org/book/inst-windows.html)
nmap --script ssl-enum-ciphers -p 443 api.valorebooks.com
and it is showing SSL certificates like this
but when I see at server machine…
Kamran Qadir
- 103
- 2
0
votes
1 answer
Using nmap to scan an entire range
I found many examples with nmap online, but I got curious and I could not find a more advanced command. For example, if I want to scan a rage of ip in this measure, 192.168.x.x, then from 192.160.0.0 to 192.168.255.255, what is the correct syntax? I…
Leon
- 11
- 1
0
votes
1 answer
NMap Topologie missing Switches (no kind of Topology)
I did scan some of our Networks but for any reason NMap doesnt applies any kind of topologie.
It seems like there is everything connected directly but there are switches in between and those connections seem like not being…
Kevin
- 39
- 8
0
votes
1 answer
why does ssh tunnel leaves ports opened with default services
I haven't tried in a different machine, but I am trying to establish an ssh tunnel to an external server. This how I am doing it:
ssh -L 9898:firewalled.service.com:443 user@some-server
I have 2 problems on this:
while accessing to localhost:9898,…
Simon Ernesto Cardenas Zarate
- 251
- 1
- 3
- 12
0
votes
1 answer
nmap output in csv format sorted by last octet in ip address
I have this command which works well to give me a list of ip address, MAC address, and Mac Vendor
sudo nmap -sn 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " "substr($0, index($0,$3)) }' | sort
All I want to do is…
William K
- 1
- 1
0
votes
1 answer
Strange NMAP output
I am trying to scan TCP port 8092 of a host using nmap 7.60. When I execute nmap without root privileges it says that the port is filtered, but if I try to scan it with sudo it tells me that the port is actually open. Also without root privileges…
Georgi Stoyanov
- 133
- 2
- 8
0
votes
1 answer
regular nmap scan flaky; hosts are missing sometimes
I'm using nmap 7.6 to scan my local wired network every minute.
The problem is that the scan results are flaky: Sometimes hosts are missing in the result, although they are definitively available (e.g. the router that I use to get into this…
cweiske
- 791
- 1
- 13
- 36
0
votes
1 answer
IP Camera does not show open ports for RTP streaming but shows RTSP port open
I ran nmap on my IP camera to see what ports are open. I see a RTSP port open on port no 554, as expected. However, I do not see any ports open for RTP-RTCP streaming.
Here is the output of nmap:
PORT STATE SERVICE
22/tcp filtered…
asinix
- 125
- 6