Questions tagged [nmap]
A robust and open source security tool for network discovery and security auditing.
534
questions
5
votes
2
answers
523
views
Why does NMAP's Http-Method-Tampering Mark a Server's 405 Code as Vulnerable?
I recently tested a custom server with the http method tamper script from NMAP. It reported the server as being vulnerable with the following output:
nmap -p 8000 -sV --script http-method-tamper 192....
2
votes
0
answers
45
views
Why is every port open on every scan i do [duplicate]
I have been hired to do some tests on networks but however everytime i do a scan every port is open. This is using nmap and homemade tools. This has been a ongoing problem. I created a script to check ...
1
vote
1
answer
155
views
nmap does not work through proxychains
Despite the already existing answers about this topic, I am still unable to use nmap through proxychains.
I would like to scan the port 80 of a machine I can connect using SSH. To do so, I enabled ...
0
votes
0
answers
374
views
How to perform focused scan of public IP using nmap? [duplicate]
Scanning my router using the private IP address using nmap reveals the open ports:
Obtaining the public IP address of the router can be achieved by executing the command:
nslookup myip.opendns.com ...
2
votes
2
answers
142
views
Attack surface when no incoming port is open [closed]
Let's assume that the only attack to be feared on a computer is one via the network in which the machine is embedded.
What options does an attacker have if the machine has no open incoming ports?
(For ...
0
votes
0
answers
87
views
Default nmap script execution when specifying --script banner
I have a subscription for a NSE scripts feed for nmap. There are some of those scripts which have the default category (among others)
I am running nmap in the following way
nmap --privileged -oX - -T3 ...
0
votes
0
answers
127
views
nmap scanning a slow host
Is there way how to enforce nmap waiting for replies longer (10 seconds)? I want to scan an embedded device which utilizes some sleep modes and it process packets from wi-fi module with very high ...
0
votes
0
answers
176
views
NMAP same destination ip, different scanner interface, different result
I am trying to check the port status of a external IP using NMAP, I am getting different result on different interface to same destination (destination is a public IP).
When NMAP tried from the ...
1
vote
0
answers
201
views
NMAP sending ARP request to destination IP instead of default gateway [closed]
I am doing an NMAP port scan to a remote IP present in a different subnet. NMAP initiates an ARP request first to the remote IP instead of the default gateway(even if the ARP entry is present in the ...
1
vote
1
answer
541
views
Vulnerability scanning on target Android device
Is there an nmap vulnerability scanning script (vuln, vulscan, nmap-vulners etc) for scanning target Android devices on the network?
If not, is there any specific scanning tool that scans for CVE on ...
0
votes
0
answers
134
views
How to scan private IPs from the Internet [duplicate]
If we have any public IP and their private network IP, which command should we use to scan their private IP to find their vulnerabilities and open ports?
1
vote
1
answer
358
views
Nmap recommendations for ICS scanning
ICS systems seem to have to be handled with care concerning network load. So my question is if you probably have any suggestions on how to configure nmap to scan as many machines as possible in ...
1
vote
0
answers
104
views
What tool can I use to verify the output from Nmap? [closed]
With OS detection enabled I noticed that the device fingerprints is running something entirely wrong. Is there another tool that I can use that can verify since something looks odd?
0
votes
1
answer
294
views
Nmap is returning different results when run on different source networks on the target same network
I am running a CODA4680 in bridge mode connected to my pfsense 1100 (and yes it is getting a true public ip). I set it up the standard way, didn't touch the rules.
I performed an NMAP scan from my ...
0
votes
1
answer
133
views
Reason ports are toggling between no-response and host unrechable for the SAME machine, why?
I'm trying to learn pentesting and one thing that triggers me for my workshop is :
I have an ip address where all reason's ports are no-response, the status for all ports are filtered but when I re-do ...