Port Scanning

Basic port scanning commands.

Network Port Scanning Recommendation

Create active host list
1. Scan most used 1000 TCP port
2. Scan most used 100 UDP Port
Deep Scan Active Hosts
1. Scan all TCP ports from active host list with service detection

Create Active Host List

mkdir -p $PROJECT_DIR/scans/nmap
cd $PROJECT_DIR/scans/nmap/

TCP Discovery Scan

sudo nmap -sS --top-ports 1000 -iL $TARGETS -oA Nmap_TCP_1000_$(date +"%b-%d-%Y") -Pn -T4 --host-timeout=24h --max-retries=1 --defeat-rst-ratelimit --open --disable-arp-ping

UDP Discovery Scan

sudo nmap -sU --top-ports 100 -iL $TARGETS -oA Nmap_UDP_100_$(date +"%b-%d-%Y") -Pn -T4 --host-timeout=24h --max-retries=1 --defeat-rst-ratelimit --open --disable-arp-ping
setvar NMAP_UDP_NMAP_OUTPUT Nmap_UDP_100_*.nmap(N:A)
setvar NMAP_UDP_GNMAP_OUTPUT Nmap_UDP_100_*.gnmap(N:A)
setvar NMAP_UDP_XML_OUTPUT Nmap_UDP_100_*.xml(N:A)

Get Active Hosts from Results

cat *.gnmap | grep -E "open/tcp|open/udp" | cut -d " " -f2 | sort -u >> $PROJECT_DIR/active.txt
setvar ACTIVE "$PROJECT_DIR/active.txt"

Deep Scan Active Hosts

sudo nmap -sSV -p 0-65535 -iL $ACTIVE -oA Nmap_TCP_All_$(date +"%b-%d-%Y") -Pn -T4 --host-timeout=24h --max-retries=1 --defeat-rst-ratelimit --open --disable-arp-ping
setvar NMAP_TCP_NMAP_OUTPUT Nmap_TCP_All_*.nmap(N:A)
setvar NMAP_TCP_GNMAP_OUTPUT Nmap_TCP_All_*.gnmap(N:A)
setvar NMAP_TCP_XML_OUTPUT Nmap_TCP_All_*.xml(N:A)

Extra Options

Scheduled Scans

# TCP
at midnight 01/01/26 #(change date)

# Add TCP Scan command using full file paths
# Add UDP Scan command using full file paths

# <CTRL+D> to exit

MassScan

All TCP Scan

sudo masscan --rate=10000 -p- -vv --open-only -iL $TARGETS --output-format grepable --output-filename MassScan_TCP_All_$(date +"%b-%d-%Y").gnmap | tee -a MassScan_TCP_All_$(date +"%b-%d-%Y").log

Top 100 UDP Scan

sudo masscan --rate=10000 -pU:7,U:9,U:17,U:19,U:49,U:53,U:67-69,U:80,U:88,U:111,U:120,U:123,U:135-139,U:158,U:161-162,U:177,U:427,U:443,U:445,U:497,U:500,U:514-515,U:518,U:520,U:593,U:623,U:626,U:631,U:996-999,U:1022-1023,U:1025-1030,U:1433-1434,U:1645-1646,U:1701,U:1718-1719,U:1812-1813,U:1900,U:2000,U:2048-2049,U:2222-2223,U:3283,U:3456,U:3703,U:4444,U:4500,U:5000,U:5060,U:5353,U:5632,U:9200,U:10000,U:17185,U:20031,U:30718,U:31337,U:32768-32769,U:32771,U:32815,U:33281,U:49152-49154,U:49156,U:49181-49182,U:49185-49186,U:49188,U:49190-49194,U:49200-49201,U:65024 -iL $TARGETS --output-format grepable --output-filename MassScan_UDP_100_$(date +"%b-%d-%Y").gnmap | tee -a MassScan_UDP_100_$(date +"%b-%d-%Y").log

PreviousBasic Pentest Recon NextNetwork Listening

Last updated 2 months ago

hashtagNetwork Port Scanning Recommendation

hashtagCreate Active Host List

hashtagTCP Discovery Scan

hashtagUDP Discovery Scan

hashtagGet Active Hosts from Results

hashtagDeep Scan Active Hosts

hashtagExtra Options

hashtagScheduled Scans

hashtagMassScan

hashtagAll TCP Scan

hashtagTop 100 UDP Scan

Network Port Scanning Recommendation

Create Active Host List

TCP Discovery Scan

UDP Discovery Scan

Get Active Hosts from Results

Deep Scan Active Hosts

Extra Options

Scheduled Scans

MassScan

All TCP Scan

Top 100 UDP Scan