Target Expansion

Specifying Target Hosts and Networks

There is a statement given by Nmap itself,"Everything on the Nmap command-line that isn't an option (or option argument) is treated as a target host specification"

IPv4 Scan & Hostname

Simplest way to specify your target is to specify an IPv4 address or IPv6 address of target you want to scan 

nmap 192.168.0.103

nmap_ip

  • You can specify Hostname

nmap nmap.org //here nmap.org is hostname

List of IP addresses

  • We can also specify list of IP addresses

nmap 192.168.2,4.1,103

here nmap is going to scan following list of IP
192 168.2.1
192.168.2.103
192.168.4.1
192.168.4.103

Range of IP addresses

  • Range of IP address can also be passed in nmap

nmap 192.168.0.103-130

It will scan range of IP addresses

192.168.0.103
192.168.0.104
192.168.0.105
........
........
192.168.0.130

CIDR notations based scanning

  • We can also pass CIDR notations like

nmap 192.168.10.0/29

Here total host will be 8 hosts

192.168.10.0
192.168.10.1
192.168.10.2
............
192.168.10.5
192.168.10.6
192.168.10.7

Verifying your Ranges and IPs

If you are doing pentest of large infrastructure and have multiple ranges of IPs. You may sometime pass wrong IP address which can be really disastrous but Nmap has solution for this problem also. To know whether you are scanning or passing proper range of IP addresses, use -sL which means List Scan. -sL will tell you which IPs are going to be scanned.

nmapsl

What -sl and -n do :
-sl : List scan
-n : Never do DNS resolution

Passing multiple targets in a File

  • We can also pass list of IP address in a file. Suppose you have 5000 IP address to be scanned, so instead of passing all in terminal. You can specify them in a file and pass it to Nmap.

nmap -iL dataisdata/ipfile

nmapfilescan.png

Here
-iL : input file name(Input from List)
ipfile : File with 8 IP address

Excluding Unwanted Scans

  • If you don't want to scan few of the IP address out of your listed IP addresses. You can exclude them using --exclude argument

nmap -iL dataisdata/ipfile --exclude 192.168.0.2-3

nmapexclude You can see that now instead of 8 Ip addresses there are oly 6 IP address because we excluded 2 IP addresses

results matching ""

    No results matching ""