Nmap Fundamentals
1
Building Nmap's source code
2
NMAP - Finding online hosts
3
NMAP - Listing open ports on a target
4
NMAP - Fingerprinting OSes and services running on a target
5
NMAP - Using NSE scripts against a target host
6
NMAP - Scanning random targets on the internet
7
NMAP - Collecting signatures of web servers
8
NMAP - Scanning with Rainmap Lite
Nmap Fundamentals
1
Building Nmap's source code
2
NMAP - Finding online hosts
3
NMAP - Listing open ports on a target
4
NMAP - Fingerprinting OSes and services running on a target
5
NMAP - Using NSE scripts against a target host
6
NMAP - Scanning random targets on the internet
7
NMAP - Collecting signatures of web servers
8
NMAP - Scanning with Rainmap Lite
Getting Familiar with Nmap's Family
1
Monitoring servers remotely with Nmap and Ndiff
2
Monitoring servers remotely with Nmap and Ndiff
3
NMAP - Crafting ICMP echo replies with Nping
4
NMAP - Crafting ICMP echo replies with Nping
5
NMAP - Managing multiple scanning profiles with Zenmap
6
NMAP - Managing multiple scanning profiles with Zenmap
7
NMAP - Running Lua scripts against a network connection with Ncat
8
NMAP - Running Lua scripts against a network connection with Ncat
9
NMAP - Discovering systems with weak passwords with Ncrack
10
NMAP - Discovering systems with weak passwords with Ncrack
11
Using Ncat to diagnose a network client
12
Defending against Nmap service detection scans
13
Defending against Nmap service detection scans
Scanning Web Servers
1
NMAP - Listing supported HTTP methods
2
NMAP - Listing supported HTTP methods
3
NMAP - Discovering interesting files and folders on web servers
4
NMAP - Brute forcing HTTP authentication
5
NMAP - Brute forcing HTTP authentication
6
NMAP - Brute forcing web applications
7
NMAP - Brute forcing web applications
8
NMAP - Detecting web application firewalls
9
NMAP - Detecting web application firewalls
10
NMAP - Detecting possible XST vulnerabilities
11
NMAP - Detecting possible XST vulnerabilities
12
NMAP - Detecting XSS vulnerabilities
13
NMAP - Detecting XSS vulnerabilities
14
NMAP - Finding SQL injection vulnerabilities
15
NMAP - Finding SQL injection vulnerabilities
16
NMAP - Finding web applications with default credentials
17
NMAP - Finding web applications with default credentials
18
NMAP - Detecting insecure cross-domain policies
19
NMAP - Detecting insecure cross-domain policies
20
NMAP - Detecting exposed source code control systems
21
NMAP - Auditing the strength of cipher suites in SSL servers
22
NMAP - Auditing the strength of cipher suites in SSL servers
Network Scanning
1
Discovering hosts with TCP SYN ping scans
2
Discovering hosts with TCP SYN ping scans
3
Discovering hosts with TCP ACK ping scans
4
Discovering hosts with TCP ACK ping scans
5
Discovering hosts with UDP ping scans
6
Discovering hosts with ICMP ping scans
7
Discovering hosts with ICMP ping scans
8
Discovering hosts with SCTP INIT ping scans
9
Discovering hosts with SCTP INIT ping scans
10
Discovering hosts with IP protocol ping scans
11
Discovering hosts with ARP ping scans
12
Performing advanced ping scans
13
Discovering hosts with broadcast ping scans
14
Discovering hosts with broadcast ping scans
15
NMAP - Scanning IPv6 addresses
16
NMAP - Scanning IPv6 addresses
17
NMAP - Spoofing the origin IP of a scan
18
NMAP - Spoofing the origin IP of a scan
19
NMAP - Using port scanning for host discovery
20
NMAP - Using port scanning for host discovery
Scanning Mail Servers
1
NMAP - Detecting SMTP open relays
2
NMAP - Detecting SMTP open relays
3
NMAP - Brute-forcing SMTP passwords
4
NMAP - Detecting suspicious SMTP servers
5
NMAP - Detecting suspicious SMTP servers
6
NMAP - Enumerating SMTP usernames
7
NMAP - Brute-forcing IMAP passwords
8
NMAP - Brute-forcing IMAP passwords
9
NMAP - Retrieving the capabilities of an IMAP server
10
NMAP - Retrieving the capabilities of an IMAP server
11
NMAP - Brute-forcing POP3 passwords
12
NMAP - Brute-forcing POP3 passwords
13
NMAP - Retrieving the capabilities of a POP3 server
14
NMAP - Retrieving the capabilities of a POP3 server
15
NMAP - Retrieving information from SMTP servers with NTLM authentication
Reconnaissance Tasks
1
NMAP - Performing IP address geolocation
2
NMAP - Performing IP address geolocation
3
NMAP - Getting information from WHOIS records
4
NMAP - Getting information from WHOIS records
5
NMAP - Obtaining traceroute geolocation information
6
NMAP - Obtaining traceroute geolocation information
7
NMAP - Querying Shodan to obtain target information
8
NMAP - Collecting valid email accounts and IP addresses from web servers
9
NMAP - Collecting valid email accounts and IP addresses from web servers
10
NMAP - Discovering hostnames pointing to the same IP address
11
NMAP - Discovering hostnames pointing to the same IP address
12
NMAP - Discovering hostnames by brute-forcing DNS records
13
NMAP - Discovering hostnames by brute-forcing DNS records
14
NMAP - Matching services with public vulnerability advisories and picking the low-hanging fruit
Scanning ICS/SCADA Systems
1
NMAP - Finding common ports used in ICS/SCADA systems
2
NMAP - Finding common ports used in ICS/SCADA systems
3
NMAP - Finding HMI systems
4
NMAP - Finding HMI systems
5
NMAP - Enumerating Siemens SIMATIC S7 PLCs
6
NMAP - Enumerating Siemens SIMATIC S7 PLCs
7
NMAP - Enumerating Modbus devices
8
NMAP - Enumerating BACnet devices
9
NMAP - Enumerating BACnet devices
10
NMAP - Enumerating Ethernet/IP devices
11
NMAP - Enumerating Ethernet/IP devices
12
NMAP - Enumerating Niagara Fox devices
13
NMAP - Enumerating ProConOS devices
14
NMAP - Enumerating Omrom PLC devices
15
NMAP - Enumerating Omrom PLC devices
16
NMAP - Enumerating PCWorx devices
17
NMAP - Enumerating PCWorx devices
Scanning Databases
1
NMAP - Listing MySQL databases
2
NMAP - Listing MySQL databases
3
NMAP - Listing MySQL users
4
NMAP - Listing MySQL users
5
NMAP - Listing MySQL variables
6
NMAP - Brute-forcing MySQL passwords
7
NMAP - Brute-forcing MySQL passwords
8
NMAP - Finding root accounts with an empty password in MySQL servers
9
NMAP - Finding root accounts with an empty password in MySQL servers
10
NMAP - Detecting insecure configurations in MySQL servers
11
NMAP - Brute forcing Oracle passwords
12
NMAP - Brute forcing Oracle passwords
13
NMAP - Brute forcing Oracle SID names
14
NMAP - Brute forcing Oracle SID names
15
NMAP - Retrieving information from MS SQL servers
16
NMAP - Retrieving information from MS SQL servers
17
NMAP - Brute forcing MS SQL passwords
18
NMAP - Brute forcing MS SQL passwords
19
NMAP - Dumping password hashes of MS SQL servers
20
NMAP - Dumping password hashes of MS SQL servers
21
NMAP - Running commands through xp_cmdshell in MS SQL servers
22
NMAP - Running commands through xp_cmdshell in MS SQL servers
23
NMAP - Finding system administrator accounts with empty passwords in MS SQL servers
24
NMAP - Finding system administrator accounts with empty passwords in MS SQL servers
25
NMAP - Obtaining information from MS SQL servers with NTLM enabled
26
NMAP - Obtaining information from MS SQL servers with NTLM enabled
27
NMAP - Retrieving MongoDB server information
28
NMAP - Retrieving MongoDB server information
29
NMAP - Detecting MongoDB instances with no authentication enabled
30
NMAP - Detecting MongoDB instances with no authentication enabled
31
NMAP - Listing MongoDB databases
32
NMAP - Listing CouchDB databases
33
NMAP - Listing CouchDB databases
34
NMAP - Retrieving CouchDB database statistics
35
NMAP - Retrieving CouchDB database statistics
36
NMAP - Detecting Cassandra databases with no authentication enabled
37
NMAP - Brute forcing Redis passwords
38
NMAP - Brute forcing Redis passwords
Scanning Mainframes
1
NMAP - Listing CICS transaction IDs in IBM mainframes
2
NMAP - Listing CICS transaction IDs in IBM mainframes
3
NMAP - Enumerating CICS user IDs for the CESL/CESN login screen
4
NMAP - Brute-forcing z/OS JES NJE node names
5
NMAP - Brute-forcing z/OS JES NJE node names
6
NMAP - Enumerating z/OS TSO user IDs
7
NMAP - Enumerating z/OS TSO user IDs
8
NMAP - Brute-forcing z/OS TSO accounts
9
NMAP - Listing VTAM application screens
10
NMAP - Listing VTAM application screens
Scanning Windows Systems
1
NMAP - Obtaining system information from SMB
2
NMAP - Detecting Windows clients with SMB signing disabled
3
NMAP - Detecting Windows clients with SMB signing disabled
4
NMAP - Detecting Windows hosts vulnerable to MS08-067 and MS17-010
5
NMAP - Detecting IIS web servers that disclose Windows 8.3 names
6
NMAP - Retrieving the NetBIOS name and MAC address of a host
7
NMAP - Detecting Windows hosts vulnerable to MS08-067 and MS17-010
8
NMAP - Enumerating user accounts of Windows targets
9
NMAP - Retrieving the NetBIOS name and MAC address of a host
10
NMAP - Enumerating shared folders
11
NMAP - Enumerating user accounts of Windows targets
12
NMAP - Enumerating SMB sessions
13
NMAP - Enumerating shared folders
14
NMAP - Finding domain controllers
15
NMAP - Finding domain controllers
16
NMAP - Detecting the Shadow Brokers' DOUBLEPULSAR SMB implants
17
NMAP - Detecting the Shadow Brokers' DOUBLEPULSAR SMB implants
18
NMAP - Listing supported SMB protocols
19
NMAP - Listing supported SMB protocols
20
NMAP - Detecting vulnerabilities using the SMB2/3 boot-time field
21
NMAP - Detecting vulnerabilities using the SMB2/3 boot-time field
22
NMAP - Detecting whether encryption is enforced in SMB servers
23
NMAP - Detecting whether encryption is enforced in SMB servers
Writing Your Own NSE Scripts
1
NMAP - Making HTTP requests to identify vulnerable Supermicro IPMI/BMC controllers
2
NMAP - Making HTTP requests to identify vulnerable Supermicro IPMI/BMC controllers
3
NMAP - Sending UDP payloads using NSE sockets
4
NMAP - Sending UDP payloads using NSE sockets
5
NMAP - Generating vulnerability reports in NSE scripts
6
NMAP - Generating vulnerability reports in NSE scripts
7
NMAP - Exploiting an SMB vulnerability
8
NMAP - Exploiting an SMB vulnerability
9
NMAP - Writing brute-force password auditing scripts
10
NMAP - Writing brute-force password auditing scripts
11
NMAP - Crawling web servers to detect vulnerabilities
12
NMAP - Crawling web servers to detect vulnerabilities
13
NMAP - Working with NSE threads, condition variables, and mutexes in NSE
14
NMAP - Working with NSE threads, condition variables, and mutexes in NSE
15
NMAP - Writing a new NSE library in Lua
16
NMAP - Writing a new NSE library in C/C plus plus
17
NMAP - Writing a new NSE library in C/C plus plus
18
NMAP - Getting your scripts ready for submission
19
NMAP - Getting your scripts ready for submission
Optimizing Scans
1
NMAP - Skipping phases to speed up scans
2
NMAP - Skipping phases to speed up scans
3
NMAP - Selecting the correct timing template
4
NMAP - Selecting the correct timing template
5
NMAP - Adjusting timing parameters
6
NMAP - Adjusting performance parameters
7
NMAP - Adjusting performance parameters
8
NMAP - Adjusting scan groups
9
NMAP - Adjusting scan groups
10
NMAP - Distributing a scan among several clients using dnmap
11
NMAP - Distributing a scan among several clients using dnmap
Exploiting Vulnerabilities with the Nmap Scripting Engine
1
NMAP - Generating vulnerability reports in NSE scripts
2
NMAP - Generating vulnerability reports in NSE scripts
3
NMAP - Writing brute-force password auditing scripts
4
NMAP - Writing brute-force password auditing scripts
5
NMAP - Crawling web servers to detect vulnerabilities
6
NMAP - Crawling web servers to detect vulnerabilities
7
NMAP - Exploiting SMB vulnerabilities
8
NMAP - Exploiting SMB vulnerabilities
Generating Scan Reports
1
NMAP - Saving scan results in a normal format
2
NMAP - Saving scan results in a normal format
3
NMAP - Saving scan results in an XML format
4
NMAP - Saving scan results in an XML format
5
NMAP - Saving scan results to a SQLite database
6
NMAP - Saving scan results to a SQLite database
7
NMAP - Saving scan results in a grepable format
8
NMAP - Saving scan results in a grepable format
9
NMAP - Generating a network topology graph with Zenmap
10
NMAP - Generating a network topology graph with Zenmap
11
NMAP - Generating HTML scan reports
12
NMAP - Generating HTML scan reports
13
NMAP - Reporting vulnerability checks
14
NMAP - Generating PDF reports with fop
15
NMAP - Saving NSE reports in Elasticsearch
16
NMAP - Saving NSE reports in Elasticsearch
17
NMAP - Visualizing Nmap scan results with IVRE
18
NMAP - Visualizing Nmap scan results with IVRE
Productivity Hacks to Get More Done in 2018
— 28 February 2017
- Facebook News Feed Eradicator (free chrome extension) Stay focused by removing your Facebook newsfeed and replacing it with an inspirational quote. Disable the tool anytime you want to see what friends are up to!
- Hide My Inbox (free chrome extension for Gmail) Stay focused by hiding your inbox. Click "show your inbox" at a scheduled time and batch processs everything one go.
- Habitica (free mobile + web app) Gamify your to do list. Treat your life like a game and earn gold goins for getting stuff done!