SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp
SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp
SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Nmap Optimization<br />
– Finding the right balance between speed and false negatives<br />
– Tune your options on a subset of IPs (first /24 of 127.42.0.0/16)<br />
sudo nmap -p 80,443 127.42.0.0/24<br />
sudo nmap -n -PN -p 80,443 -T5 127.42.0.0/24<br />
sudo nmap -n -PN -p 80,443 -T5 --max-retries 0 127.42.0.0/24<br />
sudo nmap -n -PN -p 80,443 --max-rtt-timeout 100 --min-rtt-timeout<br />
25 --initial-rtt-timeout 50 --max-retries 0 127.42.0.0/24<br />
sudo nmap -n -PN -p 80,443 --min-rate 10000 --min-hostgroup 4096<br />
--max-retries 0 127.42.0.0/24<br />
– Now we have a finely tuned scan, lets run on the full /16 subnet<br />
sudo nmap -n -PN -p 80,443 --min-rate 10000 --min-hostgroup 4096<br />
--max-retries 0 --reason -oN /tmp/AllIPs-ports80_443 127.42.0.0/16<br />
sudo nmap -n -PN -sS -sU -p 80,443 -A --max-retries 1 --reason<br />
-oN /tmp/LiveWebServers-Top1000TcpUdpPorts-All 127.42.84.1-5<br />
– Understanding Nmap Scripting Engine (NSE)<br />
ls /usr/share/nmap/scripts | grep -iE “http|html”<br />
Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License<br />
26