Difference between revisions of "NetMan - nmap"

From The TinkerNet Wiki
Jump to navigation Jump to search
Line 1: Line 1:
 
*[https://nmap.org/book/man.html Nmap Reference Guide]
 
*[https://nmap.org/book/man.html Nmap Reference Guide]
  
== Some useful nmap scans ==
+
==Some useful nmap scans==
 +
 
 +
=== Using nmap to inventory a network ===
 
The following command with ''nmap'' with ''root'' privilegies (or using ''sudo''):
 
The following command with ''nmap'' with ''root'' privilegies (or using ''sudo''):
 
  
 
<code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort</code>
 
<code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort</code>
 
  
 
results in:
 
results in:
Line 14: Line 14:
 
  server1.company.internal.local => 3C:D9:2B:70:BC:99
 
  server1.company.internal.local => 3C:D9:2B:70:BC:99
 
  ...
 
  ...
 +
Or, a little '''more''' useful:
 +
 +
<code>sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'</code>
 +
 +
(Good luck typing that in by hand...)
 +
 +
Want DNS?:
 +
 +
<code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'</code>
 +
 +
or both name & address?:
 +
 +
<code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'</code>
 +
 +
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.

Revision as of 02:39, 19 December 2020

Some useful nmap scans

Using nmap to inventory a network

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in:

192.168.0.80 => 00:50:56:AF:56:FB
192.168.0.97 => 00:26:73:78:51:42
server1.company.internal.local => 3C:D9:2B:70:BC:99
...

Or, a little more useful:

sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'

(Good luck typing that in by hand...)

Want DNS?:

sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'

or both name & address?:

sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'

But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.