Network Mapper (namp)

Guestbook

Scan a single IP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# nmap 192.168.0.90
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-12-19 08:58 HKT
Nmap scan report for 192.168.0.90
Host is up (0.016s latency).
Not shown: 995 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Scan with built-in script

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# nmap -sC 192.168.0.90
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-12-19 08:59 HKT
Nmap scan report for 192.168.0.90
Host is up (0.020s latency).
Not shown: 995 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
|_http-title: IBM HTTP Server
111/tcp  open  rpcbind
| rpcinfo:
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|_  100000  3,4          111/udp6  rpcbind
8080/tcp open  http-proxy
|_http-favicon: Apache Tomcat
|_http-title: Apache Tomcat/10.1.48
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 1.44 seconds

Scan for vulnerability

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# nmap --script vuln 192.168.0.90
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-12-19 08:56 HKT
Nmap scan report for 192.168.0.90
Host is up (0.023s latency).
Not shown: 995 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-internal-ip-disclosure:
|_  Internal IP Leaked: 127.0.0.1
|_http-dombased-xss: Couldn't find any DOM based XSS.
111/tcp  open  rpcbind
8080/tcp open  http-proxy
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|
|     Disclosure date: 2009-09-17
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_      http://ha.ckers.org/slowloris/
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 67.76 seconds

nmap scripts

1
# ls -l /usr/share/nmap/scripts