Scaning the web with nmap

Nmap is a very powerful tool to find port, service and operating system used by the server.
From the nmap information we can get a lot of information.
Here I'll show you several ways using nmap, you can combine existing orders in accordance with nmap your creativity ..

Here I will try to scan localhost

root@hack-ngelih:/home/hack# nmap Aggressive -A -v -O

Starting Nmap 4.85BETA7 ( ) at 2009-06-13 10:24 WIT
Failed to resolve given hostname/IP: Aggressive. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Initiating SYN Stealth Scan at 10:24
Scanning localhost ( [1000 ports]
Discovered open port 443/tcp on
Discovered open port 3306/tcp on
Discovered open port 80/tcp on
Discovered open port 21/tcp on
Discovered open port 631/tcp on
Completed SYN Stealth Scan at 10:24, 0.04s elapsed (1000 total ports)
Initiating Service scan at 10:24
Scanning 5 services on localhost (
Completed Service scan at 10:24, 12.22s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against localhost (
NSE: Initiating script scanning.
Initiating NSE at 10:24
Completed NSE at 10:24, 5.08s elapsed
Host localhost ( is up (0.000045s latency).
Interesting ports on localhost (
Not shown: 995 closed ports
21/tcp open ftp ProFTPD 1.3.1
80/tcp open http Apache httpd 2.2.11
|_ html-title: Site doesn't have a title (text/html).
443/tcp open ssl/http Apache httpd 2.2.11
|_ sslv2: server still supports SSLv2
|_ html-title: Site doesn't have a title (text/html).
631/tcp open ipp CUPS 1.3.7
3306/tcp open mysql MySQL 5.1.30
| mysql-info: Protocol: 10
| Version: 5.1.30
| Thread ID: 12
| Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection
| Status: Autocommit
|_ Salt: ~Bm~R][405X
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.27
Uptime guess: 0.149 days (since Sat Jun 13 06:50:30 2009)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Unix

Read data files from: /usr/local/share/nmap
OS and Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 20.26 seconds
Raw packets sent: 1019 (45.598KB) | Rcvd: 2046 (87.120KB)

seen that the port is open is above average command 21,80,443,631,3306 aggressive scan host and to know who uses Linux OS 2.6.x.
The above command is also used for adding a TCP SYN-sS

please expan...

Read More......
Powered by NGELIH