We discussed a lot of theories and important topics in the last few blogs about Nmap. But now let's dig in with Target Specified Commands Section. After the end of this read, you will learn and understand how you can define a single IP or range of IPs or a Domain Name or how to exclude IPs for scanning using Nmap.
First things first, you can use the help command for Nmap by typing nmap -h.
Ways to define IPs and Domain Names:
- As we discussed in Nmap - Working and Basic Commands how to scan a single IP. But if you want to scan the whole network, you can use
- Syntax: nmap <IP>/<net_mask>
- Example: nmap 192.168.0.1/24
- To scan the specific range of IPs, you can use
- Syntax: nmap <IP>-<last_ip>
- Example: Suppose you need to scan only the first 20 IPs in the network which has mask 24. Then, nmap 192.168.1.1-20. This can be anything not necessarily starting from 1. It can be, nmap 192.168.1.29-250. This will scan the IPs starting from 192.168.0.20 to 192.168.0.250.
- To scan via a domain name, you can use
- Syntax: nmap <domain_name> OR nmap <domain>/<mask>
- Example: nmap scanme.nmap.org OR nmap microsoft.com/24
- To scan multiple networks or IPs. You do not need to wait or open multiple tabs for scanning. Write everything in a text file, one host per line, and save it as .txt.
- Example:
- To start scanning, type
nmap -iL scan.txt
- To randomly scan any network or host, type
nmap -iR <no._of_host>
- To exclude one or two hosts from a network, you can add
- Syntax: nmap <IP>/<mask> --exclude <IP> [Use comma(,) to add more host to exclude list]
- Example: nmap 192.168.0.1/24 --exclude 192.168.0.1,192.168.0.20 [This will scan all the IPs in the given range except the two mentions above]
**NOTE - If you want to exclude multiple hosts you can
also use the command --excludefile <filename>. Every
host should be in a new line.
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment