RE: Finding web servers with nmap

[Jonathan Loh <kj6loh () yahoo com>]

Since he just needs host and if 80 is open or not, I suggest taking the 2
"-v's" out as this just makes nmap more verbose and piping it through sed.  

BTW the '-sT' cmd gave me hits on ghost machines (machines not reallly there). 
IE it gave me 1 hit per IP (in use or not) that I have.  
--- tom.farrar () it-ps com wrote:

> #nmap -v -v -sT -P0 -p 80 -oG your.log -iL x.x.0-255.0-255
>
> That is quite a quick scan, for results see below:
>
> [With -sS]
> [root@snort-1 root]# nmap -v -v -sS -P0 -p 80 www.it-ps.com
> Nmap finished: 1 IP address (1 host up) scanned in !!-->0.610 seconds<--!!
>                Raw packets sent: 2 (82B) | Rcvd: 2 (88B)
>
> [With -sT]
> [root@snort-1 root]# nmap -v -v -sT -P0 -p 80 www.it-ps.com
> Nmap finished: 1 IP address (1 host up) scanned in !!-->0.055 seconds<--!!
>
> Hope that helps,
>
> Regards,
>
> Tom
>
>
> -----Original Message-----
> From: Denis [mailto:da_shestakov () myrealbox com] 
> Sent: 30 November 2005 17:01
> To: security-basics () securityfocus com
> Subject: Finding web servers with nmap
>
> Hi,
>
> I have a task to "relatively quickly" find all web servers (all hosts
> with open port 80) in some particular network. It seems it can be done
> with the nmap program. Could you advice me concerning the best options
> for running nmap to accomplish this task? In particular, does the
> following command do it right?
> nmap -v -sS -PS80 -PA80 -p 80 -oG my.log -iL x.x.0-255.0-255
> I am asking that because I have a concern that the above command may
> miss some hosts. However, it works faster than the command with "-P0
> -p 80" ... 
>
> -- 
> BR,
>   Denis



                
__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com