Re: NMAP Switches, -sS, -sT, etc.

From: admin@vulnerabilityassessment.co.uk
Date: Fri Mar 24 2006 - 04:07:45 EST


('binary' encoding is not supported, stored as-is) Doug,

To save you a bit of typing you can use -p- to specify all 65535 ports to scan. -0 is also not required as the -A switch carries out OS detection and version scanning.

NMAP -vv -A -sS -p- -P0 -oX target.xml www.xxx.yyy.zzz.

I generally use -sS -0 for my initial scan as it is quick and dependant on what results come back i.e. services not detected, I may then opt for a version scan to determine what services are running and not found on the initial scan. It may sound like double the work effort, however, I find a quite assessment of multiple hosts enables me to tailor where I go next.

Hope this helps

Toggmeister

http://www.vulnerabilityassessment.co.uk

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:43 EDT