Helpful Nmap Notes

Nmap can take script arguments in a fashon such as the following

nmap -Pn -sU -sS --script "smb* and not smb-brute and not smb-flood and not smb-psexec and not smb-enum-shares" -T4 -p U:137,U:138,T:137,T:139,T:445 192.168.1.30

Note in particular the --script argument, contained within quotes, accepts wildcards and logical functions such as "and not". In the example above, I wanted to query all the smb information I could. However, I have no interest in brute force, flood, or psexec. Additionally, smb-enum-shares just takes too long.

I'm also using the U: and T: perameters, as well as -sU and -sS, on the port to query specific TCP and UDP ports within the same scan, so that I hit all SMB related ports.

BBK

BBK

Infosec analyst, lover of passwords, and owner of a giant goofy puppy.

Read More
Helpful Nmap Notes
Share this