Hooper Labs

Reconnaissance & Port Scanning

======

nmap


Full Port Scan (1-65535)

"-p-"

Service Version Scan

"-sV"

Light Scan

"--top-ports 50 --open"

Ping Sweep

"-sn"

Source Port 53

"--source_port 53"

Send more probes and change ICMP

nmap -sP -PE -PP -PS21,22,23,25,80,113,21339 -PA80,113,443,10042 --source_port 53 -n -T4 -iL ips.list

nc


TCP Netcat Scanning

nc -unvv -w 1 -z <ip> 440-450

UDP Netcat Scanning

nc -nv -u -z -w1 <ip> 160-161

TCP


Shitty Portscanner (Egypt)

for port in {1..1023}; do : 2>/dev/null > "/dev/tcp/192.168.0.1/$port" && echo "$port"; done

Output


Greppable Output (good for multiple hosts)

"-oG scan.grep"

XML Output (viewable in iexplore.exe)

"-oX scan.xml"

UnicornScan (Faster for UDP scans)

unicornscan -m {UT} <ip-address>:1-65535

ARP

arp-scan -l

ARP

netdiscover -i tap0