I have been doing lots of InfoSec research recently and have been learning quite a bit about nmap (Nmap is an open source security scanner that is used heavily by the pentesting community. Nmap can be used for several types of enumeration including host discovery, OS/version detection, port scanning, and even has its own scripting engine allowing the user to extend its functionality as desired). After reading what I can only describe as the nmap bible (much the explanations provided for individual flags are heavily based on this book) and talking to some professionals I have a very robust nmap recipe for port scanning. sudo nmap --spoof-mac Cisco --data-length 9 \ -f -D 172.168.200.200,RND:5,ME -v -n -O -sS -sV \ -oA /home/rich/metasploit/172.168.1.1 --log-errors \ -append-output -p T:1-1024,1433,2222,2249,7778,8080,9999 \ --randomize-hosts 192.178.1.1 172.168.1.2 Important always run nmap as the root user, running nmap as anything other than the super user with not actually allow you to run a stealth scan on a tcp system because of the layer of abstraction between the regular user and the interface. Also, port scanning is legal in the US, however some of these techniques would be considered intrusive (nearly all of the “aggressive mode” features) so as with all pentesting related things don’t be stupid and only scan what you have permission to scan. Read more: Rich Rines
QR:
QR: