Customize your nmap command by professionally way
by MrBr - November 19, 2019 at 11:13 AM
#1
[Image: image-15703140685d991754d4f11_Nmap-behind-31c3.png]


Hi,
We gonna speak about how we make nmap command to gain only ips of ververs that have port 3389 (Remote Desktop) opend with some help from another linux commands to filter the results.

What will we use:


  1. Nmap random ip scanning.
  2. Grabbing servers opend 3389 from these ips by 'grep' command.
  3. Grabbing the ip pattern from the whole results by 'awk' command.
I just wanted to collect some windows servers to trying a bug, I had have a script to gets the ips but it's old and no longer works because of some updates of nmap maybe.

I decided to do it manually, so let's begin and see how is it.

1-Nmap ip random scanning with this command:
nmap -iR 0 -p 3389 -oG -

Explaining the command:
-i : ip.
R : Random.
0 : unlimited ips grabbing, you can use 1000 to gain 1000 ip.
-p : port.
-o : save outputs.
G : grepable output.
- : grabbing by '-' , so it's grabs the lines which have '-' sign.

[Image: image-15708961545da1f91a49336_2019-10-09...curity.png]

As you see we have some results but have filtered ports and open ones.

That's why we're going to use 'grep' command to gain only the open ports.

2- 'grep' command: We have to use 'grep' to gain only the lines that have 'open' word, so here it's :

nmap -iR 0 -p 3389 -oG - | grep open

[Image: image-15710458305da441c631c9f_grep.png]

3- 'awk' command: We have to use 'awk' to gain only the ips from each line:

nmap -iR o -p3389 -oG - | grep open | awk  '/Host:/{print $2}'

'awk' like regex , we grabbed every characters between 'Host:' until first space after it.

By this way "awk '/Host:/{print $2}'" we sperated the line to three syllables.

Syllable 1: equivalent '{print $1}' : Host:
Syllable 2: equivalent '{print $2}' : 163.191.16.104
Syllable 3: equivalent '{print $3}' : (wsk107.cv.k12.**.us)

Here is the results:

[Image: image-15710536175da46031dd97a_awk.png]

May you noticed that I'm using results.txt file you can just execute the command above, it takes time till you stop it manual

or you can run it in the background and log the results in txt file and to stop it, just kill the process.

[Image: image-15710542925da462d4819ac_2019-10-14...bruik).png]

To close it :

[Image: image-15710543575da463158376f_2019-10-14...bruik).png]

Then you're going to see the ips only in 3389-ports.txt and that what i wanted, to gain ips list file to try a vulnerability.

That's all, wish you best of luck.
source
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Ebook - Quick Start Guide to Penetration Testing With NMAP OpenVAS and Metasploit maestrojs 4 261 November 02, 2021 at 06:53 PM
Last Post: festival
Some Nmap Course I had lol IAmA1pha 3 205 October 27, 2021 at 01:22 PM
Last Post: mik88
Navigate the command-line like a pro. palmistry 0 131 October 16, 2021 at 08:03 PM
Last Post: palmistry

 Users browsing this thread: 1 Guest(s)