mirror of
https://github.com/LeCoupa/awesome-cheatsheets.git
synced 2026-01-27 13:48:01 -08:00
Adding nmap and snort cheatsheet
This commit is contained in:
Arnaud Charles
122
tools/nmap.sh
Normal file
122
tools/nmap.sh
Normal file
@@ -0,0 +1,122 @@
|
||||
##############################################################################
|
||||
# NMAP TARGET DEFINITION
|
||||
##############################################################################
|
||||
|
||||
nmap 10.10.10.1 # Scan one IP
|
||||
nmap 10.10.10.1 10.10.10.2 # Scan multiple IPs
|
||||
nmap 10.10.10.10-254 # Scan an IP range
|
||||
nmap domain.example.com # Scan a domain
|
||||
nmap 192.168.1.0/24 # Scan using CIDR
|
||||
nmap -iL list.txt # Scan targets from the file list.txt
|
||||
nmap -iR 10 # Scan 10 hosts randomly
|
||||
nmap –exclude 10.10.10.1 # Scan but exclude one IP
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP SCANNING MODES
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1 -sS # TCP SYN port scan
|
||||
nmap 10.10.10.1 -sT # TCP connect port scan
|
||||
nmap 10.10.10.1 -sU # UDP scan
|
||||
nmap 10.10.10.1 -sA # TCP ACK port scan
|
||||
nmap 10.10.10.1 -sW # TCP Window port scan
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP HOST SCAN
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1-3 -sL # List targets only
|
||||
nmap 10.10.10.1/24 -sn # Host discovery only.
|
||||
nmap 10.10.10.1-5 -Pn # Port scan only.
|
||||
nmap 10.10.10.1-5 -PS22-25,80 # TCP SYN discovery on port 22 to 25 and 80.
|
||||
nmap 10.10.10.1-5 -PA22,443 # TCP ACK discovery on port 22 and 443.
|
||||
nmap 10.10.10.1-5 -PU53 # UDP discovery on port 53.
|
||||
nmap 10.10.10.1-1/24 -PR # ARP discovery
|
||||
nmap 10.10.10.1 -n # No DNS resolution
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP PORT SCAN
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1 -p 22 # Scan port 22
|
||||
nmap 10.10.10.1 -p 22-80 # Scan a port range
|
||||
nmap 10.10.10.1 -p U:53,T:22-25,80 # Scan multiple ports UDP and TCP
|
||||
nmap 10.10.10.1 -p- # Scan all ports
|
||||
nmap 10.10.10.1 -p http,https # Scan ports based on service name
|
||||
nmap 10.10.10.1 -F # Scan quickly 100 common ports
|
||||
nmap 10.10.10.1 –top-ports 1000 # Scan the top 1000 ports
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP DETECTION
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1 -sV # Attempts to determine the version of the service running on port
|
||||
nmap 10.10.10.1 -sV –version-intensity 8 # Intensity level 0 to 9. Higher number increases possibility of correctness
|
||||
nmap 10.10.10.1 -sV –version-light # Enable light mode. Lower possibility of correctness. Faster
|
||||
nmap 10.10.10.1 -sV –version-all # Enable intensity level 9. Higher possibility of correctness. Slower
|
||||
nmap 10.10.10.1 -A # Enables OS detection, version detection, script scanning, and traceroute
|
||||
nmap 10.10.10.1 -O # Remote OS detection using TCP/IP stack fingerprinting
|
||||
nmap 10.10.10.1 -O –osscan-limit # If at least one open and one closed TCP port are not found it will not try OS detection against host
|
||||
nmap 10.10.10.1 -O –osscan-guess # Makes Nmap guess more aggressively
|
||||
nmap 10.10.10.1 -O –max-os-tries 1 # Set the maximum number x of OS detection tries against a target
|
||||
nmap 10.10.10.1 -A # Enables OS detection, version detection, script scanning, and traceroute
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP EVASION
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1 -T0 # Paranoid (0) Intrusion Detection System evasion
|
||||
nmap 10.10.10.1 -T1 # Sneaky (1) Intrusion Detection System evasion
|
||||
nmap 10.10.10.1 -T2 # Polite (2) Slows down the scan to use less bandwidth and use less target machine resources
|
||||
nmap 10.10.10.1 -T3 # Normal (3) Default speed
|
||||
nmap 10.10.10.1 -T4 # Aggressive (4) Speeds scans
|
||||
nmap 10.10.10.1 -T5 # Insane (5) Extra Speeds scan
|
||||
nmap 10.10.10.1 -f # Requested scan (including ping scans) use tiny fragmented IP packets. Harder for packet filters
|
||||
nmap 10.10.10.1 –mtu 32 # Set your own offset size
|
||||
nmap -D 10.10.10.1,10.10.10.2 # Send scans from multiple IPs
|
||||
nmap -S www.github.com # Scan Github (-e eth0 -Pn may be required)
|
||||
nmap -g 53 10.10.10.1 # Use given source port number
|
||||
nmap –proxies http://myproxy:80 10.10.10.1 # Relay connections through HTTP/SOCKS4 proxies
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP SCRIPTS
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1 –script default # Scan with default NSE scripts.
|
||||
nmap 10.10.10.1 –script=banner # Scan with a single script banner
|
||||
nmap 10.10.10.1 –script=http* # Scan with a wildcard http
|
||||
nmap 10.10.10.1 –script=http,banner # Scan with two scripts http and banner
|
||||
nmap 10.10.10.1 –script “not intrusive” # Scan default, but without intrusive scripts
|
||||
|
||||
|
||||
##############################################################################
|
||||
# NMAP OUTPUT
|
||||
##############################################################################
|
||||
|
||||
|
||||
nmap 10.10.10.1 -oN nmap.file # Normal output to the file nmap.file
|
||||
nmap 10.10.10.1 -oX nmap.file # XML output to the file nmap.file
|
||||
nmap 10.10.10.1 -oG nmap.file # Grepable output to the file nmap.file
|
||||
nmap 10.10.10.1 -oA results # Output in the three major formats at once
|
||||
nmap 10.10.10.1 -oG – # Grepable output to screen. -oN
|
||||
nmap 10.10.10.1 -oN nmap.file –append-output # Append a scan to a previous scan file
|
||||
nmap 10.10.10.1 -v # Increase the verbosity level
|
||||
nmap 10.10.10.1 -vv # Increase more the verbosity level
|
||||
nmap 10.10.10.1 -d # Increase debugging level
|
||||
nmap 10.10.10.1 –reason # Display the reason a port is in a particular state
|
||||
nmap 10.10.10.1 –open # Only show open ports
|
||||
nmap 10.10.10.1 -T4 –packet-trace # Show all packets sent and received
|
||||
nmap –iflist # Shows the host interfaces and routes
|
||||
nmap –resume nmap.file # Resume scanning
|
||||
53
tools/snort.sh
Normal file
53
tools/snort.sh
Normal file
@@ -0,0 +1,53 @@
|
||||
##############################################################################
|
||||
# SNORT SNIFFER MODE
|
||||
##############################################################################
|
||||
|
||||
|
||||
snort -v # Verbose mode
|
||||
snort -e # Display the link layer headers
|
||||
snort -d # Display data payload
|
||||
snort -X # Display full packet details (HEX)
|
||||
snort -eX # Display all packet details
|
||||
snort -v -n 10 # Sniff 'N' number of packets
|
||||
|
||||
|
||||
##############################################################################
|
||||
# SNORT LOGGER MODE
|
||||
##############################################################################
|
||||
|
||||
|
||||
Log path is /var/log/snort
|
||||
|
||||
snort -v -l /home/user/Desktop # Use another log path
|
||||
snort-v -K ASCII # Log in the ASCII format
|
||||
snort -v -r snort.log # Read from snort files
|
||||
snort -v -r snort.log -n 10 # Read 10 packets from snort files
|
||||
snort -v -r snort.log tcp # Filter packets for TCP
|
||||
snort -v -r snort.log ‘udp and port 53’ # Filter packets for DNS (UDP:53)
|
||||
|
||||
|
||||
##############################################################################
|
||||
# SNORT PCAP
|
||||
##############################################################################
|
||||
|
||||
|
||||
snort -c /etc/snort/snort.conf -q -r example.pcap -A console # Processing one PCAP file
|
||||
snort -c /etc/snort/snort.conf -q --pcap-list= "example1.pcap example2.pcap" -A console # Processing some PCAP files
|
||||
snort -c /etc/snort/snort.conf -q --pcap-dir=/home/whereyourpcapis -A console # Processing some PCAP files from a folder
|
||||
snort -c /etc/snort/snort.conf -q --pcap-list="example1.pcap example2.pcap" -A console --pcap-show # Result the processed PCAP files
|
||||
|
||||
|
||||
##############################################################################
|
||||
# SNORT IDS - IPS MODE
|
||||
##############################################################################
|
||||
|
||||
|
||||
snort -c /etc/snort/snort.conf # Use configuration file
|
||||
snort -c /etc/snort/snort.conf -T # Test instance and configuration file
|
||||
snort -c /etc/snort/snort.conf -N # Disable logging
|
||||
snort -c /etc/snort/snort.conf -D # Run snort in background
|
||||
snort -c /etc/snort/snort.conf -v -A none # Alerting in mode "No output"
|
||||
snort -c /etc/snort/snort.conf -v -A console # Alerting in mode "Output console"
|
||||
snort -c /etc/snort/snort.conf -v -A fast # Alerting in mode "Output file resumed"
|
||||
snort -c /etc/snort/snort.conf -v -A full # Alerting in mode "Output file complete"
|
||||
snort -c /etc/snort/rules/local.rules -v -A console # Alerting without config file
|
||||
Reference in New Issue
Block a user