Sign in Subscribe

Helpful Nmap Notes

Mike

1 min read

Nmap can take script arguments in a fashon such as the following

nmap -Pn -sU -sS --script "rdp-ntlm-info,smb* and not smb-brute and not smb-flood and not smb-psexec and not smb-enum-shares" -T4 -p U:137,U:138,T:137,T:139,T:445,T:3389 192.168.1.30

Note in particular the --script argument, contained within quotes, accepts wildcards and logical functions such as "and not" (feels similar to BPF to me). In the example above, I wanted to query all the smb information I could. However, I have no interest in brute force, flood, or psexec. Additionally, smb-enum-shares just takes too long.

I'm also using the U: and T: perameters, as well as -sU and -sS, on the port to query specific TCP and UDP ports within the same scan, so that I hit all SMB related ports.

Update: Since the addition of rdp-ntlm-info, I've added it, as well as T:3389 to gather more information.

Sign up for more like this.

Enter your email
Subscribe