Port Scan

Steps

Identify online hosts using Host Discovery techniques.
Save all online hosts to a file. This will be used to only scan machines that are online.
Identify all open ports using the -p- flag.
Gather more detailed information of the open ports by using the -A flag.

Checklist

Check for common ports (21, 22, 23, 80, 445, etc.).
Check the version of running services.
Run Nmap scripts to gather more info or check vulnerabilities of services/applications.
Check for any default logins for FTP, SMB, etc.
Look for common vulnerable services (HTTP, SMB, FTP, etc.).
Check for any valuable information. Carefully review Nmap results.

Nmap

Identify All Open Ports

Make sure you have the file where online targets are saved. In this example we have the following targets: 172.16.1.5, 172.16.1.6, 172.16.1.100

Syntax: nmap -T4 -p- -iL [Filename] -Pn

nmap -T4 -p- -iL hosts.txt -Pn

Detailed Scans

For detailed scans, we will be utilizing the -A flag. This will perform OS detection, service detection, script scanning, and traceroute.

Once you identified all open ports of your target machines, you may then perform a detailed scan for those individual machines. One thing to note, you may also add the -A flag when identifying all ports of the target machines. The downside is that it will take a longer time for the scan to finish.

Syntax: nmap -T4 -p [port1, port2, port3...] -A [IP] -Pn

nmap -T4 -p 53,88,139,389,445 -A 172.16.1.100 -Pn

PreviousHost Discovery NextService Enumeration

Last updated 6 months ago