Skip to main content
Information Security

Questions tagged [nmap]

Ask Question

A robust and open source security tool for network discovery and security auditing.

534 questions
Newest Active Bountied Unanswered
5 votes
2 answers
523 views

Why does NMAP's Http-Method-Tampering Mark a Server's 405 Code as Vulnerable?

I recently tested a custom server with the http method tamper script from NMAP. It reported the server as being vulnerable with the following output: nmap -p 8000 -sV --script http-method-tamper 192....
Tung's user avatar
Tung
  • 236
2 votes
0 answers
45 views

Why is every port open on every scan i do [duplicate]

I have been hired to do some tests on networks but however everytime i do a scan every port is open. This is using nmap and homemade tools. This has been a ongoing problem. I created a script to check ...
Don Schulz's user avatar
Don Schulz
  • 39
1 vote
1 answer
155 views

nmap does not work through proxychains

Despite the already existing answers about this topic, I am still unable to use nmap through proxychains. I would like to scan the port 80 of a machine I can connect using SSH. To do so, I enabled ...
Pierre's user avatar
Pierre
  • 133
0 votes
0 answers
374 views

How to perform focused scan of public IP using nmap? [duplicate]

Scanning my router using the private IP address using nmap reveals the open ports: Obtaining the public IP address of the router can be achieved by executing the command: nslookup myip.opendns.com ...
machine_1's user avatar
machine_1
  • 101
2 votes
2 answers
142 views

Attack surface when no incoming port is open [closed]

Let's assume that the only attack to be feared on a computer is one via the network in which the machine is embedded. What options does an attacker have if the machine has no open incoming ports? (For ...
fkarger's user avatar
fkarger
  • 21
0 votes
0 answers
87 views

Default nmap script execution when specifying --script banner

I have a subscription for a NSE scripts feed for nmap. There are some of those scripts which have the default category (among others) I am running nmap in the following way nmap --privileged -oX - -T3 ...
alvaroalo's user avatar
alvaroalo
  • 1
0 votes
0 answers
127 views

nmap scanning a slow host

Is there way how to enforce nmap waiting for replies longer (10 seconds)? I want to scan an embedded device which utilizes some sleep modes and it process packets from wi-fi module with very high ...
Misaz's user avatar
Misaz
  • 101
0 votes
0 answers
176 views

NMAP same destination ip, different scanner interface, different result

I am trying to check the port status of a external IP using NMAP, I am getting different result on different interface to same destination (destination is a public IP). When NMAP tried from the ...
Shaim Khanusiya's user avatar
Shaim Khanusiya
  • 11
1 vote
0 answers
201 views

NMAP sending ARP request to destination IP instead of default gateway [closed]

I am doing an NMAP port scan to a remote IP present in a different subnet. NMAP initiates an ARP request first to the remote IP instead of the default gateway(even if the ARP entry is present in the ...
Shaim Khanusiya's user avatar
Shaim Khanusiya
  • 11
1 vote
1 answer
541 views

Vulnerability scanning on target Android device

Is there an nmap vulnerability scanning script (vuln, vulscan, nmap-vulners etc) for scanning target Android devices on the network? If not, is there any specific scanning tool that scans for CVE on ...
Ajay's user avatar
Ajay
  • 41
0 votes
0 answers
134 views

How to scan private IPs from the Internet [duplicate]

If we have any public IP and their private network IP, which command should we use to scan their private IP to find their vulnerabilities and open ports?
Finny's user avatar
Finny
  • 1
1 vote
1 answer
358 views

Nmap recommendations for ICS scanning

ICS systems seem to have to be handled with care concerning network load. So my question is if you probably have any suggestions on how to configure nmap to scan as many machines as possible in ...
user77029's user avatar
user77029
  • 15
1 vote
0 answers
104 views

What tool can I use to verify the output from Nmap? [closed]

With OS detection enabled I noticed that the device fingerprints is running something entirely wrong. Is there another tool that I can use that can verify since something looks odd?
maye's user avatar
maye
  • 11
0 votes
1 answer
294 views

Nmap is returning different results when run on different source networks on the target same network

I am running a CODA4680 in bridge mode connected to my pfsense 1100 (and yes it is getting a true public ip). I set it up the standard way, didn't touch the rules. I performed an NMAP scan from my ...
Philimel's user avatar
Philimel
  • 1
0 votes
1 answer
133 views

Reason ports are toggling between no-response and host unrechable for the SAME machine, why?

I'm trying to learn pentesting and one thing that triggers me for my workshop is : I have an ip address where all reason's ports are no-response, the status for all ports are filtered but when I re-do ...
Zokulko's user avatar
Zokulko
  • 101

15 30 50 per page
1
2 3 4 5
36