Network Scaanning Techniques
Quick Scan the network before jumping into the service enumeration and hacking. Listing down the most effective and quick methods to perform scanning.
Before using the commands assign your IP to a variable like IP=192.168.1.1 and easily copy and paste commands to execute.
Using rustscan
rustscan is a very effective tool to perform quick scanning and finds ports very quickely.
- Quick scanning
will quickly scan all the ports in the network
rustscan -a $IP
- Service Enum
Rustscan does not do service version and enum it uses NMAP to do so, you can pass the nmap tags to perfrom further enumeartion action on the open ports
rustscan -a 192.168.1.10 -- -sV -sC
Rustscan uses full TCP connect scans by default, and it can easily be flagged by IDS/IPS in the network system, An amazing tool for simulated labs , but not good for stealth operations. RUSTSCAN IS NOISIER.
Using Nmap
The classic scanner of ports and service enumeartion tool below are list of quick commands
Basic syntax
nmap <TAGS> $IP
Important TAGS.
almost all the tags of nmap is important below are the ones which you might use frequently
- -p- : all port scanning
- -Pn : Treat all host as online
- -sU : UDP scanning
- -sC : default script
- -O : OS detection
- -oN : save output to a text file
- --open : only show open ports
- --script : to use nmap script engine
Quick Nmap Commands
To perfrom a quick all port scanning ,finding out service versions, Do default script scanning on the discovered port.
nmap -sV -sC -p- $IP --open -oN nmap_tcp
Ninja Script
Below script will take input from a file target.txt and will create directory for each IP address and saves the scanning results in each directory.
Targets.txt
192.168.1.5
192.168.1.8
192.168.1.9
Script
while read -r ip; do last_octet=$(echo $ip | awk -F. '{print $NF}'); mkdir -p $last_octet; rustscan -a $ip -- -sV -sC > $last_octet/scan_tcp.txt; done < targets.txt