Difference between revisions of "NetMan - nmap"
Line 1: | Line 1: | ||
*[https://nmap.org/book/man.html Nmap Reference Guide] | *[https://nmap.org/book/man.html Nmap Reference Guide] | ||
− | == Some useful nmap scans == | + | ==Some useful nmap scans== |
+ | |||
+ | === Using nmap to inventory a network === | ||
The following command with ''nmap'' with ''root'' privilegies (or using ''sudo''): | The following command with ''nmap'' with ''root'' privilegies (or using ''sudo''): | ||
− | |||
<code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort</code> | <code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort</code> | ||
− | |||
results in: | results in: | ||
Line 14: | Line 14: | ||
server1.company.internal.local => 3C:D9:2B:70:BC:99 | server1.company.internal.local => 3C:D9:2B:70:BC:99 | ||
... | ... | ||
+ | Or, a little '''more''' useful: | ||
+ | |||
+ | <code>sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'</code> | ||
+ | |||
+ | (Good luck typing that in by hand...) | ||
+ | |||
+ | Want DNS?: | ||
+ | |||
+ | <code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'</code> | ||
+ | |||
+ | or both name & address?: | ||
+ | |||
+ | <code>sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'</code> | ||
+ | |||
+ | But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan. |
Revision as of 02:39, 19 December 2020
Some useful nmap scans
Using nmap to inventory a network
The following command with nmap with root privilegies (or using sudo):
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort
results in:
192.168.0.80 => 00:50:56:AF:56:FB 192.168.0.97 => 00:26:73:78:51:42 server1.company.internal.local => 3C:D9:2B:70:BC:99 ...
Or, a little more useful:
sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'
(Good luck typing that in by hand...)
Want DNS?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'
or both name & address?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.