All Questions
Tagged with nmap penetration-test
25
questions
0
votes
2
answers
3k
views
Nmap scanning with and without proxychains has different behaviour
I'm doing a nmap scan to my own machine to my own machine. First of all I set the port 333 to listen with this command sudo nc -lvnp 333
On the other terminal I run sudo nmap -O -sV -p 0-65535 IP ...
0
votes
1
answer
1k
views
nmap: Same IP, different domain names, different results?
I'm scanning a network (whose name will not be stated). It has >1 IP addresses. When I tried scanning its subdomains, there are several subdomains that are translated to the same IP address but return ...
0
votes
0
answers
767
views
How to fingerprint Windows 10 reliably?
Recently, I have been practicing penetration testing and I have come to a standstill when trying to fingerprint the OS for a Windows 10 target with nmap.
For the most part, I'm not able to identify ...
1
vote
0
answers
749
views
nmap - No Ports Open [closed]
I bought a Tonbux Smart WiFi Plug WL-SC01 and I'm doing some hack tests on it for educational purposes. I used nmap to check for both UDP and TCP ports but both return that there are no open ports at ...
2
votes
2
answers
305
views
What exactly does a default port scan look like? I am trying to run a default port scan without setting off the ids on my test network
What is the best option to use for a default port scan of a server on my test network without setting off the ids using nmap. -f is not a switch i am wanting to use.
8
votes
3
answers
1k
views
What are some instant red flags when scanning an network with nmap
When doing an Nmap scan from an external network, what open ports should be an instant red flag?
For example, if I was in the open internet and scanned www.somewebsite.com, besides port 22, what other ...
4
votes
1
answer
4k
views
How to control the ciphersuites in nmap "ssl-enum-ciphers"
There is a script for enumerating the TLS versions and ciphersuites ofered by a server provided by nmap. See this link.
Is there a way that allow me to specify the verisions and ciphersuites I want ...
3
votes
1
answer
5k
views
How to select the correct Exploit and payload? (msfconsole)
I am trying to learn about security and penetration testing. So far I've learned how to work with Metasploit (MSFconsole) and nmap (db_nmap).
I am using 2 VMs, one with Kali and the second with ...
-1
votes
1
answer
822
views
Get Services On Open Port
Is it possible to get a list of services running on an open port?
E.g. I am connected to port 80 with netcat and I want to get services that are listening.
5
votes
2
answers
2k
views
What is the purpose of DNS-based Authentication of Named Entities (DANE) and how does it relate to DNSSEC?
What is the purpose of DNS-based Authentication of Named Entities (DANE)? And how does it relate to the Domain Name System Security Extensions (DNSSEC)?
Secondly, how can I verify that DANE is ...
-1
votes
2
answers
3k
views
Use of Nmap ssl/http md5 and SHA1 hashes
I have below stated result on of the system by map:
443/tcp open ssl/http Apache httpd 2.0.52 ((CentOS))
| http-methods: GET HEAD POST OPTIONS TRACE
| Potentially risky methods: TRACE
|_See ...
2
votes
1
answer
2k
views
proxychains-ng with nmap issues
Can anyone tell me if proxychains-ng has limitations to work with nmap? I found that it does not work well when using -sV option in nmap. (stop at "Initiating NSE at ..." and never finish the scan) ...
-5
votes
3
answers
16k
views
Can I do hacking using Windows OS? [closed]
I have searched the web a numerous times but haven't found an explicit answer to my question.
I've studied (at school and on my own) computer networks for 2 years, doing active programming for 4 years ...
5
votes
3
answers
13k
views
Proxychains + nmap = segmentation fault
If I try the sV (service detection) flag in nmap run via proxychains (socks5 server) it appears to give me a segmentation fault message:-
root@kali:~# proxychains nmap -n -sT -Pn X.X.X.X -p 22,80,222,...
1
vote
3
answers
3k
views
What exactly does one get from a Nmap Scan?
I know nmap is a port scanner and its output shows all the open ports, the services running on those ports, the underlying OS and technology, etc. What should one take from this result in easiest ...