Target Expansion
Specifying Target Hosts and Networks
There is a statement given by Nmap itself,"Everything on the Nmap command-line that isn't an option (or option argument) is treated as a target host specification"
IPv4 Scan & Hostname
Simplest way to specify your target is to specify an IPv4 address or IPv6 address of target you want to scan
nmap 192.168.0.103
- You can specify Hostname
nmap nmap.org
//here nmap.org is hostname
List of IP addresses
- We can also specify list of IP addresses
nmap 192.168.2,4.1,103
here nmap is going to scan following list of IP
192 168.2.1
192.168.2.103
192.168.4.1
192.168.4.103
Range of IP addresses
- Range of IP address can also be passed in nmap
nmap 192.168.0.103-130
It will scan range of IP addresses
192.168.0.103
192.168.0.104
192.168.0.105
........
........
192.168.0.130
CIDR notations based scanning
- We can also pass CIDR notations like
nmap 192.168.10.0/29
Here total host will be 8 hosts
192.168.10.0
192.168.10.1
192.168.10.2
............
192.168.10.5
192.168.10.6
192.168.10.7
Verifying your Ranges and IPs
If you are doing pentest of large infrastructure and have multiple ranges of IPs. You may sometime pass wrong IP address which can be really disastrous but Nmap has solution for this problem also. To know whether you are scanning or passing proper range of IP addresses, use -sL which means List Scan. -sL will tell you which IPs are going to be scanned.
What -sl and -n do :
-sl : List scan
-n : Never do DNS resolution
Passing multiple targets in a File
- We can also pass list of IP address in a file. Suppose you have 5000 IP address to be scanned, so instead of passing all in terminal. You can specify them in a file and pass it to Nmap.
nmap -iL dataisdata/ipfile
Here
-iL : input file name(Input from List)
ipfile : File with 8 IP address
Excluding Unwanted Scans
- If you don't want to scan few of the IP address out of your listed IP addresses. You can exclude them using --exclude argument
nmap -iL dataisdata/ipfile --exclude 192.168.0.2-3
You can see that now instead of 8 Ip addresses there are oly 6 IP address because we excluded 2 IP addresses