Task 3 - Nmap Switches
Last updated
Last updated
-v (Increase verbosity level) , -v (Set verbosity level)
Increases the verbosity level, causing Nmap to print more information about the scan in progress. Open ports are shown as they are found and completion time estimates are provided when Nmap thinks a scan will take more than a few minutes. Use it twice or more for even greater verbosity: -vv, or give a verbosity level directly, for example -v3.
We should always save the output of our scans -- this means that we only need to run the scan once (reducing network traffic and thus chance of detection), and gives us a reference to use when writing reports for clients.
As a convenience, you may specify -oA to store scan results in normal, XML, and grepable formats at once. They are stored in .nmap, .xml, and .gnmap, respectively.
Sometimes the results we're getting just aren't enough. If we don't care about how loud we are, we can enable "aggressive" mode. This is a shorthand switch that activates service detection, operating system detection, a traceroute and common script scanning.
-A: Enable OS detection, version detection, script scanning, and traceroute
Nmap offers five levels of "timing" template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!
We can also choose which port(s) to scan.
A very useful option that should not be ignored:
So you can specify -p- to scan ports from 1 through 65535.
These scripts check for specific known vulnerabilities and generally only report results if they are found. Examples include realvnc-auth-bypass and afp-path-vuln.
HINT: There are two variants of this switch. One with a space, one with the equals sign. Look at the asterisks in the answer field to see which one it is.
-sU
-O
-sV
-v
-vv
-oA
-oN
-oG
-A
-T5
-p 80
-p 1000-1500
-p-
--script
--script=vuln
