Re: NMAP Switches, -sS, -sT, etc.

[admin () vulnerabilityassessment co uk]

Doug,

To save you a bit of typing you can use -p- to specify all 65535 ports to scan. -0 is also not required as the -A 
switch carries out OS detection and version scanning.

NMAP -vv -A -sS -p- -P0 -oX target.xml www.xxx.yyy.zzz.

I generally use -sS -0 for my initial scan as it is quick and dependant on what results come back i.e. services not 
detected, I may then opt for a version scan to determine what services are running and not found on the initial scan.  
It may sound like double the work effort, however, I find a quite assessment of multiple hosts enables me to tailor 
where I go next.

Hope this helps

Toggmeister

http://www.vulnerabilityassessment.co.uk 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------