Penetration Testing mailing list archives
Re: fast nmap scan of XP boxes?
From: Daniel Miessler <daniel () dmiessler com>
Date: Fri, 28 Oct 2005 22:14:56 -0400
On Aug 12, 2005, at 1:58 PM, Michael Weber wrote:
I am using nmap to create a list of targets that I will then use othertools to test. My problem is how can I do a fast scan of a large (class B) network of systems running XP, most with firewalling turned on? Willnmap -sP still find the systems if ping does not?
I have something just for you; I use it constantly during assessments just for this purpose:
nmap -vv -n -sP -PS21,22,23,25,53,80,110,135,139,143,445,1433,1521 $target | grep appears | grep up | cut -d" " -f2 > $outfile
What this does is "ping" the host via not just ICMP, but also via TCP connections on the ports listed. :) It makes great lists and, as you know, it saves tons of time when you import a list of active hosts instead of just feeding a network.
Hope you like it. :) Oh, and here's my Nmap "Primer" which has a couple other decent nuggets:
http://dmiessler.com/study/nmap -- Daniel R. Miessler M: daniel () dmiessler com W: http://dmiessler.com G: 0x316BC712
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Re: fast nmap scan of XP boxes? Daniel Miessler (Oct 28)
- Re: fast nmap scan of XP boxes? Juan B (Oct 29)
- Re: fast nmap scan of XP boxes? ilaiy (Oct 29)
- Re: fast nmap scan of XP boxes? Juan B (Oct 29)